Troubleshooting AWS App

Similar documents
Manage AWS Services. Cost, Security, Best Practice and Troubleshooting. Principal Software Engineer. September 2017 Washington, DC

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Training on Amazon AWS Cloud Computing. Course Content

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Splunk & Amazon Web Services

AWS Security Monitoring & Compliance ValidaFon From Adobe

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

LINUX, WINDOWS(MCSE),

Splunk Enterprise on the AWS Cloud

MONITORING SERVERLESS ARCHITECTURES

Amazon Web Services Training. Training Topics:

How-to Guide: Tenable Applications for Splunk. Last Revised: August 21, 2018

Network Security & Access Control in AWS

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

Real Time Monitoring Of A Cloud Based Micro Service Architecture Using Splunkcloud And The HTTP Eventcollector

Going Serverless. Building Production Applications Without Managing Infrastructure

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

AWS Solution Architect Associate

Introduction to Cloud Computing

Amazon Search Services. Christoph Schmitter

Serverless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services

Measuring HEC Performance For Fun and Profit

About Intellipaat. About the Course. Why Take This Course?

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

Amazon Web Services (AWS) Training Course Content

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

PRAGMATIC SECURITY AUTOMATION FOR CLOUD

Documentation. This PDF was generated for your convenience. For the latest documentation, always see

Automate best practices and operational health for your AWS resources with Trusted Advisor and AWS Health

Cloud Computing /AWS Course Content

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Integrating Splunk And AWS Lambda

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

AWS Well Architected Framework

Monitoring Docker Containers with Splunk

AWS Storage Gateway. Not your father s hybrid storage. University of Arizona IT Summit October 23, Jay Vagalatos, AWS Solutions Architect

Cloud Computing. Amazon Web Services (AWS)

AWS 101. Patrick Pierson, IonChannel

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS

Getting Started with AWS Security

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

Monitoring Serverless Architectures in AWS

Who done it: Gaining visibility and accountability in the cloud

Additional Security Services on AWS

Okta Identity Cloud Addon for Splunk

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Operational Logging & Compliance in AWS

AWS Certifications. Columbus Amazon Web Services Meetup - February 2018

MOBILE APP FOR ACME INC. by Sean Hull - Cloud Solutions Architect -

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Qualys CloudView v1.x

Certificate of Registration

Software as a Service (SaaS) Quick Start

Best Practices and Better Practices for Users

Diving into AWS Lambda

Designing Fault-Tolerant Applications

Using Splunk Enterprise To Optimize Tailored Long-term Data Retention

Building Apps in the Cloud to reduce costs up to 90%

Hardening AWS Environments. Automating Incident Response. AWS Compromises

Develop and test your Mobile App faster on AWS

RSA NetWitness Platform

AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS

Sichere Netzwerke in der Cloud

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Immersion Day. Getting Started with AWS Lambda. August Rev

Zumobi Brand Integration(Zbi) Platform Architecture Whitepaper Table of Contents

Copyright 2015 Splunk Inc. Smart Splunking. Jeff Champagne, Splunk Kate Engel, Morgan Stanley

Hackproof Your Cloud Responding to 2016 Threats

High School Technology Services myhsts.org Certification Courses

Microservices Architekturen aufbauen, aber wie?

Emulating Lambda to speed up development. Kevin Epstein CTO CorpInfo AWS Premier Partner

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

Containers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture

How to go serverless with AWS Lambda

Building Games with AWS Mobile Services

Atlassian s Journey Into Splunk

Containers and the Evolution of Computing

AWS Lambda in (a bit of) theory and in action. Adam Smolnik

Microservices on AWS. Matthias Jung, Solutions Architect AWS

Amazon CloudWatch. Developer Guide API Version

Wrapp. Powered by AWS EC2 Container Service. Jude D Souza Solutions Wrapp Phone:

CloudHealth. AWS and Azure On-Boarding

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

AWS Practioner Study Guide Content by Jeanne Boyarsky and Janeice DelVecchio

Amazon AWS-DevOps-Engineer-Professional Exam

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

Amazon Web Services Course Outline

Amazon Simple Notification Service. Developer Guide API Version

Understanding Perimeter Security

Cloud Technologies. for Enterprise

Werden Sie ein Teil von Internet der Dinge auf AWS. AWS Enterprise Summit 2015 Dr. Markus Schmidberger -

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Symantec Advanced Threat Protection App for Splunk

Log Analytics with Amazon Elasticsearch Service. Christoph Schmitter

AWS Elemental MediaConvert. User Guide

Transcription:

Troubleshooting AWS App Workshop Splunk Add-on for AWS 4.3+ Kamilo Amir Splunk Cloud Architect

