All Apps and Add-ons

How do i put aws s3 credendential to splunk add-on

chris_ops
New Member

HI,

I have installed splunk on my MBA and i have cloudtrail collecting logs and putting it in a s3 bucket.
I have added the add-ons on splunk app management and i arrive to the question how or where do I put my credential for splunk to connect to s3 bucket.

Ex:

splunk -----> s3 bucket

  • Chris
0 Karma

kg23
New Member

Splunk should be providing this documentation.

  • Install Add-on. Restart Splunk
  • Go to Settings -> Data inputs -> Amazon S3
  • Select New
  • Enter resource name (i.e. bucket path)
  • Example: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv/i-26c25b78
  • Enter AWS ID and AWS Secret Key
  • Click Save

I still haven't figured out how to have the S3 add-on look for ALL EC-2 instance logs.

Ex: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv

I have to enter a new data input for each instance. Being in Elastic Beanstalk, instances come and go.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 1 release of new security content via the ...

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...