All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Will AWS S3 event forwarding to SQS will end up being a different message than S3 to SNS to SQS?

tiagofbmm
Influencer
‎02-13-2019 02:05 AM

I am using the Splunk Technical Add-on that will be pulling messages from an SQS queue. Although the TA suggests using S3 forwarding to an SNS and it subscribed to an SQS, there is also the possibility of S3 to forward directly to SQS, and my customer is trying to get rid of SNS by AWS advice.

Would SNS make any change on what S3 send to it? Or would it be a fully transparent transport method to SQS?

0 Karma
Reply

asabatini85
Path Finder
‎02-13-2019 06:11 AM

Hi Tiago,

it depends on the type of input you are configuring

for example the cloudtrail inputs needs only the SQS and the S3.

for the config-legacy inputs you needs the SNS.

also you can configure the custom data in your S3 bucket.

For any doubts I suggest you to check these videos

https://www.youtube.com/channel/UCn7X9CAe0ZAHOzVb_OpRWkQ

Regards
Alessandro

Reply

tiagofbmm
Influencer
‎02-13-2019 06:39 AM

Thanks for the reply.

So according to the videos, it seems until v 5.2 of the App it is not recommended to have SQS Based S3 inputs.
If that is the case, then I believe this should also be part of the documentation of the current version.
The documentation is clear stating that

**However, it is highly recommended that you configure SQS-based S3 inputs to collect this type of data.**

And SQS-based S3 is the recommended input type for collecting a variety of pre-defined data types: CloudFront Access Logs, Config, ELB Access logs, CloudTrail, S3 Access Logs, as well as other custom data types.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...