
API reference for the Splunk Add-on for AWS
See the following sections for API reference information for the Splunk Add-on for AWS.
Account
https://<host>:<mPort>splunk_ta_aws_aws_account
API for AWS Account settings.
GET, POST, or DELETE
API for AWS Account settings
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
key_id | Boolean true
|
Key ID |
secret_key | Boolean true
|
Secret Key |
category | Boolean true
|
Region Category |
iam | Boolean false
|
Identifies EC2 Instance Role |
Config inputs
https://<host>:<mPort>aws_config_inputs_rh_ucc
API for the AWS Config input.
GET, POST, or DELETE
API for the AWS Config input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
aws_account | Boolean true
|
AWS Account |
aws_region | Boolean true
|
AWS Region |
sqs_queue | Boolean true
|
SQS Queue Name |
polling_interval | Boolean true
|
Interval |
sourcetype | Boolean true
|
Sourcetype API for aws:config
|
index | Boolean true
|
Index |
enable_additional_notifications | Boolean false
|
API for enabling additional notifications. |
Description input
https://<host>:<mPort>splunk_ta_aws_aws_description
API for AWS Description inputs.
GET, POST, or DELETE
API for the AWS Description input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
account | Boolean true
|
AWS Account |
aws_iam_role | Boolean false
|
Assume role |
regions | Boolean true
|
AWS Regions |
apis | Boolean true
|
APIs for the following information:ec2_volumes/3600,ec2_instances/3600,ec2_reserved_instances/3600,ebs_snapshots/3600,classic_load_balancers/3600,application_load_balancers/3600,vpcs/3600,vpc_network_acls/3600,cloudfront_distributions/3600,vpc_subnets/3600,rds_instances/3600,ec2_key_pairs/3600,ec2_security_groups/3600,ec2_images/3600,ec2_addresses/3600,lambda_functions/3600,s3_buckets/3600 |
sourcetype | Boolean true
|
Sourcetype API for aws:description
|
index | Boolean true
|
Index |
IAM role settings
https://<host>:<mPort>splunk_ta_aws_iam_roles
API for IAM role settings.
GET, POST, or DELETE
API for IAM role settings
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
arn | Boolean true
|
Role ARN |
Incremental S3 input
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_logs
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_logs/<incremental_s3_input_name>
API for the AWS Incremental S3 input.
GET, POST, or DELETE
API for the AWS Incremental S3 input
Request URL parameters
Parameter | Default | Description |
---|---|---|
output_mode | - | If output_mode=json , response is returned in JSON format.
|
Request body parameters
Parameter | Required | Default value | Description |
---|---|---|---|
name
|
1 | - | Unique name for input. |
aws_account
|
1 | - | AWS account name. |
aws_iam_role
|
0 | - | AWS IAM role. |
host_name
|
0 | - | The host name of the S3 service. |
aws_s3_region
|
0 | - | The AWS region that contains the S3 bucket. |
bucket_name
|
1 | - | The AWS S3 bucket name. |
log_type
|
1 | - | The type of logs to ingest. Available log types are cloudtrail, elb:accesslogs, cloudfront:accesslogs and s3:accesslogs. |
log_file_prefix
|
0 | - | Configure the prefix of log file, which along with other path elements, forms the URL under which the addon searches the log files. |
log_start_date
|
0 | - | The start date of the log. Format = %Y-%m-%d. |
bucket_region
|
0 | - | The AWS region where the S3 bucket exists. |
distribution_id
|
0 | - | CloudFront distribution id. Specify only when creating input for collecting CloudFront access logs. |
max_fails
|
0 | 10000 | Stop discovering new keys if the number of failed files exceeded max_fails. |
max_number_of_process
|
0 | 2 | Maximum number of processes. |
max_number_of_thread
|
0 | 4 | Maximum number of threads. |
max_retries
|
0 | ||
Max number of retries to collect data upon failing requests. Specify -1 to retry until success.
