Splunk® App for AWS (Legacy)

User Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Recommendations reference for the Splunk App for AWS

The Splunk App for AWS presents selected recommendations to you about your AWS environment on the Topology dashboard.

If any recommendations are available for you to review, the recommendations icon in the top right corner of your Topology dashboard displays a number in a small orange circle.

Recommendation-icon-example.png

Click the icon to open your recommendations list and review each one.

Prerequisites

Python for Scientific Computing

The app's ability to evaluate your environment and provide recommendations depends on the Python for Scientific Computing app, available on Splunkbase. Install the version appropriate for your environment on all Splunk search heads running the Splunk App for AWS, or contact a Splunk software admin to perform this installation for you.

CLI tools

To use the commands provided by the app to take action on the recommendations, you need the CLI tools. See http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-get-set-up.html for more information. You can also use the AWS Management Console to perform these actions in the UI instead of using the commands.

IAM permissions

To perform the suggested actions on your AWS EC2 resources, use an account with the following permissions. 

 ec2:StartInstances
 ec2:StopInstances
 ec2:ModifyInstanceAttribute
 ec2:DeleteSecurityGroup

Recommendations

Delete security groups

The Splunk App for AWS polls your security groups to check if any are not assigned to any EC2 instances. Unused security groups can be deleted to make it easier to organize and manage your environment. For more information about deleting a security group using the CLI or in the AWS management console, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#deleting-security-group.

Upgrade or downgrade instances

The Splunk App for AWS evaluates your instance usage to determine if any instances are either over- or under-utilized. The app will identify the instances that should be resized to a larger instance type to avoid performance problems or downtime. The app will also identify instances that are underutilized so that you can save cost by resizing those to smaller instance types.

For more information about modifying an instance type using the AWS Management Console, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html. For more information about the modify-instance-attribute CLI command, see http://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html.

Last modified on 12 May, 2016
Topology dashboard reference for the Splunk App for AWS  

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.0, 4.2.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters