Hi I can't seem to find the sourcetype "aws:elb:accesslogs" in Splunk even though I install the "Splunk Add-On for AWS" plugin. The version is 4.5.0 .
Have you configured your account and access logs input maybe via an S3 to SQS based input?
I have yes. I've already setup the inputs as describe in the documentation. The problem is I can't seem to find the logs anywhere in the index I set or anywhere in Splunk.
1.Did you set up the input as an sqs input or generic s3/etc/?
2.Are you sure the elb is a classic elb or an alb ?
(sourcetype=aws:alb:accesslogs -> will have to be typed into the sourcetype field as not auto-populated)
3. Check your Splunk User Credentials allow you to pull the logs. (IAM USER ON AWS)
4.