I'm using AWS GuardDuty Add-on with an SQS input as appose to the Lambda HEC method. The findings are indexed correctly in Search. However, the add-on dashboards are not mapping/pulling Finding data correctly.
Is there a known issue with using generic SQS input(pull method) as appose to the Lambda HEC (push method)?
If the above is true, is there a published troubleshooting guide to help users modify dashboard/drilldown XML to fix the dashboard mapping/search issues?
The add-on is currently -not supported- does that mean Splunk Support will no longer be able to help update the add-on or debug issues moving forward?
... View more