AWS Splunk Configuration

props.conf

[source::.../var/log/messages]
sourcetype = linux_messages_syslog

[source::.../var/log/secure]
sourcetype = linux_secure

[source::.../var/log/dmesg]
sourcetype = dmesg

[source::.../var/log/cron]
sourcetype = cron

[source::.../var/log/monit]
sourcetype = monit

[source::.../var/log/maillog]
sourcetype = sendmail_syslog

[source::.../var/log/yum.log]
sourcetype = yum

[source::.../var/log/boot.log]
sourcetype = linux_bootlog

[source::.../var/log/nginx/access.log(.\d+)?]
sourcetype = nginx_access

[source::.../var/log/nginx/error.log(.\d+)?]
sourcetype = nginx_error

[source::.../var/log/httpd/(\w+-)?access_log]
sourcetype = access_combined

[source::.../var/log/httpd/(\w+-)?error_log]
sourcetype = apache_error

[source::.../var/log/httpd/rotated/(\w+-)?access_log(.\d+(\.gz)?)?]
sourcetype = access_combined

[source::.../var/log/httpd/rotated/(\w+-)?error_log(.\d+(\.gz)?)?]
sourcetype = apache_error

[source::.../var/log/cfn-hup.log]
sourcetype = cfn-hup

[source::.../var/log/cfn-wire.log]
sourcetype = cfn-wire

[source::.../var/log/cloud-init.log]
sourcetype = cloud-init

[source::.../var/log/cloud-init-output.log]
sourcetype = cloud-init-output

[source::.../var/log/cfn-init.log]
sourcetype = cfn-init

[source::.../var/log/eb-cfn-init.log]
sourcetype = eb-cfn-init

[source::.../var/log/cfn-init-cmd.log]
sourcetype = cfn-init-cmd

[source::.../var/log/eb-activity.log]
sourcetype = eb-activity

[source::.../var/log/eb-commandprocessor.log]
sourcetype = eb-commandprocessor

[source::.../var/log/eb-version-deployment.log]
sourcetype = eb-version-deployment

[source::.../var/log/eb-publish-logs.log]
sourcetype = eb-version-deployment

[source::.../var/log/eb-cfn-init-call.log]
sourcetype = eb-cfn-init-call

[source::.../var/log/eb-tools.log]
sourcetype = eb-tools

[source::.../var/log/tomcat8/catalina.out]
sourcetype = catalina_out

[source::.../var/log/tomcat8/catalina.(\d\d\d\d-\d\d-\d\d)=\.log]
sourcetype = catalina