How do i put aws s3 credendential to splunk add-on

chris_ops · ‎05-26-2014

HI,

I have installed splunk on my MBA and i have cloudtrail collecting logs and putting it in a s3 bucket.
I have added the add-ons on splunk app management and i arrive to the question how or where do I put my credential for splunk to connect to s3 bucket.

Ex:

splunk -----> s3 bucket

Chris

kg23 · ‎07-25-2014

Splunk should be providing this documentation.

Install Add-on. Restart Splunk
Go to Settings -> Data inputs -> Amazon S3
Select New
Enter resource name (i.e. bucket path)
Example: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv/i-26c25b78
Enter AWS ID and AWS Secret Key
Click Save

I still haven't figured out how to have the S3 add-on look for ALL EC-2 instance logs.

Ex: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv

I have to enter a new data input for each instance. Being in Elastic Beanstalk, instances come and go.

How do i put aws s3 credendential to splunk add-on

Enterprise Security Content Update (ESCU) | New Releases

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update