The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Announcing the Object Storage Plugin for Splunk

I'm excited to announce the release of the Oracle Cloud Infrastructure Object Storage plugin for Splunk. This plugin lets you ingest logs and other data directly from Object Storage. You can install the plugin directly from Splunk Enterprise or download it from Splunkbase.

This post provides instructions for installing and configuring this plugin.

Install the Plugin from Splunk Enterprise

  1. From the Apps menu at the top of the page, select Manage Apps.
  2. Click Browse more apps.
  3. Search for OCI.
  4. Click Install.
  5. Enter your Splunk.com login credentials, accept the terms, and click Login and Install.

Install the Plugin from Splunkbase

  1. Download the plugin from Splunkbase.
  2. From the Splunk Web home screen, click the gear icon next to Apps.
  3. Click Install app from file.
  4. Locate the downloaded file and click Upload.
  5. If Splunk Enterprise prompts you to restart, do so.
  6. Verify that the plugin appears in the list of apps and add-ons by clicking Apps > Manage Apps. You can also find it on the server at $SPLUNK_HOME/etc/apps/oci_objectstorage.

Configure the Plugin

  1. From the Settings menu, select Data inputs.
  2. Click OCI Object Storage.
  3. Click New.
  4. Enter the configuration details:
    • Resource name: An S3-compliant path to the Object Storage objects, without the leading s3://. For example, for s3://bucket/file.txt, specify bucket/file.txt. You can also monitor a whole bucket (for example, by specifying 'bucket') or files within a subdirectory of a bucket (for example, 'bucket/some/directory/'; note the trailing slash).
    • Your access key ID
    • Secret key
    • Endpoint: For example, mynamespace.compat.objectstorage.us-phoenix-1.oraclecloud.com
    • Region: For example, us-phoenix-1
    • Source type: Tell Splunk what kind of data this is so you can group it with other data of the same type when you search. Splunk does this automatically, but you can specify what you want if Splunk gets it wrong. When this is set to automatic, Splunk classifies and assigns the source type automatically, and gives unknown source types placeholder names.
  5. Click Next.

The configuration is complete!


Oracle Cloud Infrastructure and Splunk are excited about the future possibilities that our Technology Alliance Partner (TAP) partnership enables. Learn more about the Splunk TAP Program, and check back for future integration scenarios.

For assistance with the configuration and installation of Splunk add-ons and apps, see the Splunk Docs or contact Splunk Support.

Join the discussion

Comments ( 1 )
  • Elbagir Abdulmagid Wednesday, November 13, 2019
    for splunk cluster deployment, do I need to install this plugins in splunk indexers only? or I need to install it on all splunk servers (searchheads)

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha