Splunk logs in RedShift

ashishsecdev · ‎04-08-2020

Hi All,

I am trying to use RedShift to store all my Splunk logs, it it possible?

richgalloway · ‎04-08-2020

I'm going to say "no", without any official source to back that up. However, Splunk is not a traditional "big data" product, doesn't store it's data in a standard format, and doesn't use SQL to query data. All of those things would seem to disqualify Redshift.

---
If this reply helps you, Karma would be appreciated.

ashishsecdev · ‎04-08-2020

@richgalloway Check this out, do you think it would be full fledged solution?

https://fivetran.com/directory/splunk/amazon-redshift

richgalloway · ‎04-09-2020

As I read it, Fivetran merely copies Splunk data into Redshift. I don't see where Splunk can use the Redshift data. Consider using the free trial to see how it works, but understand that Splunk probably will not support you.

---
If this reply helps you, Karma would be appreciated.

ashishsecdev · ‎04-09-2020

@richgalloway thanks for you response. Understood, I think we will rater go for some other solution and not RedShift.

ashishsecdev · ‎04-08-2020

Thanks, I was also thinking the same but wanted more clarity before I shoot up the email on this solution.

Splunk logs in RedShift

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023