- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: AWS billing bucket conflict
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS billing bucket conflict
I am trying to get the AWS app working, and I'm finding the "documentation" to be... delphic.
For the billing aspect - When I manually run the get_bill.py script, it returns:
[root@host local]# $SPLUNK_HOME/bin/splunk cmd $SPLUNK_HOME/etc/apps/SplunkAppforAWS/bin/get_bill.py
Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkAppforAWS/bin/get_bill.py", line 45, in <module>
a = conn.create_bucket(s3bucket1)
File "/opt/splunk/etc/apps/SplunkAppforAWS/bin/boto/s3/connection.py", line 499, in create_bucket
response.status, response.reason, body)
boto.exception.S3CreateError: S3CreateError: 409 Conflict
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>BucketAlreadyOwnedByYou</Code><Message>Your previous request to create the named bucket succeeded and you already own it.</Message><BucketName>billbucket</BucketName><RequestId>XXXXXXEDFB3E00AB</RequestId><HostId>XXXXXXxXOBGQyAP5Qpj1qIgXXXXXO+kJ0bk6hU7Wo7/F1uZZVvXXXXXXhi5+uHpUYzza9</HostId></Error>
My s3 bucket exists, is named in lowercase, and contains billing csv files that match the regex in the script. (As an aside, it's puzzling that a script which intends to gather and parse CSV files would attempt to create an S3 bucket, but there it is.)
How do I make this work?
Environment: Splunk 6.0.1 (build 189883) on CentOS release 6.5 (Final), and no luck with Windows 2008R2, either.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, I solved my problem, but I'm still puzzled by the original design, and I've learned an important lesson: Don't deliver "Community Supported" Splunk apps to your executives.
I have an existing S3 bucket where billing data is being delivered (the data is being consumed by other parties, and so cannot be moved). The "get_bill.py" script delivered from Splunkbase tries to create a new bucket, and this was colliding with my existing bucket. The fix is to change the boto call from create to get on line 45 of get_bill.py:
a = conn.create_bucket(s3bucket1)
becomes
a = conn.get_bucket(s3bucket1)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I cannot agree more on the "delivering to executives" statement!
I'm still struggling with the configuration and still getting errors. I'm stuck at line 41 🙂
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
