Monitor Amazon S3 Logs with Splunk?

Question

Monitor Amazon S3 Logs with Splunk?

We have a large, expanded network of users that we track using icons. Total traffic is about 60 million impressions per month. We are currently considering moving from a rather slow, database-based logging solution (customizable with PHP-messy ...) to a simple database based on Amazon S3 and Splunk logs.

After using Splunk for some other analysis tasks, I really like it. But it is unclear how to configure a source such as S3 with the system. It seems that remote sources require Universal Forwarder to be installed, and this is not an option.

Any ideas on this?

+5

amazon-s3 amazon-web-services access log splunk

Wandering digital May 03 '12 at 2:41 am

source share

3 answers

cjg · Answer 1 · 2014-03-08T21:46:31+0000

A very late answer, but I searched the same and found a Splunk application that does what you want, http://apps.splunk.com/app/1137/ . I haven't tried it though.

opv · Answer 2 · 2015-10-13T01:41:18+0000

I would suggest writing pre-processed j-son data to the documentdb database. For example, using azure queues or similar service bus messaging technologies that match your scenario in conjunction with azure documentdb. Therefore, I will support the database-based approach and modify it to be easy to scale the document-based database.

Tjcloudmin · Answer 3 · 2016-08-28T21:38:25+0000

I use http://www.insight4storage.com/ from the AWS Marketplace to track the total usage of AWS S3 resources by prefix, bucket, or storage class over time; plus it shows me the previous version store with a prefix and for each bucket. It has the option to save S3 data as splunk logs, which may work in your use case, in addition to its user interface and web service API.

Monitor Amazon S3 Logs with Splunk?

More articles: