I'm trying to set up monitoring of S3 buckets using the Splunk App/Add-on for AWS, but cannot seem to get actual data into the app. The goal is to have the entire process automated using Cloudformation templates and Puppet manifests so I can't really use the GUI to configure anything.
So far, I have the app & add-on installed on the search head and the add-on installed on the HF. When in the app, I can configure an input - it auto-discovers its IAM role and I can even see all the files in the buckets if I go through the Folder/File Name drop-down - but when I change anything in the buckets that it's monitoring, it still shows there as being no activity.
In my environment, we have a master node, a single search head, 2 indexers in a cluster, and a Heavy Forwarder.
I'd appreciate any advice people have for configuring everything correctly.
↧