Overview of the dashboards in the Splunk App for AWS
The Splunk App for AWS offers a variety of dashboards to give you insight into your AWS data. As you navigate from one dashboard to another, the app retains your most recent filter selections for Account ID and region to facilitate easy browsing.
If you do not see data in a particular dashboard panel, check the source type of the panel for which data is missing. For example, if your Configuration Changes panel on the Overview dashboard shows zeroes, but you know changes have been made in your AWS environment, search sourcetype=aws:config:notification
to check that data is coming in to your Splunk platform from that source type. If you do not see events, troubleshoot that input with a Splunk administrator.
Overviews
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Overview | Gives a big picture overview of your AWS environment and status from different perspectives, including configuration changes, usage, security. If anything looks unusual, you can click a panel to drill down to a more detailed dashboard. | Configuration Changes | aws:config:notification
|
Notable CloudTrail Activity by Origin | aws:cloudtrail
| ||
Compute Instances | aws:description
| ||
Storage | aws:description , aws:cloudwatch
| ||
Billing | aws:cloudwatch , aws:billing
| ||
ELB | aws:description , aws:cloudwatch
| ||
CloudFront | aws:cloudfront:accesslogs
| ||
Usage Overview | Summarizes the usage of AWS services such as EC2 and EBS. | EC2 and EBS | aws:description
|
ELB | aws:description , aws:cloudwatch
| ||
Max CPU Utilization - Last 7 Days Top 5 | aws:cloudwatch , aws:description
| ||
Min CPU Utilization - Last 7 Days Top 5 | aws:cloudwatch , aws:description
| ||
Security Overview | Displays the number of error events from different services. Drill down to more detailed dashboards from this overview. | IAM Errors | aws:cloudtrail
|
VPC Errors | aws:cloudtrail
| ||
Security Group Errors | aws:cloudtrail
| ||
Key Pair Errors | aws:cloudtrail
| ||
Network ACL Errors | aws:cloudtrail
| ||
Unauthorized Activity | aws:cloudtrail
| ||
Authorized vs Unauthorized IAM Activity | aws:cloudtrail
| ||
Authorized vs Unauthorized Activity by User | aws:cloudtrail
| ||
Authorized vs Unauthorized Activity by Event Name | aws:cloudtrail
| ||
Insights Overview | Summarizes the numbers and trends of detected problems with resource usages as well as security and billing anomalies. Also lists detailed information of the last 100 anomalies detected if anomaly detection rules are defined in the Security Anomaly Insights and Billing Anomaly Insights dashboards. | Insights - Yesterday | aws:description , aws:cloudwatch
|
Anomaly - Yesterday | aws:description , aws:cloudwatch , aws:cloudtrail
| ||
Anomaly - Last 100 by 12 a.m. | aws:cloudwatch , aws:cloudtrail
|
Note: If you see a message indicating that the Notable CloudTrail Activity by Origin map cannot display, this is due to the fact that AWS does not provide a valid sourceIPAddress
for data in the AWS region at this time.
