I have installed Splunk add on for AWS and created the inputs, which have a listed source type. However, when I try to search that source type, nothing comes up for the source. How can I fix this?
Sourcetype is only one factor for finding indexed data. You also must look in the right index(es) and in the right time window.
The AWS input should have specified an index name for the data. If it doesn't then change it to do so. You'll use that name to search for the data. An input without an index specified will put data into the Last Chance index (usually "main" on-prem or "lastchanceindex" in Splunk Cloud). If you search without specifying an index name then Splunk will search your default indexes (if any), which may or may not include the AWS index.
All Splunk data is time-sequenced. If data is onboarded with the incorrect time then you'll have a difficult time finding it. Verify the sourcetype's TIME_FORMAT and TIME_PREFIX settings match the data being ingested. Expand the time window of your search using earliest=0 latest=+10y to see if the data is coming in with the right timestamps.
Of course, check the logs to make sure there are no errors getting the data from AWS.
index is default for all my inputs and I always start my searches with index=*
It's a Best Practice to send inputs to specific indexes rather than allow them to default.
It's a poor practice to use index=* in a query. Anything other than a dev/test query should use specific index names.
Are the timestamps being extracted correctly?
Have you checked the logs?
nothing is being extracted. How do You check the logs and how else would you suggest I search for what I am looking for?
If nothing is being extracted then either data is not getting from AWS to Splunk or the sourcetype doesn't describe the data well enough for Splunk to extract fields.
Start with splunkd.log to confirm the input is working and to see if there are any problems reported about the input or the data itself. You can view the log with this query (assuming you have access)
index=_internal source=*splunkd.log
data loaded when I put in that search. I don't understand how this relates to my problem though, how do I view the inputs I want?
The query displays Splunk's internal log so you can try to determine why your inputs are not producing data.