- Más nuevo
- Más votos
- Más comentarios
Hi, and thanks for reaching out!
There may be one of a couple things happening here:
-
You can verify if the subscription filter is failing or succeeding in sending log events to the subscription filter destination by checking the CloudWatch Logs metric for the log group. If you see DeliveryErrors metric data for the Lambda's log group, it indicates that CloudWatch Logs is attempting to send data to the destination, but failing to do so, usually due to a permissions issue.
-
Double check that the subscription filter pattern matches against log events you wish to send to the subscription destination.
-
Ensure that the IAM role being used for the subscription filter has appropriate trust policy and permissions policy statements to allow the "logs.<region>.amazonaws.com" service to assume the role and send data to the destination Kinesis Firehose (as seen in Step 8 here).
-
Ensure that the Firehose role has an appropriate trust policy and permissions policy to allow the firehose service to assume the role, and for it to perform appropriate actions in sending to Splunk
-
If utilizing the Amazon Kinesis Firehose Splunk Add-on, you can verify the Splunk configuration items per the Splunk documentation.
If these all seem in order, I would recommend opening a case in the AWS Support Center and working with an available engineer to provide further visibility on your resources and track down any other issues with the integration.
Contenido relevante
- OFICIAL DE AWSActualizada hace 8 meses
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años