...ave created input in AWSadd-on in splunk (New Input -> Others -> Kinesis) but there is comming only 1event per hour so I am not sure whether is wrong approach.
What about the solution r...
...loud instance
- Need to ingest AWSCloudtrail logs (preferably using the "AWSAdd-on" appand configure a SQS-Based S3 input)
- Need to filter out the majority of Cloudtrail events before they hit the...
Curious on the instructions to Deploy theAWSSplunkApp in a clustered environment? We have 1 Master, 1 Searchhead, 2 Indexers, 2 forwarders. I dont think i missed it, but I did not see best p...
Hello, I'm looking to change our indexing architecture We have dozens of AWSaccounts. We use theSplunkAWSapp to ingest the data from a SQS queue. Currently, we have a single SQS-based input t...
Hello,
I have installed theSplunkAppforAWS. Billing and instance data are successfully being generated. I am looking to pull data from Cloudtrail next. After installation, the data inputforAWS...
Hi, I'm trying to configure "custom Data Type" > SQS input in Splunkadd-on forAWSapp to onboard data from an AWSaccount. is it possible to create the SQS input using IAM role instead of a...
Hi, I am using splunk cloud and I need to disable some indexes temporarily. I am using AWSadd-on app to ship AWSALB logs from an S3 bucket. My daily ingestion data is going beyond the l...
I'm using Splunk 6 with theSplunkforAWSappand trying to configure it to show CloudTrail data. I've created the SNS topic and SQS queue and can see messages in the queue but nothing is coming o...
Hi Folks, I tried to configure theawsadd-on on my subscription but I received this error forcloudtrail log. message="Failed to download file" Splunk Version=8.2.0 Input type=SQS-Based S3 Aws...
...I'm trying to set up the more recommended way, now that my Splunk Search Head / Indexer is hosted at AWS. SO, I set up a Universal Forwarder on an Ubuntu Server on the same network as my Panorama i...