Has anyone else come up with a way to have Splunk pull from AWS versus push (which the later answers are using)? We have our Splunk on-prem and our AWS Cloudwatch logs (no VPC logs) and have a firewall inbetween. The best approach would be to do a pull (which is what we had hoped this plugin would do) but it sounds like that is not the case (or not reliable)? Has anyone else accomplished what we are after or are we stuck with the push option only?
... View more