Skip to main content
Panther Knowledge Base

Can I create multiple Panther log sources from one S3 bucket?

  1. Last updated
  2. Save as PDF

QUESTION

Is it possible to split an S3 bucket into multiple Log Sources? We currently have multiple types of data in one S3 bucket; we filter them using prefixes. For example, pf1/ is a common prefix for all data belonging to one group, and pf2/ is a prefix for another. 

ANSWER

Yes!

You can onboard multiple log sources out of the same bucket. To ensure the two log sources aren’t picking up the same data, you’ll want to set up mutually exclusive S3 prefixes. In an S3 bucket with folders pf1/ and pf2/ inside. The log source with pf2/ listed in its S3 prefix will only ingest logs in that folder or deeper down that path in the bucket through that log source.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.