I create a splunk enterprise setup in a aws machine .
I can access it via http://ipv4_address_by_aws:8000
now i want to send zeek index data into elastic .
Now in elasticsearch it ask for URL of Splunk enterprise server , which I hope is http://ipv4_address_by_aws:8000
It asks for REST API username and password which I hope will be as splunk username and password i used during installation.
I can see data in splunk search using this command : index="zeek" source="/opt/zeek/logs/current/dns.log"
but this is not present in elastic after i save all these setting , I get 404 error in almost all logs
how to connect splunk to elastic , also this rest url , username,password is to be filled as i have defined above or any other setting