Splunk® App for AWS (Legacy)

Release Notes

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

New features in the Splunk App for AWS

The Splunk App for AWS version 5.0.x has the following new and changed features.

System

  • Added support for Splunk Light version 6.5.1 and later.
  • New aws_admin role intended for administrators who will only manage resources in the Splunk App for AWS. The role inherits from the power role, and has the following specific fine-grained capabilities: aws_admin_capability, edit_input_defaults, and list_storage_passwords (only available in Splunk Enterprise 6.5.0 and later). With this role, you can grant non-admin users permissions to configure the Splunk App for AWS.

Inputs

  • New CloudWatch Logs input for collecting data from the CloudWatch Logs service, including VPC flow logs.
  • New Kinesis input for collecting data from Kinesis streams.

Dashboards

  • A set of Insights dashboards under the new Insights menu that display detected problems and anomalies in your AWS environment, and provide best practice recommendations to help you optimize AWS resources. See Insights dashboards.
  • New AWS resource Timeline dashboard to compare and correlate data across AWS CloudTrail, CloudWatch, Config Rules and Inspector events.
  • Improved cost-management capabilities including interactive capacity and the new Budget Planner dashboard under the Billing menu.
  • Enhanced security dashboards to view AWS audit activity, unauthorized users, AWS instance changes and more. Dashboards under the Traffic & Access menu and the Audit menu in the previous release are now organized under the Security menu.
  • Configure anomaly detection rules for detecting anomalies in AWS account access activity and billing records in the Security Anomaly Insights dashboard and Billing Anomaly Insights dashboard respectively.
  • New Insights (best practice recommendations) are available for EIP, ELB, and RI, and all insights are now accessible to the Splunk power user role.
  • New Insights Overview dashboard under the Overviews menu that provides a summarized overview of detected problems and anomalies with regard to AWS resources usage, account access activity, and estimated billing.
  • Two new dashboards under the Usage menu, Reserved Instance Planner and Reserved instance Inventory, that help you better plan your reserved instances. When planning reserved instances, you can choose to apply regional benefit to broaden the application of your RI discounts.
  • Enhancements to the Topology dashboard, providing an interactive graphical representation of your AWS deployment:
    • New Amazon Inspector & Config Rules layer in the IAM topology.
    • The Insights icon and panel that displays detected resource usage problems and recommends corrective actions to help you optimize your AWS environment.
  • Performance improvements in data collection, topology view, and dashboards.

Knowledge objects

  • The VPC Flow data model is removed in this release.
  • New saved searches to populate the new dashboards introduced in this release.
  • Summary indexing is used to accelerate reporting.

See also

For fixed issues, see Fixed issues for the Splunk App for AWS.

For known issues, see Known issues for the Splunk App for AWS.

To get started with the app, see the Installation and Configuration Manual.

Last modified on 25 June, 2018
  Fixed issues for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 5.0.0, 5.0.1, 5.0.2

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters