Hi @LegalPrime If you want to ingest custom logs other than the natively supported AWS log types, you must set s3_file_decoder = CustomLogs. This setting lets you ingest custom logs into the Splunk platform instance, but it does not parse the data. To process custom logs into meaningful events, you need to perform additional configurations in props.conf and transforms.conf to parse the collected data to meet your specific requirements.
For more information on these settings, see /README/inputs.conf.spec under your add-on directory. https://docs.splunk.com/Documentation/AddOns/released/AWS/SQS-basedS3 Hope this helps!
... View more