Overview
Splunk, Splunk>, Turn Data Into Doing, and Data-to-Everything are trademarks or registered trademarks of Splunk Inc. in the United States and other countries.
S3SPL Add-On for Splunk enables your data stored in S3 for immediate insight using custom Splunk commands. The source of the data does not matter, as long as it is stored in S3 and can be queried using S3 Select. This includes JSON, CSV, Parquet and even files written by Splunk Ingest Actions.
S3SPL provides the following functionality to Splunk users:
- Query S3 using S3Select in an ad-hoc fashion using
WHEREstatements - Save queries and share them with other users
- Configure queries to manage timestamps based on defined field names automatically
- Configure queries with replacements to adapt queries to the current requirement on the fly
- Create queries and preview results using an interactive workbench
In addition, S3SPL provides an admin section that allows the management of multiple buckets and saved queries. Finally, a comprehensive access control system based on Splunk capabilities and roles allows for granular access control from Splunk to buckets and prefixes within them.
S3 Support
S3SPL supports any S3 implementation that provides the S3 Select API. This includes AWS S3, MinIO, Ceph, and many more. The following S3 implementations are tested and supported:
| S3 Implementation | Supported | Notes |
|---|---|---|
| AWS S3 | ✔️ | |
| MinIO | ✔️ |
You need the following information from your AWS / S3 Administrator for S3SPL to connect successfully:
| Information | Description | Example |
|---|---|---|
| Bucket Name | Name of the bucket in S3 | s3bucket |
| Endpoint URL | API Endpoint for S3 | https://s3.eu-central-2.amazonaws.com |
| Prefix | Prefix to be used for queries | logs/ |
| Access Key | Access key for the access to S3 Select | |
| Secret Key | Secret key for the access to S3 Select | |
| Timezone | Timezone in which time based prefixes are generated | Europe/Zurich |
Licensing
S3SPL is delivered with a Free License.
Some features require an additional license. Please contact trials (at) datapunctum.com for a trial license. For a quote, please contact sales (at) datapunctum.com
Support
S3SPL comes with Community Support. Various Channels are available for Community Support
- Splunk Answers
- Splunk Community Slack
Please contact sales (at) datapunctum.com for commercial support