Last updated
Last updated
Setting up an HTTP Event Collector (HEC).
Follow the steps in . Since the S3 event stream is provided in JSON format, choose _json
as the data source type.
Follow the steps in to create a token that Weka will use to access the Splunk as HTTP webhook. You can create a new index or use an existing one for easy discovery/monitor/query.
Copy the created token for later use.
To validate the configuration, send a test event as suggested in the section.
Once completed, you can search the index you have created in Splunk and see this event.
As a cluster admin, run the following CLI command to enable the audit webhook:
This page describes an example for using Splunk to audit S3.