Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Duplicate events in Splunk from Aws cloud watch

Poojary
New Member
2 weeks ago

I am getting the Duplicate events in Splunk from Aws cloud watch and I am sending data from only one source to the Splunk .
How do I resolve it.

Labels (1)
Labels
0 Karma
Reply

nyc_jason
Splunk Employee
Splunk Employee
2 weeks ago

depending on your method of collection, please see here: https://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureInputs

Note this portion in case you are under this scenerio:

Note: It is a best practice to collect VPC flow logs and CloudWatch logs through Kinesis streams. However, the AWS Kinesis input has the following limitations:

Multiple inputs collecting data from a single stream cause duplicate events in the Splunk platform.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...