New features in the Splunk App for AWS

The Splunk App for AWS version 5.0.x has the following new and changed features.

System

• Added support for Splunk Light version 6.5.1 and later.
• New aws_admin role intended for administrators who will only manage resources in the Splunk App for AWS. The role inherits from the power role, and has the following specific fine-grained capabilities: aws_admin_capability, edit_input_defaults, and list_storage_passwords (only available in Splunk Enterprise 6.5.0 and later). With this role, you can grant non-admin users permissions to configure the Splunk App for AWS.

Inputs

• New CloudWatch Logs input for collecting data from the CloudWatch Logs service, including VPC flow logs.
• New Kinesis input for collecting data from Kinesis streams.

Dashboards

• A set of Insights dashboards under the new Insights menu that display detected problems and anomalies in your AWS environment, and provide best practice recommendations to help you optimize AWS resources. See Insights dashboards.
• New AWS resource Timeline dashboard to compare and correlate data across AWS CloudTrail, CloudWatch, Config Rules and Inspector events.
• Improved cost-management capabilities including interactive capacity and the new Budget Planner dashboard under the Billing menu.
• Enhanced security dashboards to view AWS audit activity, unauthorized users, AWS instance changes and more. Dashboards under the Traffic & Access menu and the Audit menu in the previous release are now organized under the Security menu.
• Configure anomaly detection rules for detecting anomalies in AWS account access activity and billing records in the Security Anomaly Insights dashboard and Billing Anomaly Insights dashboard respectively.
• New Insights (best practice recommendations) are available for EIP, ELB, and RI, and all insights are now accessible to the Splunk power user role.
• New Insights Overview dashboard under the Overviews menu that provides a summarized overview of detected problems and anomalies with regard to AWS resources usage, account access activity, and estimated billing.
• Two new dashboards under the Usage menu, Reserved Instance Planner and Reserved instance Inventory, that help you better plan your reserved instances. When planning reserved instances, you can choose to apply regional benefit to broaden the application of your RI discounts.
• Enhancements to the Topology dashboard, providing an interactive graphical representation of your AWS deployment:
  • New Amazon Inspector & Config Rules layer in the IAM topology.
  • The Insights icon and panel that displays detected resource usage problems and recommends corrective actions to help you optimize your AWS environment.
• Performance improvements in data collection, topology view, and dashboards.

Knowledge objects

• The VPC Flow data model is removed in this release.
• New saved searches to populate the new dashboards introduced in this release.
• Summary indexing is used to accelerate reporting.

See also

For fixed issues, see Fixed issues for the Splunk App for AWS.

For known issues, see Known issues for the Splunk App for AWS.

To get started with the app, see the Installation and Configuration Manual.