Topology
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Topology | Displays the topology of your AWS resources and how they relate to each other. See Topology dashboard reference for the Splunk App for AWS for more details. | Topology | aws:config
|
Relationships | aws:config
| ||
Usage | aws:cloudwatch
| ||
Activity | aws:cloudtrail
| ||
VPC Flow | aws:cloudwatchlogs:vpcflow
| ||
IAM | aws:config
| ||
Billing | aws:billing
| ||
Amazon Inspector and Config Rules | aws:inspector , aws:config:rule
|
Timeline
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Timeline | Chronologically display up to 200 historical events of specified services on a timeline. | Timeline | aws:description , aws:inspector , aws:cloudtrail , aws:config:rule , aws:config:notifications
|
Usage
Dashboard | Description | Panel | Source Type |
---|---|---|---|
EC2 Instances | Describes the usage of your EC2 instances. | ||
Running EC2 Instances | aws:description
| ||
In-Use Reserved EC2 Instances | aws:description
| ||
Unused Reserved EC2 Instances | aws:description
| ||
Running EC2 Instances by Category | aws:description
| ||
Running EC2 Instances by Region | aws:description
| ||
Running EC2 Instances by Type | aws:description
| ||
Running EC2 Instances by Type Over Time | aws:description
| ||
Running EC2 Instances by Region Over Time | aws:description
| ||
EC2 Spot Instances Details | aws:description
| ||
EC2 Reserved Instances | aws:description
| ||
High Utilization EC2 Instances | aws:cloudwatch , aws:description
| ||
Low Utilization EC2 Instances | aws:cloudwatch , aws:description
| ||
Individual EC2 Instances | Allows you to look up the detailed usage of specific EC2 instances. | ||
EC2 Instance Details | aws:description
| ||
Average CPU Utilization - Last 24h | aws:cloudwatch
| ||
Total Network I/O - Last 24h | aws:cloudwatch
| ||
Total Failed Status Checks - Last 24h | aws:cloudwatch
| ||
Average CPU Utilization Over Time | aws:cloudwatch
| ||
Total Network I/O Over Time | aws:cloudwatch
| ||
Total Failed Status Checks Over Time | aws:cloudwatch
| ||
EBS Volumes | Describes the usage of EBS volumes. | In-Use EBS Volumes | aws:description
|
In-Use EBS Volume Size | aws:description
| ||
EBS Snapshots Size | aws:description
| ||
In-Use EBS Volumes by Type | aws:description
| ||
EBS Volumes by Sizes | aws:description
| ||
EBS Volumes by IOPS | aws:description
| ||
Unused EBS Volumes | aws:description
| ||
Non-Optimized EBS Volumes | aws:description
| ||
EBS Volumes Without Recent (30 days) Snapshot | aws:description
| ||
Standard EBS Volumes with IOPS > 95 - Last 7 Days | aws:description , aws:cloudwatch
| ||
EBS Volumes with IOPS < 1 - Last 7 Days | aws:description , aws:cloudwatch
| ||
Individual EBS Volumes | Allows you to look up the detailed usage of specific EBS volumes. | EBS Volume Details | aws:description
|
Average IOPS - Last 24h | aws:cloudwatch
| ||
Total Read/Write - Last 24h | aws:cloudwatch
| ||
Average Queue Length - Last 24h | aws:cloudwatch
| ||
Average IOPS Over Time | aws:cloudwatch
| ||
Total Read/Write Over Time | aws:cloudwatch
| ||
Average Queue Length Over Time | aws:cloudwatch
| ||
ELB Instances | Displays information about the ELBs in your environment. | Total ELBs | aws:description
|
Total Requests | aws:cloudwatch
| ||
Unhealthy EC2 Instances | aws:description
| ||
ELB Error Requests | aws:cloudwatch
| ||
HTTP 4XX Responses | aws:cloudwatch
| ||
HTTP 5XX Responses | aws:cloudwatch
| ||
ELBs by Region | aws:description
| ||
