Splunk Cloud Platform
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Federated Search Archived Data in s3?

pdominicb
New Member
‎12-28-2023 09:22 AM

Is federated search able to search frozen buckets in s3? Or only raw logs?

Labels (1)
Labels
Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-28-2023 11:36 AM

Splunk is unable to search frozen buckets in any location.  Frozen buckets must be thawed before they can be searched.

As I understand it, FS-S3 is intended to allow searching of raw data resident in an S3 bucket.  It's not for searching "cooked" data.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...
Top