Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Moving Splunk data to S3 bucket in a Cluster environment

shrogers
Loves-to-Learn Everything
‎01-20-2021 11:53 AM

Hi Everyone,

I'm looking for a working package that can move data from the Splunk cluster environment to the S3 bucket for archiving. All examples I'm getting does work.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-20-2021 12:12 PM

Well, there's SmartStore, which is built-in to Splunk.

Beyond that, we'll need more information.  Is your Splunk on-prem, private cloud, or Splunk Cloud?  How do you want the data stored in S3 (searchable by Splunk or something else)?

What examples have you tried so far?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

shrogers
Loves-to-Learn Everything
‎01-20-2021 01:57 PM

Thank you your quick response. Smartstore would require a whole new setup and we are not able to go down that route.

It's an on-prem cluster environment. We just want to archive index data to S3 after 90 days. If we need to get it searchable, we'll get it done manually.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-21-2021 05:21 AM

Write a coldToFrozenScript.  This script is invoked by Splunk when a bucket is due to be archived.  See 'coldToFrozenScript ' in the Admin manual (https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Indexesconf#indexes.conf.spec)

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...