Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

minIO as frozen logs storage for Splunk

harras
New Member
‎12-01-2023 01:16 AM

How to store logs in minIO (on-premises) from Splunk.
I created bucket named splunk. I successfully mc cp test.txt s3/splunk-bucket but splunk can't loads files into bucket.


My indexes.conf file:

[smartstore]
homePath = $SPLUNK_DB/smartstoredb/db
coldPath = $SPLUNK_DB/smartstoredb/colddb
thawedPath = $SPLUNK_DB/smartstoredb/thaweddb
remotePath = volume:s3

[volume:s3]
storageType = remote
path = s3://splunk
remote.s3.access_key = minioadmin
remote.s3.secret_key = minioadmin
remote.s3.supports_versioning = false
remote.s3.endpoint = http://10.10.10.1:9000

minIO config.json

config.json {
"version": "10",
"aliases": {
"gcs": {
"url": "https://storage.googleapis.com",
"accessKey": "YOUR-ACCESS-KEY-HERE",
"secretKey": "YOUR-SECRET-KEY-HERE",
"api": "S3v2",
"path": "dns"
},
"local": {
"url": "http://10.10.10.1:9000",
"accessKey": "minioadmin",
"secretKey": "minioadmin",
"api": "s3v4",
"path": "auto"
},
"play": {
"url": "http://10.10.10.1:9000",
"accessKey": "minioadmin",
"secretKey": "minioadmin",
"api": "S3v4",
"path": "auto"
},
"s3": {
"url": "http://10.10.10.1:9000",
"accessKey": "minioadmin",
"secretKey": "minioadmin",
"api": "s3v4",
"path": "auto"
}
}
}

ps: I have 3 indexers and cluster master

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top