Hello
I don't have any knowledge of aws but I want to collect data in splunk from there.
I have a an aws guy for the aws tasks but I have it difficult to find out whether I am using the wrong add-on in splunk to collect data or the problem is wrong configuration of aws.

So I need to collect CloudWatch Logs and CloudTrail from different aws accounts and the goal is to separate data from different accounts in different indexes in splunk.

1. What is difference between cloudwatch logs and cloudwatch logs VPC in simple language and does these two have difference regarding collecting way (different add on?) of data as when I read different docs , the two are mentioned often but I become confused whether I need to take into consideration something more
2. What is the best way to get CloudWatch Logs to splunk ? Aws app or Kinesis fire.. add on given the above requirement? Currently there has been created some configuration in aws so the data is supposed to be in kinesis stream so I have created input in AWS add-on in splunk (New Input -> Others -> Kinesis) but there is comming only 1event per hour so I am not sure whether is wrong approach.
3. What about the solution regarding CloudTrail to Splunk? Current setup is input from aws add on in splunk but I am not able to choose the iam roles but only the primary account.

Thank you in advance.