Operations | Monitoring | ITSM | DevOps | Cloud

This walk-through shows how Splunk Cloud can search AWS S3 data through an Apache Iceberg REST catalog backed by Nessie. Learn how Iceberg table metadata, S3 storage, and Splunk Federated Search work together so analysts can query historical security data where it lives without reingesting it into Splunk.

Government payment fraud is a fast-growing risk for public sector organisations in Australia and globally. From welfare and healthcare payments to business grants and disaster relief, increasingly sophisticated organised criminal networks and other actors exploit complex, high-volume government programs to unlawfully access public funds. The impact is significant—billions lost, program integrity undermined, and essential resources diverted.

This walk-through shows how Splunk's crawler, available through the Data Management app, can discover schema and partition keys for S3 backed datasets and create Splunk managed catalog tables. Once the data is mapped, analysts can search AWS S3 data through Splunk and bring it into broader security, observability, and operational workflows.

Are storage costs and data silos slowing down your investigations? In this video, we dive into the Unified Dataset Experience to show you how to search data where it lives. Learn how to use the Splunk Ingest Processor to route high volume logs directly to AWS S3 while maintaining instant visibility via Federated Search. No more re-hydrating data, just fast cost-effective insights.