How do i put aws s3 credendential to splunk add-on

chris_ops · ‎05-26-2014

HI,

I have installed splunk on my MBA and i have cloudtrail collecting logs and putting it in a s3 bucket.
I have added the add-ons on splunk app management and i arrive to the question how or where do I put my credential for splunk to connect to s3 bucket.

Ex:

splunk -----> s3 bucket

Chris

kg23 · ‎07-25-2014

Splunk should be providing this documentation.

Install Add-on. Restart Splunk
Go to Settings -> Data inputs -> Amazon S3
Select New
Enter resource name (i.e. bucket path)
Example: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv/i-26c25b78
Enter AWS ID and AWS Secret Key
Click Save

I still haven't figured out how to have the S3 add-on look for ALL EC-2 instance logs.

Ex: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv

I have to enter a new data input for each instance. Being in Elastic Beanstalk, instances come and go.

How do i put aws s3 credendential to splunk add-on

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Are you a member of the Splunk Community?

How do i put aws s3 credendential to splunk add-on

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25