All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Amazon Web Services. Why am I unable to get Cloudwatch in Splunk?

wstallwood
New Member
‎08-03-2015 01:52 PM

Hi

I have tried to follow the setup guide for creating inputs and cloudtrail and was-config are working great now. However, I cannot get any data into Splunk from cloudwatch. Usual suspects such as IAM permissions etc are all verified (and working for the other services)

index = _internal source=*aws_cloudwatch*

Just shows repeated messages of....

2015-08-03 21:42:01,743 INFO pid=20635 tid=MainThread file=aws_cloudwatch.py:stream_events:978 | query work queued = 0, deferred = 0 , scan_time = 0.000s

I suspect my config around metric_dimensions isn't quite right, but the docs are a little vague on this. I wanted to capture information from any instance in my (small) account, but even setting to a specific Instance ID, I still get no data and my cloudwatch index is reported as empty. (config below)

It's driving me mad now and although I can find a few people reporting the same problem, I can't see any posted answers.

Any help appreciated.

[aws_cloudwatch]
aws_account = xxxxxxxxxxxxxxx
aws_region = eu-west-1
metric_namespace = AWS/EC2
metric_names = ["CPUUtilization","DiskReadOps","StatusCheckFailed_System"]
metric_dimensions = [{"InstanceId":"i-e42a8aa9", "Region":"eu-west-1"}]
statistics = ["Average","Maximum","Minimum","Sum"]
period = 60
polling_interval = 60
sourcetype = aws:cloudwatch
queueSize = 128KB
persistentQueueSize = 24MB
interval = 30
index = aws-cloudwatch
0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎09-26-2015 01:53 PM

that log says it's getting into the queue okay, but not finding anything there. Can you look at the queue from Amazon's management page and see if there are messages?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...