what is the smart way to collect cloud watch logs ...

Splunk Search

Hi teachers,

I try to collect OS event logs in EC2 instance by using Cloudwatch logs, and archive into S3 Bucket by lambda.
S3 Bucket path is like a below image,

Amazon S3 bucket
- Server1_Linux_Secure_logs
- Server2_Linux_Secure_logs
- Server1_Windows_Security_Event_Logs
- FW_traffic_logs

I was considered that to use "Splunk Add-on for Amazon Web Services" setting.
And it seems Generic S3 input config can set sourcetype and S3 bucket path by each log source.
BTW SQS-based S3 is more scalable and recommend by admin guide.
https://docs.splunk.com/Documentation/AddOns/released/AWS/S3

But SQS-based S3 settings seems that it can not separate sourcetype and S3 bucket path.

What is the smart way to collect each data from each S3 bucket?

Thanks,
Satoshi

Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now! In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...