All Apps and Add-ons
Highlighted

sourcetype tags for aws:s3:accesslogs

Path Finder

Hello splunkers,

Just trying to add appropriate tags and map to data model in ES for AWS log sourcetype -aws:s3:accesslogs
Any one had any luck what data model fits fr this log sources and what types of tag i can add it.

0 Karma
Highlighted

Re: sourcetype tags for aws:s3:accesslogs

Esteemed Legend

Access logs should always go into the Authentication datamodel which uses the authentication tag:
https://docs.splunk.com/Documentation/CIM/latest/User/Authentication

0 Karma