Splunk Enterprise

Import specific data from S3

rayar
Contributor

Hi

I am trying to import a specific account data from AWS S3 

we have configured SQS to import the full data from the same S3  and it works properly 

I have defined the inputs as below  

the account path in AWS is Amazon S3/amdocsinfosectrail/AWSLogs/o-kgohve3tjc/001519100451

what I am missing  ? 

the logs are not created with the key_name 

once I remove the filter I see that the /opt/splunk/var/lib/splunk/modinputs/aws_s3/amdocsinfosectrail_001519100451.index.v3.ckpt is getting the list of files 

what I am missing  ? 

[aws_s3://amdocsinfosectrail_001519100451]
aws_account = IS account
bucket_name = amdocsinfosectrail
character_set = auto
ct_blacklist = ^$
host_name = s3.amazonaws.com
index = test
initial_scan_datetime = -180d
interval = 30
is_secure = True
max_items = 100000
max_retries = 3
recursion_depth = -1
sourcetype = aws:s3
disabled = 0
key_name = AWSLogs/o-kgohve3tjc/001519100451/*

Labels (1)
Tags (2)
0 Karma

_joe
Contributor

Did you every get a solution to this?

0 Karma
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...