Splunk should be providing this documentation.
Install Add-on. Restart Splunk
Go to Settings -> Data inputs -> Amazon S3
Select New
Enter resource name (i.e. bucket path)
Example: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv/i-26c25b78
Enter AWS ID and AWS Secret Key
Click Save
I still haven't figured out how to have the S3 add-on look for ALL EC-2 instance logs.
Ex: elasticbeanstalk-us-west-1-505289879277/resources/environments/logs/publish/e-tie4paxpjv
I have to enter a new data input for each instance. Being in Elastic Beanstalk, instances come and go.
... View more