This application utilises the aws cli - the user running the splunk process must have the ability to use the aws cli for the account that contains the certificate data to be indexed.
To check - as the user that runs the Splunk process, check that the following command returns results:
aws iam list-server-certificates
This command clearly requires the ability to hit the AWS API - so network access to this endpoint is required. If the command above can run, then the scripted input should work fine.
Developed on Mac, tested on Linux. No Windows support provided.
The application will deploy and run on an "all-in-one" Splunk setup (e.g. a single standalone installation of Splunk Enterprise) without modification.
For distributed setups, the normal distribution of components should apply. The Splunk Packaging toolkit can be used to split out the various components into apps suitable for deployment on a forwarder, indexer and search head:
Manually you can achieve the same by:
You can deploy the same app everywhere but simply disable the scripted input - leaving it enabled only on the server that will talk out to AWS to get the certificate information.
1.0.2 - idelta.co.uk - Edinburgh, UK
* aligned sourcetype name with aws add-on format
* moved all local files to default
1.0.1 - idelta.co.uk - Edinburgh, UK
* fixed typo on field name in dashboard
1.0.0 - idelta.co.uk - Edinburgh, UK
* initial release, functionally complete
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.