Reporting

Is there an app or some other way to export Splunk search results directly into Amazon S3?

balasubram
New Member

I have a requirement where I need to export the search results directly into Amazon S3. Is there any app present that can satisfy my needs. I found an existing app (https://apps.splunk.com/app/1137/) that can load data from S3. My requirement is the opposite (export data from splunk into S3)

Tags (3)
0 Karma

nkwong_splunk
Splunk Employee
Splunk Employee

At the moment, there isn't an app that performs this export from Splunk Enterprise to Amazon S3. But the easiest way to accomplish this task would be to script the process using both the Splunk and AWS CLI tools. The Splunk CLI will be able to provide you the ability to export your search results to a local file and then you can use the AWS CLI commands to send the data to your designated S3 bucket.

Here is the documentation on how to use the Splunk CLI command to export search results:
http://docs.splunk.com/Documentation/Splunk/6.2.4/Search/Exportsearchresults#Export_data_using_the_C...

Also, here is the AWS CLI documentation and reference commands:
http://aws.amazon.com/cli/

dsmith1988
Engager

Has this information changed? I am also wanting to send data from Splunk to S3. I have read about using Firehose, but that looks to be for streaming data

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...