Skip to main content
Sumo Logic

Forwarding Data from Sumo Logic to S3

After granting access to the S3 bucket, you can configure data forwarding. After data forwarding is configured, you should start to see file objects posted within your configured bucket. The log messages are accumulated and returned after being ingested by Sumo Logic. See File Format for Data Forwarding to an Amazon S3 Bucket for information on the file format of the posted objects.


  • Administrator role on the partition where you want to set up forwarding
  • AWS Key ID
  • Dedicated Sumo partition to push to S3

To configure Data Forwarding to S3:

  1. Make sure to have your AWS key ID and secret key set up to allow Sumo Logic to write to the S3 bucket.
  2. In Sumo Logic, choose Manage Data > Settings > Data Forwarding.
  3. Click + to add a new destination.
  4. Select Amazon S3 for Destination Type.
  5. Configure the following:
    • Destination Name. Enter a name to identify the destination.
    • Bucket Name. Enter the exact name of the S3 bucket. The description is optional.
    • Access Key ID. Enter the access key ID generated for Sumo Logic.
    • Secret Access Key. Enter the secret access key generated for Sumo Logic.
    • S3 Region. Select the S3 region or keep the default value of Others. The S3 region must match appropriate S3 bucket created in your Amazon account. For example, if the bucket is in Seoul, Seoul must be selected in here.
    • Enable S3 server-side encryption. Select the check box if you want the forwarded data to be encrypted.
    • Active. Select this check box to enable Data Forwarding for the entire S3 bucket. To start Data Forwarding you will also need to enable forwarding for the desired indexes, as described below in this topic.
  6. Click Save.

If Sumo Logic is able to verify the S3 credentials, the destination will be added to the list of destinations, and you can start data forwarding for specific partitions or scheduled views, as described in the following section in this topic. See Error and alert conditions in this topic for examples of errors that can occur.


Start data forwarding to S3 

  1. In Sumo Logic, go to Manage Data > Settings > Partitions.
  2. Click the three-dot icon to the right of the index for which you want to enable data forwarding and select Edit Data Forwarding.
    You can also enable data forwarding when you first create a partition or scheduled view by selecting the Enable Data Forwarding check box.
  3. Select the forwarding destination. 
    You can choose a previously configured destination, or click New Amazon S3 Destination to set up a new one. If you select the new option, you’ll see all of the settings to add a new Data Forwarding destination. See the previous procedure in this topic for instructions on configuring the settings.
    Edit DataForwarding.png
  4. For File Format, you can enter a path name or other file format and include any of the following variables, as in the previous screenshot: 

    {day} Replace with the day of the year in the yyyy-MM-dd format
    {hour} Replace with hour in day (0-23)
    {minute} Replace with minute in hour
    {second} Replace with second in hour
    {uuid} Replace with a unique, randomly generated identifier (UUID)

    If you leave this field blank, the default format {index}_{day}_{hour}_{minute}_{second} is used.

  5. Click Save to save your changes and start forwarding data. 

Error and alert conditions

An error or alert condition can occur with S3 data forwarding destination for the following reasons:

  • If Sumo Logic is not able to verify the S3 credentials when the destination is saved, an error message indicates that the credentials were rejected by Amazon. If this occurs, verify Access Key ID, Secret Access Key and the bucket configuration, re-select the Active check box, and save again.
  • Errors and alerts that are generated after the destination has been successfully saved and started are shown on the partitions page. 
    Partitions data forwarding 
  • Hover over the icon to display the message​.
    Data fowarding error 
  • In this example, Sumo Logic has disabled data forwarding due to errors in connecting to the S3 bucket. This occurs if the Amazon account or credentials change so that Sumo Logic is no longer able to authenticate to the bucket.  

Data Forwarding Destination Actions

The following actions are available on the Manage Data > Settings > Data Forwarding page. Hover over a destination in the table and select any of the following:

  • Click the Information icon to displays the Data Forwarding definition JSON.
  • Click the Edit icon to make changes to the configuration.
  • Click the Delete icon to delete the destination.  If the destination is currently active, you must inactivate it before it can be deleted. See Inactivate Data Forwarding in this topic.

Activate or Inactivate Data Forwarding

If you’d like to start or stop forwarding data, you can activate or inactivate the S3 bucket. 

  1. In Sumo Logic, go to Manage Data > Settings > Data Forwarding.
  2. Hover over the destination and click the Edit icon.
  3. Select or deselect the Active checkbox.
  4. Click Save.