After installing and configuring the CWS add-on, I'm able to see the logs in Splunk, but the collection interval seems to be every hour. Is there a way to change it so it occurs more frequently?
In the documentation it is stated,
"Sync should begin in a few minutes as the cron job runs in the background and ingests the CWS log data."
But I'm not able to find the cron job
you should be able to copy default/inputs.conf to local/inputs.conf and change the interval value.
you should be able to copy default/inputs.conf to local/inputs.conf and change the interval value.