Announcing the General Availability of Promote in Splunk Cloud Platform

Platform Varun Gupta

Enterprises today are scaling data at an unprecedented rate, with massive volumes landing in data lakes for cost-efficient storage. Amazon S3 has emerged as one of the most widely adopted data lakes for this purpose. But when you need to revisit this historical data for a threat investigation, compliance, audit, or forensic reviews in Splunk, the process has traditionally been slow, complex, and costly.

Late 2023, we introduced Federated Search for S3, giving customers the ability to remotely search data in their S3 buckets without ingesting it into Splunk. Federated Search is ideal for quick, targeted queries across large archives. But when you need to run thousands of iterative searches or perform deep analysis across high volumes of data, you may want that data indexed in Splunk.

That’s why we’re excited to announce the General Availability of Promote in Splunk Cloud Platform. For this release, we are starting with Amazon S3, with plans to add support for more data lakes in the future.

S3 promote makes it simple to bring historical data from Amazon S3 into Splunk Cloud Platform on demand. With a wizard-driven UI and fine-grained control over S3 buckets and partitions, admins can easily ingest exactly the data their security and compliance teams need, when they need it. Whether it’s retrospective threat detection, a time-sensitive audit, or forensic analysis, promote delivers the flexibility and scale to meet your requirements without the overhead of custom workflows or one-off scripts.

Together, Federated Search and S3 promote form a cornerstone of Cisco’s Data Fabric Strategy giving you the freedom to choose the right approach based on your use case. Search data in place or promote it into Splunk index when deeper analysis and iterative investigation are required.

S3 Promote Key Capabilities

Getting Started

S3 Promote is available now in Splunk Data Manager. There is no extra SKU that customers need to purchase. S3 Promote consumes standard Splunk License.

For complete information, visit Splunk Docs.

Related Articles

Key Findings From a Recent Study on Data Management in the Modern Security Operations Center
Security
4 Minute Read

Key Findings From a Recent Study on Data Management in the Modern Security Operations Center

Learn about cloud storage preferences, data cost challenges, and best practices for optimizing your SOC's security posture and cost efficiency.
Delivering the Ultimate SOC Analyst Experience: Ending Fatigue with Splunk Enterprise Security
Security
5 Minute Read

Delivering the Ultimate SOC Analyst Experience: Ending Fatigue with Splunk Enterprise Security

End SOC analyst fatigue with Splunk Enterprise Security. Discover how unified TDIR, Agentic AI, and automation transform security operations, streamline investigations, and empower your team.
Strengthen Digital Resilience with Unified Security Operations
Security
4 Minute Read

Strengthen Digital Resilience with Unified Security Operations

Splunk Mission Control offers a unified, simplified, and modernized security operations experience which reduces complexity and reduces risk.