Re: How to forward the data from AWS S3 to Splunk ...

akarivaratharaj · ‎11-21-2023

I have installed a free version of Splunk Enterprise 9.1 in my local system. I would need few logs files from my S3 bucket to be sent to Splunk.

I have setup up the Splunk Add-on for AWS. In the app, under configuration, created an account with access ID and secret access key. Then created an input by specifying the account name, bucket name and indexing details.

After creating the input, when I search my index and sourcetype, I could not find the logs from S3. I have waited for more than half an hour, then tried again but no luck.

As this is the first time I am trying the setup with AWS add-on, I am not sure whether the issue is happening. Could anyone please help me on this?

akarivaratharaj · ‎11-22-2023

I am curious to know about a couple of things related to fetching S3 logs.

Is there any limitation in the number of inputs which we create in the AWS add-on?
Is there any limitation on indexes on which we log the S3 data?

akarivaratharaj · ‎11-22-2023

Yes, there was some error with endpoint. I have checked the error via below query

index=_internal sourcetype=aws:s3:log ERROR

thahir · ‎11-22-2023

Please check the aws s3 logs in the splunk end it may be due to permission issue from aws end. Once you go through the logs you will get clear visibility. the logs will be under /opt/splunk/var/log/splunk and serach for aws.

How to forward the data from AWS S3 to Splunk Enterprise?

configuration

using Splunk Enterprise

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation