All Apps and Add-ons

How do i put aws s3 credendential to splunk add-on

chris_ops
New Member

HI,

I have installed splunk on my MBA and i have cloudtrail collecting logs and putting it in a s3 bucket.
I have added the add-ons on splunk app management and i arrive to the question how or where do I put my credential for splunk to connect to s3 bucket.

Ex:

splunk -----> s3 bucket

  • Chris
0 Karma

kg23
New Member

Splunk should be providing this documentation.

  • Install Add-on. Restart Splunk
  • Go to Settings -> Data inputs -> Amazon S3
  • Select New
  • Enter resource name (i.e. bucket path)
  • Example: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv/i-26c25b78
  • Enter AWS ID and AWS Secret Key
  • Click Save

I still haven't figured out how to have the S3 add-on look for ALL EC-2 instance logs.

Ex: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv

I have to enter a new data input for each instance. Being in Elastic Beanstalk, instances come and go.

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...