On July 23rd I gave a talk at the London Splunk User Group on automating Splunk with Ansible. You can find the slides here.
As part of a log consolidation exercise I’d decided to try and put logwatch output into Splunk, to later produce some succinct analysis.
Here’s how to get Amazon S3 bucket logs into Splunk, and then pull out the useful fields.
Many articles have been written about this topic, yet none of them seem to fulfill the basic premise I wanted: get it working.
I recommend Splunk a lot. I’ve been using it since about 2007, in varying degrees of complexity.