I am using the https://github.com/splunk/splunk-aws-project-trumpet to get AWS logs in, I am facing an issue though with only partial CloudTrail logs compared to the AWS TA. Any suggestions?
On the CloudFormation template does this effectively only collect this event pattern?
EventPattern":{
"detail-type":[
"AWS API Call via CloudTrail",
"AWS Console Sign In via CloudTrail"