Hi,
After a great .conf 2017, I decided to install the Splunk App for AWS and the associated AWS TA and I am having issues with getting Change Notifications into Splunk.
I think they are supported, at least according to this page: https://docs.splunk.com/Documentation/AddOns/released/AWS/Config but the handler.py for the ConfigNoticeParser has the following:
> _UNSUPPORTED_MESSAGE_TYPE = [> 'ConfigurationItemChangeNotification',> 'ConfigurationSnapshotDeliveryStarted',> 'ComplianceChangeNotification',> 'ConfigRulesEvaluationStarted',> ]
In addition the overview dashboard has 0 configuration changes. I am reasonably certain that I am outputting Change notifications for the Config service, and that the configuration in AWS is for the right region, and includes all Supported resources, and global resources.
Am I doing something wrong?
PS, Splunk AWS app in general is great :)
↧