| |||
private_endpoint_enabled
|
0 | - | Whether to use private endpoint. Specify 0 to disable, or 1 to enable. |
s3_private_endpoint_url
|
1 if private_endpoint_enabled=1
|
- | Private endpoint url to connect with the S3 service. |
sts_private_endpoint_enabled
|
1 if private_endpoint_enabled=1
|
- | Private endpoint url to connect with the STS service. |
interval
|
0 | 1800 | Data collection interval, in seconds. |
sourcetype
|
0 | aws:s3
|
Sourcetype of collected data. |
index
|
1 | default | Splunk index to ingest data. Default is main. |
Examples
GET | List of all inputs | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_logs
|
List specified input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_logs/test_incremental_s3_input
| |
POST | Create input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_logs -d name=test_incremental_s3_input -d aws_account=test_account -d aws_iam_role=test_iam_role -d host_name=s3.amazonaws.com -d aws_s3_region=ap-south-1 -d bucket_name=testing-bucket-05 -d log_type=<encode from actual value → s3:accesslogs> -d log_file_prefix=test-prefix -d log_start_date=2023-01-01 -d bucket_region=ap-south-1 -d interval=1800 -d sourcetype=test_sourcetype -d index=default
|
Edit input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_logs/test_incremental_s3_input -d aws_account=test_account -d aws_iam_role=test_iam_role -d host_name=s3.amazonaws.com -d aws_s3_region=ap-south-1 -d bucket_name=testing-bucket-05 -d log_type=<encode from actual value → s3:accesslogs> -d log_file_prefix=test-prefix -d log_start_date=2023-01-01 -d bucket_region=ap-south-1 -d interval=1800 -d sourcetype=test_sourcetype -d index=default
| |
DELETE | Delete input | curl -u admin:password -X DELETE https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_logs/test_incremental_s3_input
|
Inspector input
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector/<inspector_input_name>
API for the Amazon Inspector input.
GET, POST, or DELETE
API for the Amazon Inspector input
Request URL parameters
Parameter | Default | Description |
---|---|---|
output_mode | - | If output_mode=json , response is returned in JSON format.
|
Request body parameters
Parameter | Required | Default value | Description |
---|---|---|---|
name
|
1 | - | Unique name for input. |
account
|
1 | - | AWS account name. |
aws_iam_role
|
0 | - | AWS IAM role. |
regions
|
1 | - | AWS regions that contain your data. Enter region IDs in a comma-separated list. |
polling_interval
|
1 | 300 | Data collection interval, in seconds. |
sourcetype
|
0 | aws:kinesis
|
Sourcetype of collected data. |
index
|
1 | default | Splunk index to ingest data. Default is main. |
Examples
GET | List of all inputs | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector
|
List specified input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector/test_inspector_input
| |
POST | Create input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector -d name=test_inspector_input -d account=test_account -d aws_iam_role=test_iam_role -d regions=<encode from actual value → ap-northeast-1,ap-south-1,ap-northeast-2> -d polling_interval=300 -d sourcetype=test_sourcetype -d index=default
|
Edit input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector/test_inspector_input -d account=test_account -d aws_iam_role=test_iam_role -d regions=<encode from actual value → ap-northeast-1,ap-south-1,ap-northeast-2> -d polling_interval=600 -d sourcetype=test_sourcetype -d index=default
| |
DELETE | Delete input | curl -u admin:password -X DELETE https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector/test_inspector_input
|
Inspector V2 input
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector_v2
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector_v2/<inspector_v2_input_name>
API for the Amazon Inspector V2 input.
