Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Import specific data from S3

rayar
Communicator
‎07-05-2020 02:14 AM

Hi

I am trying to import a specific account data from AWS S3 

we have configured SQS to import the full data from the same S3  and it works properly 

I have defined the inputs as below  

the account path in AWS is Amazon S3/amdocsinfosectrail/AWSLogs/o-kgohve3tjc/001519100451

what I am missing  ? 

the logs are not created with the key_name 

once I remove the filter I see that the /opt/splunk/var/lib/splunk/modinputs/aws_s3/amdocsinfosectrail_001519100451.index.v3.ckpt is getting the list of files 

what I am missing  ? 

[aws_s3://amdocsinfosectrail_001519100451]
aws_account = IS account
bucket_name = amdocsinfosectrail
character_set = auto
ct_blacklist = ^$
host_name = s3.amazonaws.com
index = test
initial_scan_datetime = -180d
interval = 30
is_secure = True
max_items = 100000
max_retries = 3
recursion_depth = -1
sourcetype = aws:s3
disabled = 0
key_name = AWSLogs/o-kgohve3tjc/001519100451/*

Labels (1)
Labels
Tags (2)
0 Karma
Reply

_joe
Communicator
‎08-18-2021 09:57 AM

Did you every get a solution to this?

0 Karma
Reply
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Get Updates on the Splunk Community!