HI,
I have installed splunk on my MBA and i have cloudtrail collecting logs and putting it in a s3 bucket.
I have added the add-ons on splunk app management and i arrive to the question how or where do I put my credential for splunk to connect to s3 bucket.
Ex:
splunk -----> s3 bucket
Splunk should be providing this documentation.
I still haven't figured out how to have the S3 add-on look for ALL EC-2 instance logs.
Ex: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv
I have to enter a new data input for each instance. Being in Elastic Beanstalk, instances come and go.