Generic S3 Source

The Generic S3 source requires that you've done the following:

Created an s3 bucket that your logs streams to.
Provide RunReveal with access to a role
Set up an event notification from your s3 bucket receiving logs that notifies RunReveal.

Additionally, the Generic S3 source has the special requirement that you can:

Provide transformation annotations to transform the event you receive, into a RunReveal event using the gjson syntax.

Initial Setup

Consult the docs on setting up a role and how to provide RunReveal with access to that role on the S3 Sources page.

Ensure that your event notifications are being forwarded to this sns topic in your region.

arn:aws:sns:<REGION>:253602268883:runreveal_generic

Create a Generic S3 source in the dashboard, and provide RunReveal with your bucket-name, IAM role name, and IAM external ID.

Use this to remap columns from the logs table to different JSON properties in the rawLog. Existing values will be overwritten by what is selected.

Access child objects using a . character or for a complete list of supported syntax visit these docs (opens in a new tab).