GET, POST, or DELETE
API for the Amazon Inspector V2 input
Request URL parameters
Parameter | Default | Description |
---|---|---|
output_mode | - | If output_mode=json , response is returned in JSON format.
|
Request body parameters
Parameter | Required | Default value | Description |
---|---|---|---|
name
|
1 | - | Unique name for input. |
account
|
1 | - | AWS account name. |
aws_iam_role
|
0 | - | AWS IAM role. |
regions
|
1 | - | AWS regions that contain your data. Enter region IDs in a comma-separated list. |
polling_interval
|
1 | 300 | Data collection interval, in seconds. |
sourcetype
|
0 | aws:kinesis
|
Sourcetype of collected data. |
index
|
1 | default | Splunk index to ingest data. Default is main. |
Examples
GET | List of all inputs | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector_v2
|
List specified input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector_v2/test_inspector_v2_input
| |
POST | Create input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector_v2 -d name=test_inspector_v2_input -d account=test_account -d aws_iam_role=test_iam_role -d regions=<encode from actual value → ap-northeast-1,ap-south-1,ap-northeast-2> -d polling_interval=300 -d sourcetype=test_sourcetype -d index=default
|
Edit input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector_v2/test_inspector_v2_input -d account=test_account -d aws_iam_role=test_iam_role -d regions=<encode from actual value → ap-northeast-1,ap-south-1,ap-northeast-2> -d polling_interval=600 -d sourcetype=test_sourcetype -d index=default
| |
DELETE | Delete input | curl -u admin:password -X DELETE https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_inspector_v2/test_inspector_v2_input
|
Kinesis input
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_kinesis
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_kinesis/<kinesis_input_name>
API for the AWS Kinesis input.
GET, POST, or DELETE
API for the AWS Kinesis input
Request URL parameters
Parameter | Default | Description |
---|---|---|
output_mode | - | If output_mode=json , response is returned in JSON format.
|
Request body parameters
Parameter | Required | Default value | Description |
---|---|---|---|
name
|
1 | - | Unique name for input. |
account
|
1 | - | AWS account name. |
aws_iam_role
|
0 | - | AWS IAM role. |
region
|
1 | - | AWS region for Kinesis stream. |
stream_names
|
1 | - | Kinesis stream names in a comma-separated list. Leave empty to collect all streams. |
init_stream_position
|
0 | LATEST | Stream position from where to start collecting data. Specify either TRIM_HORIZON (starting) or LATEST (recent live data). |
encoding
|
0 | - | Encoding of stream data. Set to gzip or leave blank, which defaults to Base64 .
|
format
|
0 | - | Format of the collected data. Specify CloudWatchLogs or leave empty.
|
private_endpoint_enabled
|
0 | - | Whether to use private endpoint. Specify 0 to disable, or 1 to enable. |
kinesis_private_endpoint_url
|
1 if private_endpoint_enabled=1
|
- | Private endpoint url to connect with the Kinesis service. |
sts_private_endpoint_enabled
|
1 if private_endpoint_enabled=1
|
- | Private endpoint url to connect with the STS service. |
sourcetype
|
0 | aws:kinesis
|
Sourcetype of collected data. |
index
|
1 | default | Splunk index to ingest data. Default is main. |
Examples
GET | List of all inputs | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_kinesis
|
List specified input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_kinesis/test_kinesis_input
| |
POST | Create input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_kinesis -d name=test_kinesis_input -d account=test_account -d aws_iam_role=test_iam_role -d region=ap-south-1 -d stream_names=test-stream -d init_stream_position=LATEST -d encoding=gzip -d format=CloudwatchLogs -d sourcetype=test_sourcetype -d index=default
|
Edit input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_kinesis/test_kinesis_input -d account=test_account -d aws_iam_role=test_iam_role -d region=ap-south-1 -d stream_names=test-stream -d init_stream_position=TRIM_HORIZON -d encoding=gzip -d format=CloudwatchLogs -d sourcetype=test_sourcetype -d index=default
| |
DELETE | Delete input | curl -u admin:password -X DELETE https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_kinesis/test_kinesis_input
|
S3 input
https://<host>:<mPort>splunk_ta_aws_aws_s3
API for the AWS S3 input.
