Announcing the General Availability of Promote in Splunk Cloud Platform

Enterprises today are scaling data at an unprecedented rate, with massive volumes landing in data lakes for cost-efficient storage. Amazon S3 has emerged as one of the most widely adopted data lakes for this purpose. But when you need to revisit this historical data for a threat investigation, compliance, audit, or forensic reviews in Splunk, the process has traditionally been slow, complex, and costly.

Late 2023, we introduced Federated Search for S3, giving customers the ability to remotely search data in their S3 buckets without ingesting it into Splunk. Federated Search is ideal for quick, targeted queries across large archives. But when you need to run thousands of iterative searches or perform deep analysis across high volumes of data, you may want that data indexed in Splunk.

That’s why we’re excited to announce the General Availability of Promote in Splunk Cloud Platform. For this release, we are starting with Amazon S3, with plans to add support for more data lakes in the future.

S3 promote makes it simple to bring historical data from Amazon S3 into Splunk Cloud Platform on demand. With a wizard-driven UI and fine-grained control over S3 buckets and partitions, admins can easily ingest exactly the data their security and compliance teams need, when they need it. Whether it’s retrospective threat detection, a time-sensitive audit, or forensic analysis, promote delivers the flexibility and scale to meet your requirements without the overhead of custom workflows or one-off scripts.

Together, Federated Search and S3 promote form a cornerstone of Cisco’s Data Fabric Strategy giving you the freedom to choose the right approach based on your use case. Search data in place or promote it into Splunk index when deeper analysis and iterative investigation are required.

S3 Promote Key Capabilities

• Wizard-driven configuration: A guided experience in Data Manager that makes setup fast and intuitive
• Granular control: Select specific S3 buckets and partitions

• High scalability & reliability: Handle large volumes of data with minimal latency and highly available inputs

• Built-in monitoring: Track progress, monitor metrics, and view detailed error messages for troubleshooting

• Flexible data formats: Supports JSON, CSV, Parquet, and more.

Getting Started

S3 Promote is available now in Splunk Data Manager. There is no extra SKU that customers need to purchase. S3 Promote consumes standard Splunk License.

For complete information, visit Splunk Docs.