Example: How to use Splunk to audit S3
This page describes an example for using Splunk to audit S3.
This page describes an example for using Splunk to audit S3.
Setting up an HTTP Event Collector (HEC).
Follow the steps in . Since the S3 event stream is provided in JSON format, choose _json
as the data source type.
Follow the steps in to create a token WEKA will use to access Splunk as an HTTP webhook. You can create a new index or use an existing one for easy discovery/monitor/query.
Copy the created token for later use.
To validate the configuration, send a test event as suggested in the section.
Once completed, you can search the index you have created in Splunk and see this event.
As a cluster admin, run the following CLI command to enable the audit webhook: