Import specific data from S3

rayar · ‎07-05-2020

Hi

I am trying to import a specific account data from AWS S3

we have configured SQS to import the full data from the same S3 and it works properly

I have defined the inputs as below

the account path in AWS is Amazon S3/amdocsinfosectrail/AWSLogs/o-kgohve3tjc/001519100451

what I am missing ?

the logs are not created with the key_name

once I remove the filter I see that the /opt/splunk/var/lib/splunk/modinputs/aws_s3/amdocsinfosectrail_001519100451.index.v3.ckpt is getting the list of files

what I am missing ?

[aws_s3://amdocsinfosectrail_001519100451]
aws_account = IS account
bucket_name = amdocsinfosectrail
character_set = auto
ct_blacklist = ^$
host_name = s3.amazonaws.com
index = test
initial_scan_datetime = -180d
interval = 30
is_secure = True
max_items = 100000
max_retries = 3
recursion_depth = -1
sourcetype = aws:s3
disabled = 0
key_name = AWSLogs/o-kgohve3tjc/001519100451/*

_joe · ‎08-18-2021

Did you every get a solution to this?

Import specific data from S3

configuration

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?