All Apps and Add-ons

How do i put aws s3 credendential to splunk add-on

chris_ops
New Member

HI,

I have installed splunk on my MBA and i have cloudtrail collecting logs and putting it in a s3 bucket.
I have added the add-ons on splunk app management and i arrive to the question how or where do I put my credential for splunk to connect to s3 bucket.

Ex:

splunk -----> s3 bucket

  • Chris
0 Karma

kg23
New Member

Splunk should be providing this documentation.

  • Install Add-on. Restart Splunk
  • Go to Settings -> Data inputs -> Amazon S3
  • Select New
  • Enter resource name (i.e. bucket path)
  • Example: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv/i-26c25b78
  • Enter AWS ID and AWS Secret Key
  • Click Save

I still haven't figured out how to have the S3 add-on look for ALL EC-2 instance logs.

Ex: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv

I have to enter a new data input for each instance. Being in Elastic Beanstalk, instances come and go.

0 Karma
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...