Version

Cb Cloud Response 5.x

Topic

When integrating AWS Splunk to Cb Cloud Response gets error "No option found for S3 bucket" error (screenshot below).

This article shows how to address the error.

Steps

These are Splunk instructions to create a new S3 bucket: http://docs.splunk.com/Documentation/AWS/latest/Installation/S3

Add a new S3 input :

1. In the app, click Configure in the app navigation bar.

2. Under Data Sources, in the S3 box, click New Input.

3. Select the friendly name of the AWS Account that you want to use to collect S3 data. If you have not yet configured the account you need, click Add New Account to configure one now.

4. Under S3 Bucket, select an S3 bucket from which you want to collect data.

5. Under Folder/File name, select either /, which collects all folders and files in the bucket, or a specific folder or file to index. If your S3 bucket has too many folders and files to list in the drop-down, the screen prompts you to filter using a partial name to help you find the folder or file you want.

6. Enter a Source type for the input. Select Custom Data Type > Generic S3

7. (Recommended) Configure a custom Index for this data.

8. (Optional) Open the Advanced Settings section to configure a collection interval. This interval specifies how often the app should run the collection job. The default is 1800 seconds, or 30 minutes.

9. Click Add to save and enable this data input.

------------------

The site is provided with this key data from Cb Cloud similar to this:

AWS Account:           cbguy-kicker-reality-syslog

S3 Host Name:          s3.my-aws.com

S3 Bucket:                cbguy-kicker-reality-syslog

NOTE that the  S3 Bucket name to be specified is the same as the AWS account.

When creating the S3 Bucket, users often see this AWS error:

If you do see this error, simply ignore it and continue to fill in the S3 Bucket value,

which is the same as the AWS Account value.