AWS AppFabric audit log ingestion considerations

Splunk

Splunk helps make organizations more resilient. Leading organizations use Splunk’s unified security and observability platform to keep their digital systems secure and reliable. Organizations trust Splunk to prevent security, infrastructure, and application issues from becoming major incidents, absorb shocks from digital disruptions and accelerate digital transformation.

AWS AppFabric audit log ingestion considerations

The following sections describe the AppFabric output schema, output formats, and output destinations to use with Splunk.

Schema and format

Splunk supports the following AppFabric output schema and formats:

Raw - JSON
- AppFabric outputs data in the original schema used by the source application in the JSON format.
OCSF - JSON
- AppFabric normalizes the data using the Open Cybersecurity Schema Framework (OCSF) and outputs the data in the JSON format.
OCSF - Parquet
- AppFabric normalizes the data using the Open Cybersecurity Schema Framework (OCSF) and outputs the data in the Apache Parquet format.

Output locations

Splunk supports the following AppFabric output locations:

Amazon Data Firehose
- To configure Splunk to receive audit logs from the Firehose stream that contains your audit logs, follow the instructions in Splunk Add-on for Amazon Data Firehose on the Splunk website.
Amazon Simple Storage Service (Amazon S3)
- To configure Splunk to receive data from the Amazon S3 bucket that contains your audit logs, follow the instructions in Configure SQS-based S3 inputs for the Splunk Add-on for AWS on the Splunk website.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Singularity Cloud

Delete resources