![]() Verify the Source Type is set as aws:cloudwatchlogs:vpcflow.įigure 3 – Splunk HEC token configuration. Configure the new token as per the details shown in Figure 3 below and click Submit.Select HTTP Event Collector and choose New Token.Access Splunk web, go to Settings, and choose Data inputs.To get started, we need to set up Splunk HEC to receive the data before we can configure the AWS services to forward the data to Splunk. Step 1: Splunk HTTP Event Collector (HEC) Configuration Create an index in Splunk to ingest the VPC flow logs.Publish VPC flow logs to Amazon S3 – Configure VPC flow logs to be published to an S3 bucket within your AWS account.The following prerequisites exist at a minimum: If Splunk is unavailable, or if any error occurs while forwarding logs, the Lambda function forwards those events to a backsplash S3 bucket.VPC flow logs are ingested and are available for searching within Splunk.The Lambda function streams the filtered VPC flow logs to Splunk HTTP Event Collector.The Lambda function filters out the events that do not have the “action” flag as “REJECT”. The function then makes a “GetObject” call to the S3 bucket and retrieves the object.This function polls the messages from SQS in batches, reads the contents of each event notification, and identifies the object key and corresponding S3 bucket name. A Lambda function is created with Amazon SQS as event source for the function. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |