Hi Team,
We have configured Splunk App for AWS and configured VPC Flow Log to forward logs to Splunk.
We would like to have the options available (like vpc_flow.bytes, vpc_flow.interface_id, vpc_flow.vpcflow_action, etc) on VPC Flow Logs for creating Splunk searches, unfortunately we cannot find documentation.
What we are planning to achieve, if it is possible, is to use data model in Splunk for a custom visualization with flow log data.
↧