Availability: Must be on Splunk Cloud Platform version 10.1.2507.x to view the free trial banner. If you are not currently on this version, you can still request a free trial here.
Watch our Demo to Get Started Today
For a step-by-step walkthrough of onboarding watch the demos for Splunk-managed Glue Table or Customer-managed Glue Table
For Use Case specific walkthrough watch the demos for Federated Search for Amazon S3 Use Cases
What is Federated Search for Amazon S3?
Federated Search for Amazon S3 allows you to directly search the data in your S3 buckets from the Splunk® Cloud Platform, supporting both ad-hoc based security investigations, reporting and alerting through scheduled searches – without the cost and complexity of ingesting the data.
Most Common Use Cases
- Security Forensics
- Data Enrichment Through Correlation
- Threat Reporting, dashboards and Alerting
- Data Exploration & Statistical Analysis
- Compliance Trial and Audit
Learn more about the use cases by following this Lantern Article.
Key Requirements and Supported Formats
To use Federated Search for Amazon S3, you’ll need:
- A Splunk Cloud on AWS stack with FS-S3 service activated (enabled for customers in free-trial program)
- Splunk-managed or Customer-managed Glue tables that describe the S3 datasets (Splunk auto-creates glue tables for CloudTrail and VPC flow logs)
- Customer-owned Amazon S3 buckets with supported file types: JSON, CSV, Parquet, ORC, Avro or XML
Get Started with Your Free Trial
You can now start using Federated Search for Amazon S3 at no additional cost using this Limited free trial program. This gives you the ability to scan and search a set amount of Amazon S3 data without committing to a full license.
How to Get Started with Your Free Trial
- Log in to your AWS-hosted Splunk Cloud Platform.
- From the Navigation Menu, go to Settings > Federation .
- Click the ‘Start Free Trial Now’ on the top right-hand side of the UI banner
- Click on ‘Amazon S3 (Free Trial)’ option shown in the ‘Add Federated Provider’ page
- Connect your Amazon S3 buckets and create a federated index by following the steps shown in the self-paced demo:
(i) Splunk-managed Glue table onboarding demo or
(ii) Customer-managed Glue table (.For CloudTrail and VPC Flow Logs, Splunk manages the Glue tables for you.) - Start searching against Amazon S3 data using the sdselect command syntax (no ingestion required).
Explore the best practices for implementing FS-S3 on Lantern.
You will not be charged at the end of your limited free trial period. If you choose not to purchase FS-S3, your service will be deprovisioned and there will be no changes or charges to your account.
Need more info? Check out the Federated Search for Amazon S3 Documentation or talk to your Splunk account team to see it in action and request a free trial here
