Solved: AWS GuardDuty Logs to Splunk Cloud

anandhalagaras1 · ‎04-24-2024

Hi Team,

We actually want to send AWS Guard Duty logs to Splunk Cloud so what is the procedure to get it achieved since earlier we had an option i.e. Amazon GuardDuty Add-on for Splunk (https://splunkbase.splunk.com/app/3790) which is currently archived so do we have any add-on or app to collect the events and onboard the logs to Splunk.

So kindly help to check and update on the same.

deepakc · ‎04-24-2024

It appears the the guardduty logs are collected via cloudwatch which this TA supports (https://splunkbase.splunk.com/app/1876), so this is most likely what you need.

I think the old TA's used ot be seperate and now they have been combined into this one TA.

See the different sourectypes - for you its aws:cloudwatchlogs:guardduty
https://docs.splunk.com/Documentation/AddOns/released/AWS/DataTypes

General info on thie TA
https://docs.splunk.com/Documentation/AddOns/released/AWS/Description

View solution in original post

deepakc · ‎04-24-2024

It appears the the guardduty logs are collected via cloudwatch which this TA supports (https://splunkbase.splunk.com/app/1876), so this is most likely what you need.

I think the old TA's used ot be seperate and now they have been combined into this one TA.

See the different sourectypes - for you its aws:cloudwatchlogs:guardduty
https://docs.splunk.com/Documentation/AddOns/released/AWS/DataTypes

General info on thie TA
https://docs.splunk.com/Documentation/AddOns/released/AWS/Description

AWS GuardDuty Logs to Splunk Cloud

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation