Import specific data from S3

rayar · ‎07-05-2020

Hi

I am trying to import a specific account data from AWS S3

we have configured SQS to import the full data from the same S3 and it works properly

I have defined the inputs as below

the account path in AWS is Amazon S3/amdocsinfosectrail/AWSLogs/o-kgohve3tjc/001519100451

what I am missing ?

the logs are not created with the key_name

once I remove the filter I see that the /opt/splunk/var/lib/splunk/modinputs/aws_s3/amdocsinfosectrail_001519100451.index.v3.ckpt is getting the list of files

what I am missing ?

[aws_s3://amdocsinfosectrail_001519100451]
aws_account = IS account
bucket_name = amdocsinfosectrail
character_set = auto
ct_blacklist = ^$
host_name = s3.amazonaws.com
index = test
initial_scan_datetime = -180d
interval = 30
is_secure = True
max_items = 100000
max_retries = 3
recursion_depth = -1
sourcetype = aws:s3
disabled = 0
key_name = AWSLogs/o-kgohve3tjc/001519100451/*

_joe · ‎08-18-2021

Did you every get a solution to this?

Import specific data from S3

configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation

Import specific data from S3

configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!