Requests by ELB | aws:cloudwatch
| ||
Requests by HTTP Status Code | aws:cloudwatch
| ||
Latency per ELB Over Time | aws:cloudwatch
| ||
Requests per ELB Over Time | aws:cloudwatch
| ||
Individual ELB Instances | Allows you to look up detailed information about specific ELBs. | Total Requests | aws:cloudwatch
|
ELB Error Requests | aws:cloudwatch
| ||
HTTP Error Requests | aws:cloudwatch
| ||
Unhealthy EC2 Instances | aws:description
| ||
ELB Details | aws:cloudwatch
| ||
EC2 Instances | aws:description
| ||
Latency Over Time | aws:cloudwatch
| ||
Request Count Over Time | aws:cloudwatch
| ||
HTTP Status Code Over Time | aws:cloudwatch
| ||
Relational Database Service | Displays RDS data from the CloudWatch service. | RDS Instance Details | aws:description , aws:cloudwatch
|
Average CPU Utilization | aws:description , aws:cloudwatch
| ||
Average Freeable Memory | aws:description , aws:cloudwatch
| ||
Average Free Storage Space | aws:description , aws:cloudwatch
| ||
Average Write IOPS | aws:description , aws:cloudwatch
| ||
Average Read Latency | aws:description , aws:cloudwatch
| ||
Average Write Latency | aws:description , aws:cloudwatch
| ||
Lambda | Provides detailed metrics of functions run by the AWS Lambda compute service. | Duration (ms) by Function | aws:cloudwatch
|
Invocations by Function | aws:cloudwatch
| ||
Errors by Function | aws:cloudwatch
| ||
Throttles by Function | aws:cloudwatch
| ||
GB-s by Function | aws:cloudwatch
| ||
Duration (ms) by Function Over Time | aws:cloudwatch
| ||
Invocations by Function Over Time | aws:cloudwatch
| ||
Errors by Function Over Time | aws:cloudwatch
| ||
Throttles by Function Over Time | aws:cloudwatch
| ||
GB-s by Function Over Time | aws:cloudwatch
| ||
API Gateway | Lets you visually view metrics of APIs managed through your API Gateway. | ||
Total Count by API | aws:cloudwatch
| ||
Total Count by API Over Time | aws:cloudwatch
| ||
Total Count by API | aws:cloudwatch
| ||
Total Count by API Over Time | aws:cloudwatch
| ||
Most Active Methods | aws:cloudwatch
| ||
Slowest Methods | aws:cloudwatch
| ||
Capacity Planner | Allows you to analyze your usage to plan your capacity for upcoming months. Based on historical month data from Detailed billing reports with resources and tags. | Total Instance Hours | aws:billing
|
Percentage of On-Demand Hours | aws:billing
| ||
Total Instance Cost | aws:billing
| ||
Percentage of On-Demand Cost | aws:billing
| ||
Instance Hours | aws:billing
| ||
Reserved Instance Planner | Helps you better plan your reserved instances by letting you view existing resources and providing optimal resource recommendations with estimated annual savings based on historical or predictive usage data. | Reserved Instance Planner | aws:billing , aws:description
|
Reserved Instance Inventory | Displays usage statistics of reserved instances (RI) as well as current RI plans. | RIs by Instance Type | aws:description
|
RIs by Region | aws:description
| ||
RIs by Offer Type | aws:description
| ||
RI Plans | aws:description
| ||
RI Plans to Expire Within One Month | aws:description
|
Security
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Network ACLs | Describes the Network ACL activity in your AWS environment, including error events, the number of Network ACLs, activity over time, and the detailed list of error activities. | Network ACLs | aws:description
|
Error Events | aws:cloudtrail
| ||
Network ACL Actions | aws:cloudtrail
| ||
Network ACL Activity Over Time | aws:cloudtrail
| ||
