Splunk® App for AWS (Legacy)

Installation and Configuration Manual

Acrobat logo Download manual as PDF


On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Hardware and software requirements for the Splunk App for AWS

Splunk platform requirements

The Splunk App for AWS runs on the following Splunk platforms:

Because this app runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this app.

  • If you plan to run this app in Splunk Cloud only, there are no additional requirements.
  • If you plan to manage on-premises heavy forwarders to get data in to Splunk Cloud, see System Requirements in the Installation Manual in the Splunk Enterprise documentation, which includes information about forwarders.
  • If you plan to run this app in an on-premises deployment of the Splunk platform, see System Requirements in the Installation Manual in the Splunk Enterprise documentation.
  • If you plan to run this app in a self-managed AWS instance, there are no additional requirements. Refer to the Virtual hardware information for sizing considerations specific to AWS.

Splunk Add-on for Amazon Web Services compatibility

The Splunk App for AWS relies on the Splunk Add-on for Amazon Web Services version 4.5.0 or later. Both the add-on and the app need to be installed for the app to function. For information about installing the Splunk Add-on for AWS, see Installation and configuration overview for the Splunk Add-on for AWS in the Splunk Add-on for AWS manual. Use the add-on setup and configuration user interface to link to your AWS account and configure data collection.

This table describes Splunk Add-on for Amazon Web Services version compatibility with the supported versions of Splunk Enterprise:

7.2.x 7.3.x 8.0.0 Python 2 8.0.0 Python 3
Add-on version 4.5.0, 4.6.0 4.6.0 4.6.0 5.0.0

The "Addon Metadata - Summarize AWS Inputs" saved search is included in the Splunk Add-on for AWS and is disabled by default, but it is recommended that you enable this saved search on the add-on side. The saved search is used to aggregate inputs data into the summary index.

Python for Scientific Computing

If you're running this app on Splunk Enterprise, the Recommendations Service feature depends on the Python for Scientific Computing app version 1.1 or 1.2, available on Splunkbase or in your in-product app browser. Install the appropriate version for your environment on all Splunk search heads running the Splunk App for AWS.

Splunk Light and Splunk Cloud do not support the Recommendations Service feature and therefore do not require the Python for Scientific Computing app as a prerequisite.

If you want to install Python for Scientific Computing version 2.0 for another purpose, complete these steps in the existing version 1.2 package:

  1. Append _awsapp to the end of the package name. For example, if the package name is Splunk_SA_Scientific_Python_linux_x86_64, rename it to Splunk_SA_Scientific_Python_linux_x86_64_awsapp.
  2. In the Python for Scientific Computing package, create app.conf in the /local/ directory.
  3. Open app.conf and add a [package] stanza with an id parameter that contains the new package name. If your package name is different than the following example, change it first. 
    [package]
id = Splunk_SA_Scientific_Python_linux_x86_64_awsapp

AWS region limitations

The Splunk Add-on for AWS supports all regions offered by AWS.

If you are in the AWS China region, the add-on only supports the services that AWS supports in that region. The China region does not support Config Rules, Inspector, CloudWatch Logs, or CloudFront services, nor does it offer CloudWatch metrics for ELB logs. For an up-to-date list of what products and services are supported in this region, see http://www.amazonaws.cn/en/products/.

If you are in the AWS GovCloud region, the add-on only supports the services that AWS supports in that region. The GovCloud region does not support Config Rules, or Inspector at this time. For an up-to-date list of what services and endpoints are supported in this region, see the AWS documentation: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-services.html.

Last modified on 17 December, 2020
PREVIOUS
About the Splunk App for AWS 		  NEXT
Install the Splunk App for AWS on Splunk Cloud

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 6.0.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters