Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Moving Splunk data to S3 bucket in a Cluster environment

shrogers
Loves-to-Learn Everything
‎01-20-2021 11:53 AM

Hi Everyone,

I'm looking for a working package that can move data from the Splunk cluster environment to the S3 bucket for archiving. All examples I'm getting does work.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-20-2021 12:12 PM

Well, there's SmartStore, which is built-in to Splunk.

Beyond that, we'll need more information.  Is your Splunk on-prem, private cloud, or Splunk Cloud?  How do you want the data stored in S3 (searchable by Splunk or something else)?

What examples have you tried so far?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

shrogers
Loves-to-Learn Everything
‎01-20-2021 01:57 PM

Thank you your quick response. Smartstore would require a whole new setup and we are not able to go down that route.

It's an on-prem cluster environment. We just want to archive index data to S3 after 90 days. If we need to get it searchable, we'll get it done manually.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-21-2021 05:21 AM

Write a coldToFrozenScript.  This script is invoked by Splunk when a bucket is due to be archived.  See 'coldToFrozenScript ' in the Admin manual (https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Indexesconf#indexes.conf.spec)

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...