Detailed Network ACLs Activity | aws:cloudtrail
| ||
Network ACL Error Activity | aws:cloudtrail
| ||
Security Groups | Describes security group activity in your AWS environment, including error events, number of security groups and rules, any unused security groups, activity over time, and the detailed list of error activities. | Security Groups | aws:description
|
Security Group Rules | aws:description
| ||
Error Events | aws:cloudtrail
| ||
Security Group Actions | aws:cloudtrail
| ||
Unused Security Groups | aws:config
| ||
Security Group Activity Over Time | aws:cloudtrail
| ||
Security Group Activity | aws:cloudtrail
| ||
Authorize and Revoke Activity | aws:cloudtrail
| ||
Security Group Error Activity | aws:cloudtrail
| ||
IAM Activity | Describes IAM activity in your environment, including the error events, which users have the most activity, activity over time, and the detailed list of error activities. | Error Events | aws:cloudtrail
|
Activity by User | aws:cloudtrail
| ||
IAM Actions | aws:cloudtrail
| ||
IAM Activity Over Time | aws:cloudtrail
| ||
Authorized vs. Unauthorized Activity | aws:cloudtrail
| ||
Detailed IAM Activity | aws:cloudtrail
| ||
IAM Error Activity | aws:cloudtrail
| ||
Key Pairs Activity | Describes the key pair activity in your AWS environment, including error events, the number of in-use key pairs, which key pair is most used, activity over time, and the detailed list of error activities. | In-Use Key Pairs | aws:description
|
Error Events | aws:cloudtrail
| ||
Key Pair Actions | aws:cloudtrail
| ||
Key Pair Usage | aws:description
| ||
Key Pair Activity Over Time | aws:cloudtrail
| ||
Key Pair Activity | aws:cloudtrail
| ||
Key Pair Error Activity | aws:cloudtrail
| ||
S3 - Data Event | Displays S3 event statistics | Error Events | aws:s3:accesslogs
|
Unauthorized Events | aws:s3:accesslogs
| ||
Activities by User | aws:s3:accesslogs
| ||
Events by UserAgent | aws:s3:accesslogs
| ||
Events by UserName | aws:s3:accesslogs
| ||
Events by BucketName | aws:s3:accesslogs
| ||
Events Over Time | aws:s3:accesslogs
| ||
Events by Origin | aws:s3:accesslogs
| ||
Most Frequently Accessed Objects - Top 10 | aws:s3:accesslogs
| ||
Most Recent Modifications - Latest 10 | aws:s3:accesslogs
| ||
VPC Activity | Describes VPC activity in your environment, including the error events, number of VPCs, activity over time, and the detailed list of error activities. | VPCs | aws:description
|
Error Events | aws:cloudtrail
| ||
Network VPC Actions | aws:cloudtrail
| ||
VPC Activity Over Time | aws:cloudtrail
| ||
Detailed VPC Activity | aws:cloudtrail
| ||
VPC Error Activity | aws:cloudtrail
| ||
Resource Activity | Shows the resource changes over time and the detailed change list. | Changes Over Time | aws:config:notification
|
Changes by Resource Type | aws:config:notification
| ||
Resources | aws:config:notification
| ||
User Activity | Describes user activity in your AWS environment, including the number of active users, error/unauthorized activities, activity over time, and list of activities. You can also filter activities by ARN or username. | Active Users | aws:cloudtrail
|
Error Activities | aws:cloudtrail
| ||
Unauthorized Activities | aws:cloudtrail
| ||
User Activity by Event Name Over Time | aws:cloudtrail
| ||
User Activity by User Name Over Time | aws:cloudtrail
| ||
Most Recent User Activity Grouped by Event Name | aws:cloudtrail
| ||
Event Details | aws:cloudtrail
| ||
Geographic Source of Event(s) | aws:cloudtrail
| ||