GET, POST, or DELETE
API for the AWS S3 input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
aws_account | Boolean true
|
AWS Account |
aws_iam_role | Boolean false
|
Assume role |
host_name | Boolean true
|
S3 host name |
bucket_name | Boolean true
|
S3 bucket name |
key_name | Boolean false
|
S3 key prefix |
initial_scan_datetime | Boolean false
|
Start date/time. |
blacklist | Boolean false
|
Blacklist |
whitelist | Boolean false
|
Whitelist |
polling_interval | Boolean true
|
Interval. |
sourcetype | Boolean true
|
Sourcetype API for aws:cloudtrail , aws:s3:accesslogs , aws:cloudfront:accesslogs , and aws:elb:accesslogs .
|
index | Boolean true
|
Index |
Metadata input
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_metadata
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_metadata/<metadata_input_name>
API for the AWS Metadata input.
GET, POST, or DELETE
API for the AWS Metadata input
Request URL parameters
Parameter | Default | Description |
---|---|---|
output_mode | - | If output_mode=json , response is returned in JSON format.
|
Request body parameters
Parameter | Required | Default value | Description |
---|---|---|---|
name
|
1 | - | Unique name for input. |
account
|
1 | - | AWS account name. |
aws_iam_role
|
0 | - | AWS IAM role. |
regions
|
1 | - | AWS regions from where to get data, split by ','. |
apis
|
1 | - | APIs to collect data with, and intervals for each API, in the format of <api name>/<api interval in seconds>. For example, ec2_instances/3600 , kinesis_stream/3600 .
|
sourcetype
|
0 | aws:metadata
|
Sourcetype of collected data. |
index
|
1 | default | Splunk index to ingest data. Default is main. |
Examples
GET | List of all inputs | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_metadata
|
List specified input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_metadata/test_metadata_input
| |
POST | Create input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_metadata -d name=test_metadata_input -d account=test_account -d aws_iam_role=test_iam_role -d regions=<encode from actual value → ap-northeast-1,ap-south-1,ap-northeast-3> -d apis=<encode from actual value → ec2_instanes/3600, lambda_functions/3600, s3_buckets/3600> -d sourcetype=test_sourcetype -d index=default
|
Edit input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_metadata/test_metadata_input -d account=test_account -d aws_iam_role=test_iam_role -d regions=<encode from actual value → ap-northeast-1,ap-south-1,ap-northeast-3> -d apis=<encode from actual value → ec2_instanes/3600, lambda_functions/3600, s3_buckets/3600> -d sourcetype=test_sourcetype -d index=default
| |
DELETE | Delete input | curl -u admin:password -X DELETE https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_metadata/test_metadata_input
|
SQS input
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_sqs
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_sqs/<sqs_input_name>
API for the AWS SQS input.
GET, POST, or DELETE
API for the AWS SQS input
Request URL parameters
Parameter | Default | Description |
---|---|---|
output_mode | - | If output_mode=json , response is returned in JSON format.
|
Request body parameters
Parameter | Required | Default value | Description |
---|---|---|---|
name
|
1 | - | Unique name for input. |
aws_account
|
1 | - | AWS account name. |
aws_iam_role
|
0 | - | AWS IAM role. |
aws_region
|
0 | - | List of AWS regions containing SQS queues. |
sqs_queues
|
1 | - | AWS SQS queue names list, split by ",". |
interval
|
1 | 30 | Data collection interval. |
sourcetype
|
1 | - | Sourcetype of collected data. |
index
|
1 | default | Splunk index to ingest data. Default is main. |
Examples
GET | List of all inputs | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_sqs
|
List specified input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_sqs/test_sqs_input
| |
POST | Create input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_sqs -d name=test_sqs_input -d aws_account=test_account -d aws_iam_role=test_iam_role -d aws_region=<encode from actual value → ["ap-south-1","ap-northeast-1"]> -d sqs_queues=<encode from actual value → ["test-queue-1,test-queue-2","test-queue-3,test-queue-4"]> -d interval=30 -d sourcetype=test_sourcetype -d index=default
|
Edit input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_sqs/test_sqs_input -d aws_account=test_account -d aws_iam_role=test_iam_role -d aws_region=<encode from actual value → ["ap-south-1","ap-northeast-1"]> -d sqs_queues=<encode from actual value → ["test-queue-1,test-queue-2","test-queue-3,test-queue-4"]> -d interval=30 -d sourcetype=test_sourcetype -d index=default
| |
DELETE | Delete input | curl -u admin:password -X DELETE https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_splunk_ta_aws_sqs/test_sqs_input
|
SQS-based S3 input
https://<host>:<mPort>splunk_ta_aws_aws_sqs_based_s3
https://<host>:<mgmt_port>/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_sqs_based_s3/<sqs_based_s3_input_name>
API for the AWS SQS-based S3 input.
