Hello splunkers,
Just trying to add appropriate tags and map to data model in ES for AWS log sourcetype -aws:s3:accesslogs
Any one had any luck what data model fits fr this log sources and what types of tag i can add it.
Access logs should always go into the Authentication
datamodel which uses the authentication
tag:
https://docs.splunk.com/Documentation/CIM/latest/User/Authentication