AWS Bucket need historical logs to run overwatch

[mohanbaabu1996]

"Exception: Audit Logs Module Failure: Audit logs are required to use Overwatch and no data was found in the following locations:"

Following error occurred due to no historical log in the bucket. Overwatch required atleast one day historical load to run. Above information need to be added in the documentation.

[GeekSheikh]

@mohanbaabu1996 -- Did you have an idea of where you wanted this included in the docs?

[mohanbaabu1996]

This is appropriate for both AWS and Azure, however we can add it under AWS Environment setup because we have addressed event hubs in Azure.

[GeekSheikh]

@mohanbaabu1996 can you verify that this is done?

[mohanbaabu1996]

@GeekSheikh We indicated on the AWS Setup page that audit and cluster logs should be checked before deploying overwatch. However, we did not specify that some historical data should be available in the audit bucket.

[kennes913]

@mohanbaabu1996 , I'm running into this issue as well and I'm wondering if 1 day means one s3 subpath partition or is it 1 day of audit logs (i.e. I start audit logs mid day yesterday and have to wait a full 24 hours)?

[mohanbaabu1996]

@kennes913 You need to have atleast one day audit logs to run overwatch. For example, S3 audit path looks like s3a:////workspaceId=********/date=2022--/

[kennes913]

@mohanbaabu1996, I have several days worth of audit logs and this is still not working. I know I must be missing something obvious. Is it possible that the audit logs path has to be in the same bucket as the root storage bucket?

[mohanbaabu1996]

@kennes913 Anusha is helping you in #564 , she will connect with you to resolve this. Thanks!