Splunk Cloud Platform

Federated Search

Begin defining an Amazon Security Lake federated provider

To set up Federated Analytics for Data Lakes on your Splunk Cloud Platform deployment, you must define an Amazon Security Lake federated provider for that deployment. An Amazon Security Lake federated provider definition gives you the means to do the following things:

  • Ingest recent Amazon Security Lake datasets into data lake indexes on your Splunk Cloud Platform deployment, so you can search that data locally.
  • Use federated indexes to run federated searches over long-standing remote Amazon Security Lake datasets.

A following step of the Amazon Security Lake federated provider setup process triggers an indexer restart. Because you must create the Amazon Security Lake federated provider and its indexes in one go, the best practice is to schedule Amazon Security Lake federated provider setup outside of peak business hours, when system load is relatively low.

Prerequisites

Steps

  1. On your Splunk Cloud Platform deployment, in Splunk Web, select Settings, then Federated search.
  2. On the Federated Providers tab of the Federated search page, select Add federated provider.
  3. Select the Amazon Security Lake federated provider type and select Next.
  4. On Provider basics, the first step of the Add a new federated provider workflow, enter a unique Provider name. The provider name can contain only alphanumeric characters, underscores, and hyphens.
  5. Select Continue to move on to the Create subscribers step of the Add a new federated provider workflow.
    See Create the Amazon Security Lake subscriber for data ingestion.
Last modified on 21 December, 2024
About Federated Analytics   Create the Amazon Security Lake subscriber for data ingestion

This documentation applies to the following versions of Splunk Cloud Platform: 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters