Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Moving Splunk data to S3 bucket in a Cluster environment

shrogers
Loves-to-Learn Everything
‎01-20-2021 11:53 AM

Hi Everyone,

I'm looking for a working package that can move data from the Splunk cluster environment to the S3 bucket for archiving. All examples I'm getting does work.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-20-2021 12:12 PM

Well, there's SmartStore, which is built-in to Splunk.

Beyond that, we'll need more information.  Is your Splunk on-prem, private cloud, or Splunk Cloud?  How do you want the data stored in S3 (searchable by Splunk or something else)?

What examples have you tried so far?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

shrogers
Loves-to-Learn Everything
‎01-20-2021 01:57 PM

Thank you your quick response. Smartstore would require a whole new setup and we are not able to go down that route.

It's an on-prem cluster environment. We just want to archive index data to S3 after 90 days. If we need to get it searchable, we'll get it done manually.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-21-2021 05:21 AM

Write a coldToFrozenScript.  This script is invoked by Splunk when a bucket is due to be archived.  See 'coldToFrozenScript ' in the Admin manual (https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Indexesconf#indexes.conf.spec)

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...