Begin defining an Amazon Security Lake federated provider
To set up Federated Analytics for Data Lakes on your Splunk Cloud Platform deployment, you must define an Amazon Security Lake federated provider for that deployment. An Amazon Security Lake federated provider definition gives you the means to do the following things:
- Ingest recent Amazon Security Lake datasets into data lake indexes on your Splunk Cloud Platform deployment, so you can search that data locally.
- Use federated indexes to run federated searches over long-standing remote Amazon Security Lake datasets.
A following step of the Amazon Security Lake federated provider setup process triggers an indexer restart. Because you must create the Amazon Security Lake federated provider and its indexes in one go, the best practice is to schedule Amazon Security Lake federated provider setup outside of peak business hours, when system load is relatively low.
Prerequisites
- You must have a role on your Splunk Cloud Platform deployment with the admin_all_objects capability. See Define roles on the Splunk platform with capabilities in Securing Splunk Cloud Platform.
- You must turn on token authentication for your Splunk Cloud Platform deployment. See Enable or disable token authentication in Securing Splunk Cloud Platform.
Steps
- On your Splunk Cloud Platform deployment, in Splunk Web, select Settings, then Federated search.
- On the Federated Providers tab of the Federated search page, select Add federated provider.
- Select the Amazon Security Lake federated provider type and select Next.
- On Provider basics, the first step of the Add a new federated provider workflow, enter a unique Provider name. The provider name can contain only alphanumeric characters, underscores, and hyphens.
- Select Continue to move on to the Create subscribers step of the Add a new federated provider workflow.
See Create the Amazon Security Lake subscriber for data ingestion.
About Federated Analytics | Create the Amazon Security Lake subscriber for data ingestion |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.3.2408
Feedback submitted, thanks!