Apologies if already asked but I was unable to find something, So it was noticed this morning that one of our aws:cloudwatch inputs on Splunk Add on for Aws 4.60 had stopped forwarding logs since the 21st of August, once the input was recreated it started pulling the fresh logs from that moment on wards.
I am looking to ingest the missing 15 days or so of data but am unable to identify how to achieve this.
Any help is much appreciated.
I have tried setting a new input with the setting:
query_window_size = 20160 but I am not seeing any success from this,
Current Application: Splunk Add-on for AWS
App Version
4.6.0
App Build
8
Thanks
↧