×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
AKomorowski
Splunk Employee
Member since: ‎01-15-2024
a month ago
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎01-15-2024
Topics I've Started
No posts to display.
View All

Re: Ask Questions, Get Help about Data Manager for...

by Splunk Employee in Getting Data In
a month ago
a month ago
Great question! Let me clarify how tag enrichment works when ingesting AWS logs via Splunk's Data Manager: 1. CloudWatch Log Group Tags: When you ingest logs via Data Manager from CloudWatch Log Groups, the AWS resource tags (attached directly to the log group) are not automatically appended to your log events in Splunk. Currently, Data Manager doesn't provide built-in functionality to automatically propagate AWS resource tags into the log events. Potential solution: If you need custom tags (env=, service=, custom=) in your log events ingested from CloudWatch, you'll need to enrich the logs within Splunk after ingestion. This could work: Implement tags within the logs themselves directly at the application logging layer (Lambda function code or ECS task logging output).  For Lambda logs, AWS CloudWatch does not automatically propagate resource tags directly into log events ingested by Data Manager. Similar to ECS, you'll need either: To add these tags within your Lambda function's logging statements explicitly. enrich them post-ingestion in Splunk using lookups or calculated fields   ... View more

Re: Ask Questions, Get Help about Data Manager for...

by Splunk Employee in Getting Data In
‎09-02-2024 09:25 AM
‎09-02-2024 09:25 AM
Hi, thanks for posting! This is definitely the plan, as we want to achieve widely understood parity between DM and AWS TA. This year, we plan to go live with AWS Org support. Next will be availability on CMP and custom source types for S3. After that, we'll take on more items to create full parity. ... View more

Re: Ask Questions, Get Help about Data Manager for...

by Splunk Employee in Getting Data In
‎02-15-2024 04:21 AM
1 Karma
‎02-15-2024 04:21 AM
1 Karma
Hi @New_splunkie, It's great to see your interest in Data Manager! You're absolutely correct – Data Manager is a native app to the Splunk Cloud Platform, which means there's no separate installation required. However, there are a few requirements that your deployment must meet in order to have it on your Splunk Cloud Platform.  You can use Data Manager if your Splunk Cloud Platform deployment meets the following requirements: Runs Splunk Cloud Platform versions 8.2.2104.1 and higher on the Victoria experience. Is provisioned in a region that supports Data Manager. See Available regions and region differences in the Splunk Cloud Platform Service Description. Please let me know if that helps! Antoni  ... View more
Contact Me
Online Status
Offline
Date Last Visited
a month ago
Karma from
View All