Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunkcloud - Specify a different sourcetype for Generic S3 input ?

robot2051
New Member
‎11-13-2018 04:43 PM

Hello,

We have iis log being stored in a S3 bucket in CSV format. My understanding is sourcetype for CSV will help parsing these events and indexing them as they come in. I would like to use our aws-add-on which includes a generic s3 input to pick up these logs and parse it with either my custom sourcetype or iis sourcetype...

First of all, Is this possible?

I have tried to create this via Splunk add-on for aws -> Input -> Create New Input -> Custom Data Type -> Generic S3 . the sourcetype drop down only has aws specific sourcetype, I could type any sourcetype name and add the input, however when i searched for these events, the events are not parsed and displayed as raw only.

I have also tried using IIS Add-on which come with a sourcetype for iis logs but that didnt work.

Please let me know if you have done it before and got it to work.

Kind regards,
Sam

Tags (1)
0 Karma
Reply

robot2051
New Member
‎11-13-2018 06:27 PM

Note: Because we are using splunkcloud , unfortunately we can't edit the actual config files as it is not managed by us 😞 Please let me know if there is a documentation or if you know how to achieve this in the UI, that would be great.

Cheers

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...