All Apps and Add-ons

Using SQS based S3 in a private VPC

New Member

We'd like to use the SQS based S3 method in the Splunk Add-on for AWS, but have trouble connecting to the endpoint. From my experience it only tries to connect to the legacy URL, which is not supported with the SQS endpoint:

"Private DNS doesn't support legacy endpoints such as or" source 

Legacy URL: 
New URL:

I was able to create a Band-Aid fix by adding the legacy URL to /etc/hosts with the new URL's IP, but that's a fragile solution and doesn't support multiple AZs.  

In testing this I found that the AWS CLI supports redirecting through the use of a --endpoint-url argument:

aws sqs receive-message --endpoint-url --queue-url

It also looks like S3 might support setting a host_name value in the inputs.conf file to allow it to connect to a different endpoint. 

Is there a method for setting the endpoint URL for SQS?

Thank you,


Labels (3)
0 Karma


When you've added your SQS input it should set the sqs_queue_url field, something like:

aws_account = loader
aws_iam_role = audit_cloudtrail
index = my_index
interval = 300
s3_file_decoder = ELBAccessLogs
sourcetype = aws:elb:accesslogs
sqs_batch_size = 10
sqs_queue_region = eu-west-2
sqs_queue_url =<yourAccountID>/<yourSQSQueue>

You should then be able to update the queue URL to

sqs_queue_url =<YourAccountID>/<YourQueueNamee>
0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...