Solved: Heroku Syslog Drain to Splunk Indexer on AWS

simplebob · ‎09-21-2014

I'm trying to follow these instructions on the blog but failing miserably: http://blogs.splunk.com/2014/09/14/splunking-heroku/

I have configured my index to receive data via port 9997 and have set a syslog drain on Heroku pointing to my indexers AWS public IP: syslog://:9997

My indexer sits on an AWS EC2 instance. Security groups allow for inbound traffic on 9997.

Looking at the instructions it reads:

Using AWS? When you use EC2 security
groups, the hostname used when you add
the drain must resolve to the 10/8
private IP address of your instance
(which must be in the us-east Amazon
region). If you use the EC2 public IP
address, or a name that resolves to
the public IP address, then logplex
will not be able to connect to your
drain.

But how can I get the 10/8 private IP of my instance?

himynamesdave · ‎09-24-2014

Have you implemented any custom config on your instance. If you have installed default Splunk will bind to 0.0.0.0 (all available IPs).

I suspect there could be some conflict on the port. What if you try "data inputs" > "new" > "tcp" > "port:514"?

View solution in original post

himynamesdave · ‎09-24-2014

Have you implemented any custom config on your instance. If you have installed default Splunk will bind to 0.0.0.0 (all available IPs).

I suspect there could be some conflict on the port. What if you try "data inputs" > "new" > "tcp" > "port:514"?

Heroku Syslog Drain to Splunk Indexer on AWS

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!