CloudFront - Traffic Analysis | Traffic and error metrics about your CloudFront distribution. | Total Requests | aws:cloudfront:accesslogs
|
Error Requests | aws:cloudfront:accesslogs
| ||
Total Request Traffic | aws:cloudfront:accesslogs
| ||
Total Response Traffic | aws:cloudfront:accesslogs
| ||
Cache Hit Ratio | aws:cloudfront:accesslogs
| ||
Traffic Size by Location (Bytes) | aws:cloudfront:accesslogs
| ||
Request Count by Location | aws:cloudfront:accesslogs
| ||
HTTP Status | aws:cloudfront:accesslogs
| ||
User Agents | aws:cloudfront:accesslogs
| ||
CloudFront Edge Details | aws:cloudfront:accesslogs
| ||
Top URLs | aws:cloudfront:accesslogs
| ||
Top Request by Edge Location | aws:cloudfront:accesslogs
| ||
Slowest Requests | aws:cloudfront:accesslogs
| ||
Heaviest Traffic Requests | aws:cloudfront:accesslogs
| ||
Latency Over Time | aws:cloudfront:accesslogs
| ||
Traffic (MB) Over Time | aws:cloudfront:accesslogs
| ||
ELB - Traffic Analysis | Data from your ELB access logs. | Total Entries | aws:elb:accesslogs
|
Total ELBs | aws:elb:accesslogs
| ||
Unique Clients | aws:elb:accesslogs
| ||
Total Data Sent | aws:elb:accesslogs
| ||
Total Data Received | aws:elb:accesslogs
| ||
Traffic Size by Location (Bytes) | aws:elb:accesslogs
| ||
Request Count by Location | aws:elb:accesslogs
| ||
Error Entries | aws:elb:accesslogs
| ||
Average Processing Time | aws:elb:accesslogs
| ||
Top Error-Causing Requests | aws:elb:accesslogs
| ||
Error Count | aws:elb:accesslogs
| ||
Top Time-Consuming Requests | aws:elb:accesslogs
| ||
Processing Time (ms) | aws:elb:accesslogs
| ||
S3 - Traffic Analysis | Data from your S3 access logs. | Total Requests | aws:s3:accesslogs
|
Error Requests | aws:s3:accesslogs
| ||
Total Traffic | aws:s3:accesslogs
| ||
Average Processing Time | aws:s3:accesslogs
| ||
Traffic Size by Location (Bytes) | aws:s3:accesslogs
| ||
Request Count by Location | aws:s3:accesslogs
| ||
HTTP Status | aws:s3:accesslogs
| ||
S3 Error Code | aws:s3:accesslogs
| ||
Top User Agents | aws:s3:accesslogs
| ||
Top Requests | aws:s3:accesslogs
| ||
Request Count Over Time | aws:s3:accesslogs
| ||
Top Error Requests | aws:s3:accesslogs
| ||
Error Count Over Time | aws:s3:accesslogs
| ||
VPC Flow Logs - Traffic Analysis | Provides an overview of your network traffic. | Monitored Interfaces | aws:cloudwatchlogs:vpcflow
|
Traffic Protocols | aws:cloudwatchlogs:vpcflow
| ||
All Traffic (GB) | aws:cloudwatchlogs:vpcflow
| ||
Traffic Destinations | aws:cloudwatchlogs:vpcflow
| ||
Traffic Sources | aws:cloudwatchlogs:vpcflow
| ||
Traffic Over Time by Interface (Top 5) | aws:cloudwatchlogs:vpcflow
| ||
Traffic Size by Protocol and Location | aws:cloudwatchlogs:vpcflow
| ||
Top Destination Addresses | aws:cloudwatchlogs:vpcflow
| ||
Top Destination Ports | aws:cloudwatchlogs:vpcflow
| ||
Top Source Addresses | aws:cloudwatchlogs:vpcflow
| ||
VPC Flow Logs - Security Analysis | Provides an overview of your rejected network traffic. | Accepted vs. Rejected Over Time (Bytes) | aws:cloudwatchlogs:vpcflow
|
Accepted vs. Rejected Traffic by Location | aws:cloudwatchlogs:vpcflow
| ||
Top Rejected Destination Ports | aws:cloudwatchlogs:vpcflow
| ||
Top Rejected Source Addresses | aws:cloudwatchlogs:vpcflow
| ||
Top 50 Rejected Address Pairs | aws:cloudwatchlogs:vpcflow
|
Insights
Note: Splunk Light does not support the Insights dashboards, including the Insights Overview dashboard under the Overview menu. If you use Splunk Light, all Insight dashboard menus will be hidden from view.
