Hi Everyone,
I am new to splunk configuration. So looking for guidance and step by step configuration.
I need to configure primarily aws CloudWatch log groups (ec2 instances /var/log/messages and tomcat logs, vpc logs) and cloud trails to an on-premise splunk server.
I am looking for a solution where I am planing to create a server as universal forwarder which collects all these logs and pushes to the splunk server (port 9997).
Can a universal forwarder collects all the logs mentioned above and send it to splunk, that’s first step.
I am assuming I might have to get aws add on installed on splunk server. How do I configure log stream in splunk with or without aws add on. I would step by step guide as I am new go splunk.
Thanks in advance.
↧