Hi @isoutamo  We want to ingest data from from applications hosted in the cloud, we can't use UF, HF since we can't install agents in them. "The Add-ons" mentioned are applications available in Splunk Enterprise UI similar to "Search and Reporting". They help to pull data from AWS S3 logging Accounts (AWS Add-on) and Azure Event Hub (Azure Add-on). My problem is these add-ons pull everything available in the logging accounts which includes logs unrelated to my application. What I want is to filter the logs such that I can take or at least filter the logs pertaining only to my application. ... View more

Hi @isoutamo , we are using an on-premise Splunk Enterprise version 9.4.2 in a distributed environment with a multi-site indexer cluster and a search head cluster. We have right now ingesting  OS logs, Security Logs and Application logs from Windows and Linux Servers using Universal Forwarders. Some of Company's application are hosted in AWS and Microsoft Azure, we wanted to ingest the Security logs of those applications to monitor them for cybersecurity purposes. But, when we connected to the cloud using the add-on, we where getting a lot of unwanted logs which led license over-utilization.  When we tried filtering, due to the large amount of logs and continuous filtering our Splunk servers had high utilization which led to the whole Splunk service slowing down. Hence, I wanted a method where we can filter out the unwanted logs or select only the required logs before it enters the Splunk servers. Even if the solution is not from Splunk but from AWS or Azure.  It would fine as long as we can send logs to Splunk . ... View more

Hi @livehybrid  I am right now using "Splunk Add on for Microsoft Cloud services" and Splunk Add on for AWS"  using HEC to collect logs from the cloud ... View more

My problem here is that when I connect applications hosted on cloud to Splunk Enterprise using Add-ons, I am getting  lot of unwanted logs which when ingested shoots up the license utilization or increases server overhead and usage due to continuous filtering which induces a lag in Splunk system as whole.   I wanted to know if there is any method to filter the logs coming from cloud before ingesting it in Splunk. So that the processing load and license usage of Splunk will  be less. ... View more

Hi @Prewin27 , Thanks for the reply, But the solutions you suggested though they may help in filtering logs, they work only on Splunk Cloud Platform. I wanted a solution where we can filter the logs from applications hosted on AWS or Azure and ingest them in Splunk Enterprise. Splunk Enterprise Security  ... View more

Thank you @livehybrid  But, I am using Splunk Enterprise. Is there any way to add and filter log from applications hosted the cloud in Splunk Enterprise. ... View more