CloudWatch Log Details in Splunk Insights for Infrastructure



I am just starting out with Splunk Insights for Infrastructure and after reading what I can find out there on the CLoudWatch log collection specific to Insights, I am not seeing the configured CloudWatch logs show up in the application. I can see the log streams being parsed and identified in the log files on my Splunk host, but in the user interface all I ever really see is a count of events that show against the aws:cloudwatchlogs:log dimension on the splunk host itself. Is that all the data that Insights gathers? I am not sure if I am missing something or not and I haven't been able to find validation in the docs or videos out there. How should this look once discovered and what can be done with these details?

All log file analysis on the splunk host looks to be OK as I am seeing the log streams in my CloudWatch logs interate and discover and I am not seeing any "errors" in the splunktaawscloudwatchlogs.log related to my Log Groups.

I have also read some posts where it seems this functionality is being deprecated? But I am not entirely sure if that is with Enterprise only or if it applies to Insights as well. Feel free to point me to any detailed document showing the discovery process and how to churn what Splunk collects from these logs as well - I just haven't been able to find much in my searched so that is why I am posting here.


0 Karma