Thanks a lot for the reply. But how do we manually create a cloudtrail log index.
I consolidated the cloudtrail logs to a file named final.json in the Splunk Server
Created an Index named ( just name) aws-cloudtrail
Under Settings ==> DataInputs==> Selected Files and Directories ==> chose the local final.json file
Selected SourceType and Manual and aws-cloudtrail with Idex Destination Index Field as the newly created one in Step 2.
So Basically I have two types of DataInputs
1. One via Files and Directories
2. Other Via CloudTrail
Both use the newly manually created destination Index created in step 2.
I can see the indexed data in summary , but still not luck through Dashboard.
Thanks!
... View more