Announcing the General Availability of Promote in Splunk Cloud Platform

Enterprises today are scaling data at an unprecedented rate, with massive volumes landing in data lakes for cost-efficient storage. Amazon S3 has emerged as one of the most widely adopted data lakes for this purpose. But when you need to revisit this historical data for a threat investigation, compliance, audit, or forensic reviews in Splunk, the process has traditionally been slow, complex, and costly.

Late 2023, we introduced Federated Search for S3, giving customers the ability to remotely search data in their S3 buckets without ingesting it into Splunk. Federated Search is ideal for quick, targeted queries across large archives. But when you need to run thousands of iterative searches or perform deep analysis across high volumes of data, you may want that data indexed in Splunk.

That’s why we’re excited to announce the General Availability of Promote in Splunk Cloud Platform. For this release, we are starting with Amazon S3, with plans to add support for more data lakes in the future.

S3 promote makes it simple to bring historical data from Amazon S3 into Splunk Cloud Platform on demand. With a wizard-driven UI and fine-grained control over S3 buckets and partitions, admins can easily ingest exactly the data their security and compliance teams need, when they need it. Whether it’s retrospective threat detection, a time-sensitive audit, or forensic analysis, promote delivers the flexibility and scale to meet your requirements without the overhead of custom workflows or one-off scripts.

Together, Federated Search and S3 promote form a cornerstone of Cisco’s Data Fabric Strategy giving you the freedom to choose the right approach based on your use case. Search data in place or promote it into Splunk index when deeper analysis and iterative investigation are required.

S3 Promote Key Capabilities

Getting Started

S3 Promote is available now in Splunk Data Manager. There is no extra SKU that customers need to purchase. S3 Promote consumes standard Splunk License.

For complete information, visit Splunk Docs.

/en_us/blog/fragments/the-rise-of-platform-engineering
style
two-column

Related Articles

Sharing is Not Caring: Hunting for Network Share Discovery
Security
9 Minute Read

Sharing is Not Caring: Hunting for Network Share Discovery

This post offers a practical guide to enhancing detection strategies against network share discovery, a technique often used by threat actors.
Visualising a Space of JA3 Signatures With Splunk
Security
2 Minute Read

Visualising a Space of JA3 Signatures With Splunk

One common misconception about machine learning methodologies is that they can completely remove the need for humans to understand the data they are working with. In reality, it can often place a greater burden on an analyst or engineer to ensure that their data meets the requirements, cleanliness and standardization assumed by the methodologies used. However, when the complexity of the data becomes significant, how is a human supposed to keep up? One methodology is to use ML to find ways to keep a human in the loop!
Hunting with SA-Investigator & Splunk Enterprise Security (SIEM)
Security
4 Minute Read

Hunting with SA-Investigator & Splunk Enterprise Security (SIEM)

Discover how Splunk Enterprise Security and the SA-Investigator add-on empower analysts to streamline threat hunting and incident response. Learn how to pivot across assets, identities, and processes for deep-dive investigations and actionable insights. Happy hunting!
/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/perspectives-promo