All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk App for AWS: S3 Event Notification options

aknsun
Path Finder
‎06-20-2019 06:02 AM

Hi,
Just wondering if using the 2nd method has any drawbacks:

CloudTrail -> S3 -> SQS -> AWS Add-On

CloudTrail -> S3 -> SNS -> SQS -> AWS Add-On

Regards,

AKN

Reply

mccartneyc
Path Finder
‎09-11-2019 06:15 AM

Would like to know this as well. Documentation seems a bit spotty as to why we should use Cloudtrail -> S3 -> SNS -> SQS -> Addon

I'm currently having S3 send event notifications to SQS which in turn goes to the Addon and is working, but I'm trying to figure out why I should use SNS, is there a benefit or downside, or even a reason to use it with cloudtrail.

0 Karma
Reply

splunk_zen
Builder
‎11-21-2019 01:41 AM

It's not true the documentation doesn't explain the advantages.
"Each incremental S3 input is a single point of failure.

(...)

"Any SQS message not successfully processed in time by the SQS-based S3 input will reappear in the queue and will be retrieved and processed again.
In addition, data collection can be horizontally scaled out so that if one SQS-based S3 input fails, other inputs can still continue to pick up messages from the SQS queue and ingest corresponding data from the S3 bucket.
"
https://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureInputs

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...