Splunk® App for AWS (Legacy)

User Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.

Insights reference for the Splunk App for AWS

On the Insights dashboards and the Topology dashboard, the Splunk App for AWS evaluates your AWS environment and provides insights and recommended actions to help you optimize your AWS resources.

If any insights are available for you to review, the Insights icon in the corner of the Topology dashboard displays a number: Recommendation-icon-example.png. Click the icon to review your insights.

In Splunk Light and Splunk Cloud, the Recommendations Service feature is not supported, the insights feature is not supported, and the Insights dashboards and Insights icon on the Topology dashboard are unavailable.

Prerequisites

Python for Scientific Computing

The app's ability to evaluate your environment and provide insights depends on the Python for Scientific Computing app, available on Splunkbase. Install the version appropriate for your environment on all Splunk search heads running the Splunk App for AWS, or contact a Splunk software admin to perform this installation for you.

Note: Splunk Light and Splunk Cloud do not support the Recommendations Service feature and therefore does not require the Python for Scientific Computing app as a prerequisite.

CLI tools

To use the commands provided by the app to take action on the insights, you need the CLI tools. See http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-get-set-up.html for more information. You can also use the AWS Management Console to perform these actions in the UI instead of using the commands.

IAM permissions

To perform the suggested actions on your AWS EC2 resources, use an account with the following permissions.

 ec2:StartInstances
 ec2:StopInstances
 ec2:ModifyInstanceAttribute
 ec2:DeleteSecurityGroup

Insights and recommended actions

Delete security groups

The Splunk App for AWS polls your security groups to check if any are not assigned to any EC2 instances. Unused security groups can be deleted to make it easier to organize and manage your environment. For more information about deleting a security group using the CLI or in the AWS management console, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#deleting-security-group.

Upgrade or downgrade instances

The Splunk App for AWS evaluates your instance usage to determine if any instances are either over- or under-utilized. The app will identify the instances that should be resized to a larger instance type to avoid performance problems or downtime. The app will also identify instances that are underutilized so that you can save cost by resizing those to smaller instance types.

For more information about modifying an instance type using the AWS Management Console, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html. For more information about the modify-instance-attribute CLI command, see http://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html.

Recommended actions for load balancers

The Splunk App for AWS evaluates your ELB usage and their registered instances and recommends actions for load balancers identified with problems. Recommended actions include the following:

Recommended actions for EBS

Based on your Amazon EBS usage, the Splunk App for AWS provides information and recommended actions to help you optimize your EBS resources. Refer to the following AWS documentation for information and instructions about managing EBS resources.

Last modified on 17 December, 2020
Topology dashboard reference for the Splunk App for AWS  

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters