All Apps and Add-ons

Will AWS S3 event forwarding to SQS will end up being a different message than S3 to SNS to SQS?

tiagofbmm
Influencer

I am using the Splunk Technical Add-on that will be pulling messages from an SQS queue. Although the TA suggests using S3 forwarding to an SNS and it subscribed to an SQS, there is also the possibility of S3 to forward directly to SQS, and my customer is trying to get rid of SNS by AWS advice.

Would SNS make any change on what S3 send to it? Or would it be a fully transparent transport method to SQS?

0 Karma

asabatini85
Path Finder

Hi Tiago,

it depends on the type of input you are configuring

for example the cloudtrail inputs needs only the SQS and the S3.

for the config-legacy inputs you needs the SNS.

also you can configure the custom data in your S3 bucket.

For any doubts I suggest you to check these videos

https://www.youtube.com/channel/UCn7X9CAe0ZAHOzVb_OpRWkQ

Regards
Alessandro

tiagofbmm
Influencer

Thanks for the reply.

So according to the videos, it seems until v 5.2 of the App it is not recommended to have SQS Based S3 inputs.
If that is the case, then I believe this should also be part of the documentation of the current version.
The documentation is clear stating that

**However, it is highly recommended that you configure SQS-based S3 inputs to collect this type of data.**

And SQS-based S3 is the recommended input type for collecting a variety of pre-defined data types: CloudFront Access Logs, Config, ELB Access logs, CloudTrail, S3 Access Logs, as well as other custom data types.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...