Table of Contents TROUBLESHOOTING SPLUNK APP / ADD-ON FOR AWS 4 PERMISSIONS REVIEW 4 SEARCHES 5 VALIDATE HEC 6 WHERE TO FIND SAVED SEARCHES / LOOKUPS / MACROS / DATA MODELS? 7 Splunk Cloud Troubleshooting AWS App 2

Splunk Cloud Troubleshooting AWS App 3

Troubleshooting Splunk App / Add-on for AWS Permissions Review Searches HEC Validation Saved Search Config Best Practices This lab guide is meant to help you troubleshoot the Splunk Add-on for AWS and determine why you are not receiving data or why panels are not populating. Permissions Review The first place I always check is to make sure that the user or role that Splunk is using to collect the data has the right permissions. Here is the document link to the permissions: http://docs.splunk.com/documentation/addons/released/aws/configureawspermissions Let s start with a search to see if there are any permission issues: index=_internal sourcetype=aws* ERROR Access* If you see these error messages, you might want to check the policy created for Splunk and make sure that it was granted access to the service in question. Splunk Cloud Troubleshooting AWS App 4

Searches Here are some helpful searches to determine if you are seeing any issues with capturing data and why dashboards are not populating (especially the Topology view). Am I getting data? index = main sourcetype=aws* stats count by sourcetype Are my saved searches populating? index=aws_* stats count by index Is there any lag between indexed events and index time? index=main sourcetype=aws:* eval time=_time eval itime=_indextime eval latency=(itime - time) stats count, avg(latency), min(latency), max(latency) by sourcetype Am I seeing errors collecting data from AWS? index=_internal ERROR sourcetype=aws:* stats count by sourcetype Am I getting throttled by AWS? index=_internal sourcetype=aws:* transaction pid tid dedup punct Splunk Cloud Troubleshooting AWS App 5

Validate HEC Test to make sure that your Splunk instance is able to accept HEC requests: Splunk Enterprise curl -k https://<host>:8088/services/collector -H 'Authorization: Splunk <token>' -d '{"sourcetype": "mysourcetype", "event":"hello, World!"} Splunk Cloud curl -k -H "Authorization: Splunk <token>" https://http-inputsmysplunkcloud.example.com:8088/services/collector/even t -d '{"sourcetype": "mysourcetype", "event": "http auth ftw!"} Splunk Cloud Trial curl -k https://input- <trial_name>.cloud.splunk.com:8088/services/collector -H 'Authorization: Splunk <token>' -d '{"event":"hello, World!"}' Splunk Cloud Troubleshooting AWS App 6

Where to find Saved Searches / Lookups / Macros / Data Models? This section is important if you decide to move your AWS data from the main index to a custom index and want the app to continue to work accordingly. The saved searches will allow you to see what data is being summarized from the main index into the appropriate summary index. The Lookups allow you to see where enrichment data is being kept. You can update the tables if necessary. The Macros used in the app to simplify the search commands. If you decide to move your data from the main index, you should modify the appropriate macros to keep the app up-to-date. Saved Searches: http://docs.splunk.com/documentation/aws/5.0.2/installation/savedsearches Lookups: http://docs.splunk.com/documentation/aws/5.0.2/installation/lookups Data Models: http://docs.splunk.com/documentation/aws/5.0.2/installation/datamodels Macros: http://docs.splunk.com/documentation/aws/5.0.2/installation/macros Splunk Cloud Troubleshooting AWS App 7

Best Practices R=Recommended, S=Supported, NA = Not Available AWS service SQS Based S3 Modular Input Kinesis / HEC Generic S3 Billing NA R NA S CloudWatch NA R NA NA (metrics) CloudFront Access R S S S Logs Config R S NA S Config Rules NA R NA NA Description NA R NA NA ELB Access Logs R S S S Inspector NA R NA NA CloudTrail R S NA S S3 Access Logs R S S S VPC Flow Logs NA S R NA http://docs.splunk.com/documentation/addons/released/aws/configureinputs Setting up AWS Services with SQS Based S3 Input This new input allows for the collection of data from CloudTrail and Config as well as any other service that writes to an SNS topic and S3 bucket. It is a stateless input which means that it can be scaled to multiple Heavy Weight Forwarders (HWF) and not have any contention for collecting data from AWS. The only requirement is that you add a dead letter queue to your SQS. Setting up HEC for CloudWatch Logs HTTP Event Collector (HEC) is a great way to push data into Splunk. This data input allows for high volume data to flow into Splunk and not get throttled by AWS API calls or be tied to a single HWF. Splunk Cloud Troubleshooting AWS App 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback