Troubleshoot Log Collection from AWS Services

This page describes steps to fix problems with the deployment of the CloudFormation stack that sends logs from AWS services to Cisco Cloud Observability.

Verify S3 Bucket Content

The S3 bucket only contains the failed logs (logs which were not sent to Cisco Cloud Observability due to unforseen reasons). To verify the contents of the S3 bucket, follow these steps:

Download the S3 bucket's log file and save it as <S3-bucket-log-filename>.
Run the following command to get the rawData or compressedLogEvents field, whichever is present, from the command output:
```
cat <S3-bucket-log-filename>
```
BASH
Run the following python script and provide the value you got for rawData or compressedLogEvents field as an argument. You should get JSON output containing the logs. Optionally, you can then pipe the output to jq to structure it in a more readable format.
```
import base64
import json
import gzip
import sys

def loadJsonGzipBase64(base64Data):
    return gzip.decompress(base64.b64decode(base64Data))

data = sys.argv[1]
print(loadJsonGzipBase64(data).decode('ascii'))
```
BASH

Advanced Parameters for Our CloudFormation Template

ParameterKey	Description
`EnableRejectedLogsBucket`	Select whether rejected logs s3 bucket should be enabled. Valid values: `"TRUE"`, `"FALSE"`. Default: `"FALSE"`.
`LambdaVersion`	Version of Splunk AppDynamics Lambda functions to be used. This value overrides the default value.
`LambdaSGIds`	List of security group IDs to access Cisco Cloud Observability (for sending logs) if your Tenant is behind a VPC.
`LambdaSubnetIds`	List of subnet IDs to access Cisco Cloud Observability (for sending logs) if your Tenant is behind a VPC.
`MaxFailedLogRetries`	Maximum number of retries for failed log batches. When this number is exceeded, logs go to the "rejected" S3 bucket if `EnableRejectedLogsBucket` is set to `"TRUE"`. Otherwise, those logs are discarded. Valid values: 0-20. Default: 3.
`S3ForwarderIntervalMinutes`	Interval for scheduling AppDS3ForwarderLambda, in minutes.
`S3ForwarderReservedConcurrency`	The maximum number of concurrent instances allocated to the AppDS3ForwarderLambda. No other function can use this concurrency, and AppDS3ForwarderLambda will not exceed this. Increasing this will result in sending the logs in S3 faster to Cisco Cloud Observability. Valid values: `1-100`. Default: `10`.
`TokenRetryInterval`	The token generation fast retry schedule interval, in minutes.

OpenTelemetry™ and Kubernetes® (as applicable) are trademarks of The Linux Foundation®.

Amazon Web Services, the AWS logo, AWS, and any other AWS Marks used in these materials are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.