Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Sending data to AWS S3 from Splunk in Splunk Enterprise

faisalshani001
Loves-to-Learn
‎02-15-2021 11:22 PM

Hi Members, So I am quite new to splunk and I need to send the splunk search results to AWS S3 bucket. I have tried some apps from splunkbase but they are not working. (APP NO 5273 & Event Push by Deductiv).

Can someone guide me here what approach I should follow to make such a pipeline? 
(Since we are working on just of POC we cant use the Splunk DSP, I am looking for an open source or free approach with minimal cost) .

Thanks 🙂

Labels (1)
Labels
0 Karma
Reply

alonsocaio
Contributor
‎02-16-2021 04:54 AM

Hi @faisalshani001,

One approach you can try is to export your data using Splunk REST API. Since you need to export the search results, I guess this works for you: Exporting Large Results Sets to CSV | Splunk , and you can export on CSV, JSON or RAW format. Also, I think that using the API is pretty simple, since you can use python requests or event curl to create and export your search.

After saving the results into a file, you can upload it to the S3 bucket.

0 Karma
Reply

faisalshani001
Loves-to-Learn
‎02-16-2021 05:39 AM

Thanks for replying @alonsocaio . But I need to create an automated pipeline which should send data to AWS S3 automatically. Means when one writes the SPL query on splunk searc & reporting bar the result should be exported to an csv file and send to AWS S3. Any idea how to create this pipeline?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...