Thanks a lot for sharing this knowledge on youtube. You share the best Splunk tutorial videos which are much better than any other tutorials I have viewed, big fan sir
Just one of the those videos I needed to help me understand Splunk integration to AWS. Thanks for the detail explanation. Would be checking from this channel. Great job!
I think S3 will be useful when you have multiple AWS region cloudtrail data.If you have multiple AWS regions from which you want to gather CloudTrail data, the Amazon Web Services best practice is that you configure a trail that applies to all regions in the AWS partition in which you are working. You can then set up one CloudTrail input to collect data from the centralized S3 bucket where log files from all the regions are stored. In this video I just discussed the basic way of ingesting cloudtrail data. In future I will be covering S3 as well.
Pretty Good Step-by-Step process. Quick question. I have an AWS environment with CloudTrail and CloudWatch Enabled. I can use this process and steps to ingest CloudTrail logs into Splunk. How about ingest CloudWatch logs into Splunk. What is the process? . Also, where do i install the Splunk Add-On for AWS installer. On a EC2 Linux instance in my AWS or on a On-Prem Windows/Linux server? My Splunk setup is currently on a Azure environment . I need to take the logs from AWS into the Splunk in Azure
For cloudwatch it will be similar, please have a look at the below link, docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs You need to install this addon in your splunk environment, on Heavy forwader to be specific.
hello sir i searches out for one policy containing permission for all inputs its not showing in the docs i think splunk docs is updated so kindly give path for that
It looks like splunk have removed that page from the documentation - I have just experienced this very same issue - docs.splunk.com/Documentation/AddOns/latest/AWS/Permissions
Hi Sir..when i installed this addon on splunk only the loading process is going on..its taking too much time and after that also didn’t show the tabs inputs ,configuration..what needs to be done then? Pls help
You can index the RDS data in Splunk, then Forward it to Phantom using Splunk Phantom Add-on, community.splunk.com/t5/Archive/AWS-Database-logs-to-Splunk/m-p/430343 th-cam.com/video/K2VfKolT6F4/w-d-xo.html th-cam.com/video/8u4Uqu8e10c/w-d-xo.html th-cam.com/video/FiqvoPTQfdw/w-d-xo.html
how do I configure Splunk add on AWS on the indexer cluster, and i don't have WebUI open on indexers. I am getting errors in spite of giving correct details in inputs.conf, passwords.conf. splunklib.binding.HTTPError: HTTP 500 Internal Server Error -- b'{"messages":[{"type":"ERROR","text":"Cannot call handler \'splunk_ta_aws_settings_proxy\' due to missing script \'aws_proxy_settings_rh.py\'."}]}' 2022-06-19 20:29:38,885 level=INFO pid=30634 tid=MainThread logger=splunksdc.collector pos=collector.py:run:270 | | message="Modular input exited."
Thanks a lot for sharing this knowledge on youtube. You share the best Splunk tutorial videos which are much better than any other tutorials I have viewed, big fan sir
Just one of the those videos I needed to help me understand Splunk integration to AWS. Thanks for the detail explanation. Would be checking from this channel. Great job!
Your videos is very helpful especially for splunk developers.... ☺️☺️
Thank you 🙏
Thanks Sir ...Very Useful.....
1000 Times Thanks Again
Thanks a lot. This was really helpful
this video is great, I finally got it working on Splunk 8.2. Could you create a very in depth troubleshooting series?
Nice video, thank you sir.
As usual The Best..
Awesome video Sid da
Thank you bhai :)
Many thanks for sharing. Do you have one explaining how to configure cloud watch events? tks
Hi Sid, your videos and step-by-step procedures are helpful. How may I contact you personally? Thx
Wondering if splunk supports oidc Auth for aws ? So that I don’t have to worry about access key and secret access key.
Where do the indexes come from that are pre-populated in the app? Is it reading what's on the indexers?
Hi Sid, thanks for the tutorial. Very much useful. Can you tell me what is the advantage of taking the SNS and SQS method over using the S3 bucket
I think S3 will be useful when you have multiple AWS region cloudtrail data.If you have multiple AWS regions from which you want to gather CloudTrail data, the Amazon Web Services best practice is that you configure a trail that applies to all regions in the AWS partition in which you are working. You can then set up one CloudTrail input to collect data from the centralized S3 bucket where log files from all the regions are stored.
In this video I just discussed the basic way of ingesting cloudtrail data. In future I will be covering S3 as well.
Pretty Good Step-by-Step process. Quick question. I have an AWS environment with CloudTrail and CloudWatch Enabled. I can use this process and steps to ingest CloudTrail logs into Splunk. How about ingest CloudWatch logs into Splunk. What is the process? . Also, where do i install the Splunk Add-On for AWS installer. On a EC2 Linux instance in my AWS or on a On-Prem Windows/Linux server? My Splunk setup is currently on a Azure environment . I need to take the logs from AWS into the Splunk in Azure
For cloudwatch it will be similar, please have a look at the below link,
docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs
You need to install this addon in your splunk environment, on Heavy forwader to be specific.
Hi I'm using sqs based S3 method and my hf is using proxy setup .
Getting error sns signature validation failed
How to restrict access to S3 Bucket only to splunk cloud instance so that no one else can access it?
how can we add the ec2 server logs to splunk
hello sir i searches out for one policy containing permission for all inputs its not showing in the docs i think splunk docs is updated so kindly give path for that
It looks like splunk have removed that page from the documentation - I have just experienced this very same issue - docs.splunk.com/Documentation/AddOns/latest/AWS/Permissions
Hi Sir..when i installed this addon on splunk only the loading process is going on..its taking too much time and after that also didn’t show the tabs inputs ,configuration..what needs to be done then? Pls help
And my splunk instance is also 8.0.3 and as this add on not showing any of its tab my splunk instance is also going down bcz of that
Hi Divya,
What is the version of the add-on you downloaded? For Splunk 8 it needs to be version 5 and above.
need s3 storage to splunk integration video
I want to get data from AWS RDS (mysql) to phantom. Can someone help me with this.
You can index the RDS data in Splunk, then Forward it to Phantom using Splunk Phantom Add-on,
community.splunk.com/t5/Archive/AWS-Database-logs-to-Splunk/m-p/430343
th-cam.com/video/K2VfKolT6F4/w-d-xo.html
th-cam.com/video/8u4Uqu8e10c/w-d-xo.html
th-cam.com/video/FiqvoPTQfdw/w-d-xo.html
I have followed all steps through two times and no events have indexed
Can you see in _internal index... If any errors are showing up.
how do I configure Splunk add on AWS on the indexer cluster, and i don't have WebUI open on indexers. I am getting errors in spite of giving correct details in inputs.conf, passwords.conf.
splunklib.binding.HTTPError: HTTP 500 Internal Server Error -- b'{"messages":[{"type":"ERROR","text":"Cannot call handler \'splunk_ta_aws_settings_proxy\' due to missing script \'aws_proxy_settings_rh.py\'."}]}'
2022-06-19 20:29:38,885 level=INFO pid=30634 tid=MainThread logger=splunksdc.collector pos=collector.py:run:270 | | message="Modular input exited."