I'm trying to fetch the logs to Splunk from AWS Cloudtrail using Splunk Addon for AWS. When I checked the s3 bucket size it shows only 2GB data. But if I enable the Cloudtrail input in Addon, the Splunk index is consuming over 3 or 4 GB. My configuration is correct in the addon input and I'm only getting the logs in Splunk from the data range that I specified in the addon. Is this something related to the compression of data in AWS and Splunk are different. Please help to resolve this.
... View more