https://community.splunk.com/t5/Getting-Data-In/s3-Multiple-directories-data-to-be-ingested-into-Splunk-Cloud/m-p/750510#M119236 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/263698">@shoaibalimir</a>&nbsp;</P><P>When you assessed and didnt get the required outcome - what is the issue you had specifically?</P><P>Is this a one-time ingestion of historic files already in S3, or are you wanting to ingest on an ongoing basis (I assume the latter?).</P><P>Personally I would avoid Generic-S3 as it relies on checkpoint files and can get messy quickly. SQS based S3 is the way to go here I believe.&nbsp;</P><P>Check out&nbsp;<A href="https://splunk.github.io/splunk-add-on-for-amazon-web-services/SQS-basedS3/" target="_blank">https://splunk.github.io/splunk-add-on-for-amazon-web-services/SQS-basedS3/</A>&nbsp;for more details on setting up SQS-based-S3 input. Its also worth nothing that the dynamic parts of the path shouldnt be a problem. If you have requirements to put them into specific indexes depending on the dynamic values then you can configure this when you setup the event notification (<A href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html" target="_blank">https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html</A>) and will probably need multiple SQS. Alternatively you could use props/transforms to route to the correct index at ingest time.</P><P><span class="lia-unicode-emoji" title=":glowing_star:">🌟</span><SPAN>&nbsp;</SPAN><STRONG>Did this answer help you?</STRONG><SPAN>&nbsp;</SPAN>If so, please consider:</P><UL><LI>Adding karma to show it was useful</LI><LI>Marking it as the solution if it resolved your issue</LI><LI>Commenting if you need any clarification</LI></UL><P>Your feedback encourages the volunteers in this community to continue contributing</P><P>&nbsp;</P> Sat, 26 Jul 2025 14:22:17 GMT livehybrid 2025-07-26T14:22:17Z https://community.splunk.com/t5/Getting-Data-In/s3-Multiple-directories-data-to-be-ingested-into-Splunk-Cloud/m-p/750448#M119226 <P>Hi Community,</P><P>I'm exploring ways to ingest data into Splunk Cloud from a Amazon s3 Bucket which has multiple directories and multiple files to be ingested onto Splunk.</P><P>Now, I have assessed the Generic s3, SQS-s3 and the Data Manager Inputs for AWS available on Splunk but am not getting the required outcome.</P><P>My use case is given below:</P><P>There's a s3 bucket named as exampledatastore, in that there's a directory named as&nbsp;statichexcodedefinition, in that there're multiple message Ids and Dates.</P><P>The s3 example structure is given below:</P><P>s3://exampledatastore/statichexcodedefinition/{messageId}/functionname/{date}/* - functionnameattribute</P><P>Where the {messageId} and the {date} values are dynamic. And I have a start date to begin with but the messageId varies.</P><P>Please can you assist me on this on how to get the data into Splunk.<BR /><BR />Many Thanks!</P> Mon, 28 Jul 2025 10:23:44 GMT https://community.splunk.com/t5/Getting-Data-In/s3-Multiple-directories-data-to-be-ingested-into-Splunk-Cloud/m-p/750448#M119226 shoaibalimir 2025-07-28T10:23:44Z https://community.splunk.com/t5/Getting-Data-In/s3-Multiple-directories-data-to-be-ingested-into-Splunk-Cloud/m-p/750510#M119236 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/263698">@shoaibalimir</a>&nbsp;</P><P>When you assessed and didnt get the required outcome - what is the issue you had specifically?</P><P>Is this a one-time ingestion of historic files already in S3, or are you wanting to ingest on an ongoing basis (I assume the latter?).</P><P>Personally I would avoid Generic-S3 as it relies on checkpoint files and can get messy quickly. SQS based S3 is the way to go here I believe.&nbsp;</P><P>Check out&nbsp;<A href="https://splunk.github.io/splunk-add-on-for-amazon-web-services/SQS-basedS3/" target="_blank">https://splunk.github.io/splunk-add-on-for-amazon-web-services/SQS-basedS3/</A>&nbsp;for more details on setting up SQS-based-S3 input. Its also worth nothing that the dynamic parts of the path shouldnt be a problem. If you have requirements to put them into specific indexes depending on the dynamic values then you can configure this when you setup the event notification (<A href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html" target="_blank">https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html</A>) and will probably need multiple SQS. Alternatively you could use props/transforms to route to the correct index at ingest time.</P><P><span class="lia-unicode-emoji" title=":glowing_star:">🌟</span><SPAN>&nbsp;</SPAN><STRONG>Did this answer help you?</STRONG><SPAN>&nbsp;</SPAN>If so, please consider:</P><UL><LI>Adding karma to show it was useful</LI><LI>Marking it as the solution if it resolved your issue</LI><LI>Commenting if you need any clarification</LI></UL><P>Your feedback encourages the volunteers in this community to continue contributing</P><P>&nbsp;</P> Sat, 26 Jul 2025 14:22:17 GMT https://community.splunk.com/t5/Getting-Data-In/s3-Multiple-directories-data-to-be-ingested-into-Splunk-Cloud/m-p/750510#M119236 livehybrid 2025-07-26T14:22:17Z https://community.splunk.com/t5/Getting-Data-In/s3-Multiple-directories-data-to-be-ingested-into-Splunk-Cloud/m-p/750552#M119249 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/170906">@livehybrid</a>&nbsp;</P><P>I'll assess again with the SQS-s3 Connector, and I'll need to ingest both historic data as well as ongoing data stream.</P><P>By the initial observations I think I'll need to use multiple SQS-s3 Connectors or would need to use Lambda to process those into single SQS-s3 Connector.</P><P>Please let me know if there's any other alternative to this assumption.</P><P>Thanks!</P> Mon, 28 Jul 2025 10:23:14 GMT https://community.splunk.com/t5/Getting-Data-In/s3-Multiple-directories-data-to-be-ingested-into-Splunk-Cloud/m-p/750552#M119249 shoaibalimir 2025-07-28T10:23:14Z