AWS VPC flow logs are not getting parse!

[VnayRathna]

Hello,
I have installed Security Onion 2.4 on Rocky Linux 9 with 4 vCPUs, 16GB RAM, a 250GB root volume, and 2 NICs. To parse AWS VPC flow logs into Security Onion, I have stored the flow logs in CloudWatch. I selected the AWS VPC Flow Log integration, added the IAM credentials (access key and secret key), and specified the log group ARN in the CloudWatch section.
But the logs are not getting parsed do i need to add anything else ???
Please suggest

[reyesj2]

Are you able to share an example of how the logs appear? Are they showing up in elastic at all?

Any errors in the logstash log?