Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

AWS cloudwatch logs to splunk on prem

Narendra_Rao
Loves-to-Learn Lots
‎07-31-2025 11:23 AM

We have logs already in CloudWatch. What is the best way to take the logs from cloudwatch to splunk on prem.
We have a vpn established too between them . So based on this any Add ons or other viable solution other than Add ons.
If yes : Any details /steps etc.

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎07-31-2025 11:45 AM

Hi @Narendra_Rao 

There are a number of different ways to get AWS Cloudwatch logs out of AWS into your on-prem environment, ultimately I think this will depend on how where your VPN terminates and which AWS services can connect to it.

I tend to go with using AWS Firehose which sends to your Splunk HEC endpoint - Check out https://aws.amazon.com/blogs/big-data/deliver-decompressed-amazon-cloudwatch-logs-to-amazon-s3-and-s... for more information on this.

Alternatively you can send using AWS Lambda instead of Firehose, this also sends to HEC - Check out https://www.splunk.com/en_us/blog/platform/stream-amazon-cloudwatch-logs-to-splunk-using-aws-lambda.... for more info on this.

There may be others, but ultimately it depends on your connection - do either of these look suitable for your environment? Let me know if you need more info?

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...