Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Hardware and software requirements for the Splunk App for AWS

Splunk platform requirements

The Splunk App for AWS runs on the following Splunk platforms:

Because this app runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this app.

  • If you plan to run this app in Splunk Cloud only, there are no additional requirements.
  • If you plan to manage on-premises heavy forwarders to get data in to Splunk Cloud, see System Requirements in the Installation Manual in the Splunk Enterprise documentation, which includes information about forwarders.
  • If you plan to run this app in an on-premises deployment of the Splunk platform, see System Requirements in the Installation Manual in the Splunk Enterprise documentation.
  • If you plan to run this app in a self-managed AWS instance, there are no additional requirements. Refer to the Virtual hardware information for sizing considerations specific to AWS.

Splunk Add-on for Amazon Web Services

The Splunk App for AWS relies on the Splunk Add-on for Amazon Web Services version 4.4.0 or later. Both the add-on and the app need to be installed for the app to function. For information about installing the Splunk Add-on for AWS, see Installation and configuration overview for the Splunk Add-on for AWS in the Splunk Add-on for AWS manual. Use the add-on setup and configuration user interface to link to your AWS account and configure data collection.

The "Addon Metadata - Summarize AWS Inputs" saved search is included in the Splunk Add-on for AWS and is disabled by default, but it is recommended that you enable this saved search on the add-on side. The saved search is used to aggregate inputs data into the summary index.

Python for Scientific Computing

If you are running this app on Splunk Enterprise or Splunk Cloud, the Recommendations Service feature depends on the Python for Scientific Computing app version 1.1 or later, available on Splunkbase or in your in-product app browser. Install the app appropriate for your environment on all Splunk search heads running the Splunk App for AWS.

Splunk Light does not support the Recommendations Service feature and therefore does not require the Python for Scientific Computing app as a prerequisite.

AWS region limitations

The Splunk Add-on for AWS supports all regions offered by AWS.

If you are in the AWS China region, the add-on only supports the services that AWS supports in that region. The China region does not support Config Rules, Inspector, CloudWatch Logs, or CloudFront services, nor does it offer CloudWatch metrics for ELB logs. For an up-to-date list of what products and services are supported in this region, see http://www.amazonaws.cn/en/products/.

If you are in the AWS GovCloud region, the add-on only supports the services that AWS supports in that region. The GovCloud region does not support Config Rules, or Inspector at this time. For an up-to-date list of what services and endpoints are supported in this region, see the AWS documentation: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-services.html.

Last modified on 24 October, 2019
About the Splunk App for AWS   Install the Splunk App for AWS on Splunk Cloud

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 5.1.0, 5.1.1, 5.1.2, 5.1.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters