I have installed the Splunk App for AWS, but when I try to configure vpc flow logs, it is not listing all the log groups. Instead, it is only showing a few log groups that start with /aws/lambda/XXXX . Why am not able to list all the log groups?
Splunk version = 6.4.1
Splunk Add-on for Amazon Web Services version = 4.0.0
Splunk App for AWS = 4.2.0
Manual configuration tried:
aws_cloudwatch_logs_tasks.conf
[xxx-Cloudwatch Logs]
account = xxx-xxxx
delay = 1800
groups = xxx-log-group-name
index = default
interval = 600
only_after = 1970-01-01T00:00:00
region = us-east-1
sourcetype = aws:cloudwatchlogs:vpcflow
stream_matcher = .*
... View more