Hi @kutubjt1,
The best way to pull AWS CloudWatch logs into Splunk is to use the free Splunk Add-on for AWS. This app uses AWS account credentials to pull data from AWS APIs. All configuration can be done through the UI. In a distributed environment, I would recommend you install this on a "heavy forwarder" instance or similar.
The Splunk Add-on for AWS also includes other inputs for pulling data from your AWS account(s) - including VPC flow logs, S3 buckets, config, billing reports, instance metadata, etc.
I highly recommend you also install the Splunk App for AWS which provides out of the box visualizations for common use cases.
Hope that helps!
... View more