Splunk Search

Data Input not working for s3 plugin -- perhaps inputs.conf.spec is wrong?

boris
Path Finder

File /opt/splunk/etc/apps/s3/README/inputs.conf.spec:

[s3://umi-mf-cdnlogs]

key_id = AKIA

secret_key = EOW5NUqjoJalt text

~

~

Tags (1)

khourihan_splun
Splunk Employee
Splunk Employee

does that bucket have a contain called tiles-cdn?

I've got an input for cloudfront:

[s3://freesoft001]
key_id = AKIA
# This is Amazon key ID.
secret_key = riuvl
# This is the secret key.
sourcetype=freesoft_cloudfront

which captures my S3 logs no problem. freesoft001 has a container called cloud-front, and Splunk successfully traverses down into it, but it doesn't show up on my inputs screen.

alt text

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...