You can use the Cisco Cloud Security Add-on for Splunk to bring Secure Access and/or Umbrella logs into Splunk from AWS S3 (from either your own bucket or from a Cisco Managed bucket).
Build 1.0.34 brings:
v9 schema log fields.Secure Access Logs (in...
