Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

splunk cloud - SQS consumer

iherb_0718
Path Finder
‎01-13-2021 09:41 PM

Hello,

Is it possible to setup a SQS consumer on Splunk Cloud?
I have a vendor that drops logs onto an S3 bucket that is assigned to me but it is under their control.
They have also setup an SQS queue and disclosed to me the credentials.

How would you suggest that I can pull this into splunk cloud?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎01-13-2021 11:27 PM

Hi @iherb_0718,

You can use the Splunk Add-on for Amazon Web Services app to ingest logs from SQS queue.

https://splunkbase.splunk.com/app/1876/ 

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

iherb_0718
Path Finder
‎01-14-2021 10:26 PM

Scelikok would that still work if the S3 bucket is on the vendor's AWS tenant (account)? 

I was under the impression that the app would need to be configured for a particular account and then you can setup inputs for SQS queues from that account.  I believe my company has that app today configured for our own account already.

 

0 Karma
Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎01-15-2021 01:26 AM

Since add-on support multiple accounts and inputs, I don't think it will be a problem.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎01-13-2021 11:27 PM

Hi @iherb_0718,

You can use the Splunk Add-on for Amazon Web Services app to ingest logs from SQS queue.

https://splunkbase.splunk.com/app/1876/ 

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution

iherb_0718
Path Finder
‎01-24-2021 09:50 PM

I've been having some problems with getting this to work through the AWS app.

However, I believe now have a viable solution.  The vendor has a python script that will set up the SQS consumer.  I'll edit this .py script and fill in the AWS credential and S3 information.

I intend to load this Python script on an ubuntu 18.04 OS that is running the universal forwarder.  The logs will come into this host. 

Will I be able to direct Universal forwarder to look into a particular directory to collect the logs? Will it be the inputs.conf file to make the change?

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...