Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunkcloud - Specify a different sourcetype for Generic S3 input ?

robot2051
New Member
‎11-13-2018 04:43 PM

Hello,

We have iis log being stored in a S3 bucket in CSV format. My understanding is sourcetype for CSV will help parsing these events and indexing them as they come in. I would like to use our aws-add-on which includes a generic s3 input to pick up these logs and parse it with either my custom sourcetype or iis sourcetype...

First of all, Is this possible?

I have tried to create this via Splunk add-on for aws -> Input -> Create New Input -> Custom Data Type -> Generic S3 . the sourcetype drop down only has aws specific sourcetype, I could type any sourcetype name and add the input, however when i searched for these events, the events are not parsed and displayed as raw only.

I have also tried using IIS Add-on which come with a sourcetype for iis logs but that didnt work.

Please let me know if you have done it before and got it to work.

Kind regards,
Sam

Tags (1)
0 Karma
Reply

robot2051
New Member
‎11-13-2018 06:27 PM

Note: Because we are using splunkcloud , unfortunately we can't edit the actual config files as it is not managed by us 😞 Please let me know if there is a documentation or if you know how to achieve this in the UI, that would be great.

Cheers

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...