About the Federated Search for Amazon S3 dashboard

This dashboard shows what your total data scan entitlement is and how much of that entitlement is used to date by your Federated Search for Amazon S3 searches in your current license term.

The dashboard tracks the volume of data on disk that is being scanned, not the amount of events that are being searched. Scans of data stored in compressed formats such as Parquet or GZIP will likely take up less of your entitlement than scans of data stored in uncompressed formats.

Review the information to ensure that you're staying within your Federated Search for Amazon S3 entitlement.

Your organization must have Federated Search for Amazon S3 set up as part of its Splunk Cloud Platform deployment to see data in this dashboard.

Review the Federated Search for Amazon S3 dashboard

Go to Cloud Monitoring Console then License Usage then Federated Search for Amazon S3. The dashboard displays N/A if your organization does not have a Federated Search for Amazon S3 entitlement.

Interpret federated search for Amazon S3 data scan entitlement usage

The Percentage of data scan entitlement used panel is color-coded so you can quickly understand your usage. If your data scan entitlement usage is less than 80%, the panel data is green. If your usage is greater than 80%, the panel data is yellow. If your usage is greater than 90%, the panel data is red.

You can configure an alert action (for example, send an email) to be performed when your data scan entitlement usage exceeds 80%. Navigate to the CMC Alerts page to enable this alert: Alerts then Configured Alerts then CMC Alert - S3 scanned volume exceeds 80% of the entitlement value.

To learn more about CMC configured alerts, see Use the Alerts panel.

If your data scan entitlement usage is consistently high, consider upgrading entitlements by contacting your Splunk Sales representative.