Splunk has multiple methods in regards to Getting Data In (GDI). One very popular method is the Http Event Collector (HEC). The use of the HEC allows data ingestion into Splunk via HTTP POST messages. Two popular methods that send POST messages out of AWS into Splunk are the AWS services: Lambda and Firehose.
Logging for Cloudwatch Events using Splunk HEC Welcome to another installment on how to log multiple AWS accounts into Splunk, when the recommended method is not feasible. In this article we will take a look at Splunking AWS Cloudwatch Event data using an HTTP Event Collector (HEC) input.
Explore scenarios where multiple AWS accounts are configured to log Cloudtrail and Config into a consolidated S3 bucket.
Having the ability to mount S3 storage for some customers will allow for a tiered approach to storage.
Perfect for archiving data that is infrequently needed, but is still searchable by Splunk.