Thanks a lot for sharing this knowledge on youtube. You share the best Splunk tutorial videos which are much better than any other tutorials I have viewed, big fan sir
Just one of the those videos I needed to help me understand Splunk integration to AWS. Thanks for the detail explanation. Would be checking from this channel. Great job!
I think S3 will be useful when you have multiple AWS region cloudtrail data.If you have multiple AWS regions from which you want to gather CloudTrail data, the Amazon Web Services best practice is that you configure a trail that applies to all regions in the AWS partition in which you are working. You can then set up one CloudTrail input to collect data from the centralized S3 bucket where log files from all the regions are stored. In this video I just discussed the basic way of ingesting cloudtrail data. In future I will be covering S3 as well.
Pretty Good Step-by-Step process. Quick question. I have an AWS environment with CloudTrail and CloudWatch Enabled. I can use this process and steps to ingest CloudTrail logs into Splunk. How about ingest CloudWatch logs into Splunk. What is the process? . Also, where do i install the Splunk Add-On for AWS installer. On a EC2 Linux instance in my AWS or on a On-Prem Windows/Linux server? My Splunk setup is currently on a Azure environment . I need to take the logs from AWS into the Splunk in Azure
For cloudwatch it will be similar, please have a look at the below link, docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs You need to install this addon in your splunk environment, on Heavy forwader to be specific.
hello sir i searches out for one policy containing permission for all inputs its not showing in the docs i think splunk docs is updated so kindly give path for that
It looks like splunk have removed that page from the documentation - I have just experienced this very same issue - docs.splunk.com/Documentation/AddOns/latest/AWS/Permissions
Hi Sir..when i installed this addon on splunk only the loading process is going on..its taking too much time and after that also didn’t show the tabs inputs ,configuration..what needs to be done then? Pls help
You can index the RDS data in Splunk, then Forward it to Phantom using Splunk Phantom Add-on, community.splunk.com/t5/Archive/AWS-Database-logs-to-Splunk/m-p/430343 th-cam.com/video/K2VfKolT6F4/w-d-xo.html th-cam.com/video/8u4Uqu8e10c/w-d-xo.html th-cam.com/video/FiqvoPTQfdw/w-d-xo.html
Thanks a lot for sharing this knowledge on youtube. You share the best Splunk tutorial videos which are much better than any other tutorials I have viewed, big fan sir
Just one of the those videos I needed to help me understand Splunk integration to AWS. Thanks for the detail explanation. Would be checking from this channel. Great job!
Your videos is very helpful especially for splunk developers.... ☺️☺️
Thank you 🙏
Thanks a lot. This was really helpful
Thanks Sir ...Very Useful.....
1000 Times Thanks Again
this video is great, I finally got it working on Splunk 8.2. Could you create a very in depth troubleshooting series?
Wondering if splunk supports oidc Auth for aws ? So that I don’t have to worry about access key and secret access key.
Many thanks for sharing. Do you have one explaining how to configure cloud watch events? tks
Hi Sid, thanks for the tutorial. Very much useful. Can you tell me what is the advantage of taking the SNS and SQS method over using the S3 bucket
I think S3 will be useful when you have multiple AWS region cloudtrail data.If you have multiple AWS regions from which you want to gather CloudTrail data, the Amazon Web Services best practice is that you configure a trail that applies to all regions in the AWS partition in which you are working. You can then set up one CloudTrail input to collect data from the centralized S3 bucket where log files from all the regions are stored.
In this video I just discussed the basic way of ingesting cloudtrail data. In future I will be covering S3 as well.
Where do the indexes come from that are pre-populated in the app? Is it reading what's on the indexers?
Hi Sid, your videos and step-by-step procedures are helpful. How may I contact you personally? Thx
Pretty Good Step-by-Step process. Quick question. I have an AWS environment with CloudTrail and CloudWatch Enabled. I can use this process and steps to ingest CloudTrail logs into Splunk. How about ingest CloudWatch logs into Splunk. What is the process? . Also, where do i install the Splunk Add-On for AWS installer. On a EC2 Linux instance in my AWS or on a On-Prem Windows/Linux server? My Splunk setup is currently on a Azure environment . I need to take the logs from AWS into the Splunk in Azure
For cloudwatch it will be similar, please have a look at the below link,
docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs
You need to install this addon in your splunk environment, on Heavy forwader to be specific.
Awesome video Sid da
Thank you bhai :)
Nice video, thank you sir.
Hi I'm using sqs based S3 method and my hf is using proxy setup .
Getting error sns signature validation failed
how can we add the ec2 server logs to splunk
As usual The Best..
How to restrict access to S3 Bucket only to splunk cloud instance so that no one else can access it?
hello sir i searches out for one policy containing permission for all inputs its not showing in the docs i think splunk docs is updated so kindly give path for that
It looks like splunk have removed that page from the documentation - I have just experienced this very same issue - docs.splunk.com/Documentation/AddOns/latest/AWS/Permissions
Hi Sir..when i installed this addon on splunk only the loading process is going on..its taking too much time and after that also didn’t show the tabs inputs ,configuration..what needs to be done then? Pls help
And my splunk instance is also 8.0.3 and as this add on not showing any of its tab my splunk instance is also going down bcz of that
Hi Divya,
What is the version of the add-on you downloaded? For Splunk 8 it needs to be version 5 and above.
I want to get data from AWS RDS (mysql) to phantom. Can someone help me with this.
You can index the RDS data in Splunk, then Forward it to Phantom using Splunk Phantom Add-on,
community.splunk.com/t5/Archive/AWS-Database-logs-to-Splunk/m-p/430343
th-cam.com/video/K2VfKolT6F4/w-d-xo.html
th-cam.com/video/8u4Uqu8e10c/w-d-xo.html
th-cam.com/video/FiqvoPTQfdw/w-d-xo.html
need s3 storage to splunk integration video
I have followed all steps through two times and no events have indexed
Can you see in _internal index... If any errors are showing up.