Re: Any S3 input could support parquet format?

xmeng · ‎07-29-2024

Hi, I met an input issue about s3, which stays not in a aws security lake. Is that possible to use Splunk addon for aws to ingest s3 bucket with parquet formatted files?

fholyfield · ‎08-21-2024

S3SPL Add-On for Splunk enables your data stored in S3 for immediate insight using custom Splunk commands. The source of the data does not matter, as long as it is stored in S3 and can be queried using S3 Select. This includes JSON, CSV, Parquet and even files written by Splunk Ingest Actions.

S3SPL provides the following functionality to Splunk users:

Query S3 using S3Select in an ad-hoc fashion using WHERE statements
Save queries and share them with other users
Configure queries to manage timestamps based on defined field names automatically
Configure queries with replacements to adapt queries to the current requirement on the fly
Create queries and preview results using an interactive workbench

In addition, S3SPL provides an admin section that allows the management of multiple buckets and saved queries. Finally, a comprehensive access control system based on Splunk capabilities and roles allows for granular access control from Splunk to buckets and prefixes within them.

jmartin_pro · ‎08-07-2024

I am also looking for a solution that supports parquet format

xmeng · ‎07-29-2024

Or only the data manager will be the only solution for this kind of input?

Any S3 input could support parquet format?

scripted input

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation