How we can transfer or back up data to an AWS S3 b...

Rakzskull · ‎02-24-2025

We have an index named ABC with a searchable retention period of 180 days and an archival period of 3 years. I would like to transfer all logs to AWS S3, as they are currently stored in Splunk Archive storage. Could you please advise on how to accomplish this?

Additionally, will this process include moving both searchable logs and archived logs to S3?

I would appreciate a step-by-step guide. If anyone has knowledge of this process, I would be grateful for your assistance. Thank you.

kiran_panchavat · ‎03-01-2025

@Rakzskull

Splunk manages the archival storage in DDAA, and you don’t have direct access to the underlying S3 buckets.

To export archived data:

Open a support ticket with Splunk.

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

tscroggins · ‎03-01-2025

Hi @Rakzskull,

Splunk support can assist with migrations from DDAA (Splunk-provided S3) to DDSS (customer-provided S3).

How we can transfer or back up data to an AWS S3 bucket for the specified existing index?

indexer

inputs.conf

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?