GET, POST, or DELETE
API for the AWS SQS-based S3 input
Request URL parameters
Parameter | Default | Description |
---|---|---|
output_mode | - | If output_mode=json , response is returned in JSON format.
|
Request body parameters
Parameter | Required | Default value | Description |
---|---|---|---|
name
|
1 | - | Unique name for input. |
aws_account
|
1 | - | AWS account name. |
aws_iam_role
|
0 | - | AWS IAM role. |
using_dlq
|
0 | 1 | Specify either 0 or 1 to disable or enable checking for dead letter queue (DLQ). |
sqs_sns_validation
|
0 | 1 | Enable or disable SNS signature validation. Specify either 0 or 1. |
parse_csv_with_header
|
0 | 0 | Enable parsing of CSV data with header. First line of file will be considered as header. Specify either 0 or 1. |
parse_csv_with_delimiter
|
0 | , | Enable parsing of CSV data by chosen delimiter. Specify delimiter for parsing csv file. |
sqs_queue_region
|
1 | - | Name of the AWS region in which the notification queue is located. |
sqs_queue_url
|
1 | - | Name of SQS queue to which notifications of S3 file(s) creation are sent. |
sqs_batch_size
|
0 | 10 | Max number of messages to pull from SQS in one batch. |
s3_file_decoder
|
1 | - | Name of a decoder which decodes files into events: CloudTrail, Config, S3 Access Logs, ELB Access Logs, CloudFront Access Logs, and CustomLogs. |
private_endpoint_enabled
|
0 | - | Whether to use private endpoint. Specify either 0 or 1. |
sqs_private_endpoint_url
|
1 if private_endpoint_enabled =1
|
- | Private endpoint url to connect with SQS service. |
s3_private_endpoint_url
|
1 if private_endpoint_enabled =1
|
- | Private endpoint url to connect with s3 service. |
sts_private_endpoint_enabled
|
1 if private_endpoint_enabled =1
|
- | Private endpoint url to connect with STS service. |
interval
|
0 | 300 | Data collection interval. |
sourcetype
|
1 | - | Sourcetype of collected data. |
index
|
1 | default | Splunk index to ingest data. Default is main. |
Examples
GET | List of all inputs | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_sqs_based_s3
|
List specified input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_sqs_based_s3/test_sqs_based_s3_input
| |
POST | Create input | curl -u admin:password https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_sqs_based_s3 -d name=test_sqs_based_s3_input -d aws_account=test_account -d aws_iam_role=test_iam_role -d using_dlq=1 -d sqs_sns_validation=1 -d parse_csv_with_header=1 -d parse_csv_with_delimiter=<encode from actual value → ,> -d sqs_queue_region=ap-south-1 -d sqs_queue_url=<encode from actual value → https://sqs.ap-south-1.amazonaws.com/123456789012/test-queue> -d sqs_batch_size=10 -d s3_file_decoder=CustomLogs -d interval=300 -d sourcetype=test_sourcetype -d index=default
|
Edit input | > -d sqs_queue_region=ap-south-1 -d sqs_queue_url=<encode from actual value → https://sqs.ap-south-1.amazonaws.com/123456789012/test-queue> -d sqs_batch_size=10 -d s3_file_decoder=Config -d interval=300 -d sourcetype=test_sourcetype -d index=default | |
DELETE | Delete input | curl -u admin:password -X DELETE https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_aws_sqs_based_s3/test_sqs_based_s3_input
|
PREVIOUS Access billing data for the Splunk Add-on for AWS |
NEXT Lookups for the Splunk Add-on for AWS |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!