CB Response Cloud: No Longer Receiving Logs In Splunk That Are Being Forwarded To An S3 Bucket
search cancel

CB Response Cloud: No Longer Receiving Logs In Splunk That Are Being Forwarded To An S3 Bucket

book

Article ID: 287186

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • No longer receiving logs in Splunk that are being forwarded to an S3 bucket.
  • Error occurs when attempting to add account for S3 bucket into AWS add-on for Splunk.
  • Restarting Event Forwarder service on CB Response Cloud instance does not resolve error.

Environment

  • CB Response Cloud: All Versions
  • Splunk: All Supported Versions

Cause

Incorrect system time on Splunk receiver.

Resolution

Install and configure Network Time Protocol on the Splunk receiver.
Powered by Wolken Software