Splunk Enterprise

Import specific data from S3



I am trying to import a specific account data from AWS S3 

we have configured SQS to import the full data from the same S3  and it works properly 

I have defined the inputs as below  

the account path in AWS is Amazon S3/amdocsinfosectrail/AWSLogs/o-kgohve3tjc/001519100451

what I am missing  ? 

the logs are not created with the key_name 

once I remove the filter I see that the /opt/splunk/var/lib/splunk/modinputs/aws_s3/amdocsinfosectrail_001519100451.index.v3.ckpt is getting the list of files 

what I am missing  ? 

aws_account = IS account
bucket_name = amdocsinfosectrail
character_set = auto
ct_blacklist = ^$
host_name = s3.amazonaws.com
index = test
initial_scan_datetime = -180d
interval = 30
is_secure = True
max_items = 100000
max_retries = 3
recursion_depth = -1
sourcetype = aws:s3
disabled = 0
key_name = AWSLogs/o-kgohve3tjc/001519100451/*

Labels (1)
Tags (2)
0 Karma


Did you every get a solution to this?

0 Karma
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...