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Config Rules | Displays compliance status results based on the AWS Config rules that you have set up in your environment. | Active Config Rules | aws:config:rule
|
Non-Compliant Config Rules | aws:config:rule
| ||
Non-Compliant Resources | aws:config:rule
| ||
Compliant vs Non-Compliant Config Rules | aws:config:rule
| ||
Compliant vs Non-Compliant Resources | aws:config:rule
| ||
Non-Compliant Resources by Config Rules | aws:config:rule
| ||
Active Config Rules Summary | aws:config:rule
| ||
Non-Compliant Resource Details | aws:config:rule
| ||
Non-Compliant Resources Over Time | aws:config:rule
| ||
Amazon Inspector | Displays results of your Amazon Inspector findings, which you can filter by assessment run and severity. From the Findings table on this dashboard, click on an EC2 instance name to jump directly to the Topology dashboard and view that EC2 instance in context. | Completed Assessment Runs | aws:inspector
|
Total Findings | aws:inspector
| ||
High Severity | aws:inspector
| ||
Medium Severity | aws:inspector
| ||
Low Severity | aws:inspector
| ||
Informational Severity | aws:inspector
| ||
Findings | aws:inspector
| ||
EC2 Insights | Displays EC2 instances with potential problems. Note: At least four days worth of CloudWatch data for EC2 instances over the past seven days must be available for the dashboard to work. | EC2 Insights | aws:description , aws:cloudwatch
|
Elastic IP Insights | Displays public IPs with problems and provides best practice recommendations. | Elastic IP Insights | aws:description
|
ELB Insights | Displays load-balancing problems at different severity levels and provides best practice recommendations. | Elastic Load Balancing Insights | aws:description , aws:cloudwatch
|
EBS Insights | Displays detected EBS-related anomalies at different severity levels and provides best practice recommendations. | EBS Insights | aws:description , aws:cloudwatch
|
AWS Personal Health | Displays statuses of different types of services. | Service Status | aws:sqs
|
Security Group Insights | Displays different severity levels of detected problems with the configuration and usage of security groups in your AWS environment. | Security Group Insights | aws:description
|
IAM Insights | Displays different severity levels of detected problems with IAM authentication setup and management in your AWS environment. | IAM Insights | aws:description
|
Billing
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Budget Planner | Helps you better plan budgets and control expenses by letting you set monthly budgets over a period of time and visually view all aspects of your budget information and track actual expenses against your budgets. | Total Budget | aws:billing
|
Monthly Budget | aws:billing
| ||
Remaining Total Budget | aws:billing
| ||
Budget Burndown | aws:billing
| ||
Budget | aws:billing
| ||
Month-over-month Budget | aws:billing
| ||
Current Month Estimated Billing | Projected AWS bill information based on your CloudWatch billing metrics. Note that the Total Projected Cost -- This Month and Cost Projection Over Time panels rely on at least two data points before a projection can appear, thus these panels show "No results found" for the first few days of each new month. |
Estimated Cost - Month to Date | aws:cloudwatch
|
Total Projected Cost - This Month | aws:cloudwatch
| ||
Estimated Cost by Account | aws:cloudwatch
| ||
Estimated Cost by Service | aws:cloudwatch
| ||
Month over Month Comparison - Daily Cost | aws:cloudwatch
| ||
Cost Projection Over Time | aws:cloudwatch
| ||
Estimated Cost by Account and Service - Month to Date | aws:cloudwatch
| ||
Historical Monthly Bills | Displays your monthly billing cost up to but excluding the current month. AWS continues to update the monthly billing report several days after the last day of a calendar month, so you may see some fluctuation in the most recent monthly charge during the first few days of a new month. Note that the Cost by Region panel is not available in consolidated accounts and show incomplete costs in nonconsolidated accounts if your bills include items that do not have region information associated with them. |
Cost by Account | aws:billing
|
Cost by Service | aws:billing
| ||
Cost by Region | aws:billing
| ||
EC2 Cost by Instance Type | aws:billing
| ||
EBS Cost by Usage Type | aws:billing
| ||
Month over Month Comparison | aws:billing
| ||
Cost by Account and Service | aws:billing
| ||
Historical Detailed Bills | Allows you to analyze your detailed billing history using your Detailed billing reports with resources and tags. Does not include data for the current month. Expect long load times for this dashboard due to the large amount of data in the Detailed billing report. | Total Cost | aws:billing
|
Cost Over Time | aws:billing
|
Work with your data in the Splunk App for AWS | Filter dashboards by tags in the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 5.0.0, 5.0.1, 5.0.2
Feedback submitted, thanks!