All Apps and Add-ons

How do I enable the Cloudtrail Log input?

New Member

After installing SplunkAppForAWS and restarting splunk the new input does not appear in the available inputs for Splunk 6.0.

I've already filled in the etc/apps/SplunkAppforAWS/local/aws.conf with the correct credentials, but still am not able to add a Cloudtrail input.

Tags (1)
0 Karma


Have you followed directions in the USAGE.txt in the root dir?

I'm stuck at:

*** Usage of script ****

Reformat and verify CloudTrail file data to a stream format for Splunk. Usage examples:

gzcat f1.json.gz file2.json.gz file3.json.gz ... | %prog [options] > newfile.json

or if files have already been uncompressed:

cat f1.json f2.json ... | %prog [options] > newfile.json

The resulting output file can then be indexed into Splunk, for example:

splunk add oneshot newfile.json -sourcetype aws-cloudtrail -index aws-cloudtrail

Not being familiar with python doesn't help .....

0 Karma