On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
Overview of the dashboards in the Splunk App for AWS
The Splunk App for AWS offers a variety of dashboards to give you insight into your AWS data. As you navigate from one dashboard to another, the app retains your most recent filter selections for Account ID and region to facilitate easy browsing.
Each dashboard is powered by data collected from your AWS environment using one or more input types configured in the Splunk Add-on for AWS. The dashboard overview tables below show the recommended input types to configure for each dashboard. For detailed information of all the supported input types for each source type, see Supported data types and corresponding AWS input types in the Splunk Add-on for AWS Guide.
If you do not see data in a particular dashboard panel, check the source type of the panel for which data is missing. For example, if your Configuration Changes panel on the Overview dashboard shows zeroes, but you know changes have been made in your AWS environment, search sourcetype=aws:config:notification to check that data is coming in to your Splunk platform from that source type. If you do not see events, troubleshoot that input with a Splunk administrator, and make sure that proper AWS permissions have been configured for the Splunk Add-on for AWS. See the installation overview topic in the Splunk Add-on for AWS manual to identify the input permissions you need for your deployment.
Overviews
| Dashboard | Description and recommended input types in the Splunk Add-on for AWS | Panel | Source Type |
|---|---|---|---|
| Overview | Gives a big picture overview of your AWS environment and status from different perspectives, including configuration changes, usage, security. If anything looks unusual, you can click a panel to drill down to a more detailed dashboard. Recommended input types: SQS-based S3, Description |
Configuration Changes | aws:config:notification
|
| Notable CloudTrail Activity by Origin | aws:cloudtrail
| ||
| Compute Instances | aws:description
| ||
| Storage | aws:description, aws:cloudwatch
| ||
| ELB | aws:description, aws:cloudwatch
| ||
| CloudFront | aws:cloudfront:accesslogs
| ||
| Usage Overview | Summarizes the usage of AWS services such as EC2 and EBS. Recommended input types: Description, CloudWatch |
EC2 and EBS | aws:description
|
| ELB | aws:description, aws:cloudwatch
| ||
| Max CPU Utilization - Last 7 Days Top 5 | aws:cloudwatch, aws:description
| ||
| Min CPU Utilization - Last 7 Days Top 5 | aws:cloudwatch, aws:description
| ||
| Security Overview | Displays the number of error events from different services. Drill down to more detailed dashboards from this overview. Recommended input types: Description, SQS-based S3 |
IAM Errors | aws:cloudtrail
|
| VPC Errors | aws:cloudtrail
| ||
| Security Group Errors | aws:cloudtrail
| ||
| Key Pair Errors | aws:cloudtrail
| ||
| Network ACL Errors | aws:cloudtrail
| ||
| Unauthorized Activity | aws:cloudtrail
| ||
| Authorized vs Unauthorized IAM Activity | aws:cloudtrail
| ||
| Authorized vs Unauthorized Activity by User | aws:cloudtrail
| ||
| Authorized vs Unauthorized Activity by Event Name | aws:cloudtrail
| ||
| Insights Overview | Summarizes the numbers and trends of detected problems with resource usages. Recommended input types: Description, CloudWatch |
Insights - Yesterday |
aws:description, aws:cloudwatch
|
| Anomaly - Yesterday | aws:description, aws:cloudwatch, aws:cloudtrail
| ||
| Anomaly - Last 100 by 12 a.m. | aws:cloudwatch, aws:cloudtrail
| ||
| Anomaly Detection Overview | Displays anomaly trends over time as well as a list of recent anomalies. You can also view and manage all the configured anomaly detection jobs in this dashboard. For information about creating anomaly detection rules, see Create anomaly detection rules. Recommended input types: Description, CloudWatch |
Anomaly Trends | aws:description, aws:cloudwatch
|
| Latest 100 Anomalies | aws:description, aws:cloudwatch, aws:cloudtrail
| ||
| Anomaly Detection Jobs | aws:cloudwatch, aws:cloudtrail
|
Note: If you see a message indicating that the Notable CloudTrail Activity by Origin map cannot display, this is due to the fact that AWS does not provide a valid sourceIPAddress for data in the AWS region at this time.
Topology
| Dashboard | Description and recommended input types in the Splunk Add-on for AWS | Panel | Source Type |
|---|---|---|---|
| Topology | Displays the topology of your AWS resources and how they relate to each other. See Topology dashboard reference for the Splunk App for AWS for more details. Recommended input types: SQS-based S3, CloudWatch, Kinesis, Billing (Cost and Usage Report) |
Topology | aws:config
|
| Relationships | aws:config
| ||
| Usage | aws:cloudwatch
| ||
| Activity | aws:cloudtrail
| ||
| VPC Flow | aws:cloudwatchlogs:vpcflow
| ||
| IAM | aws:config
| ||
| Billing | aws:billing:cur, aws:billing
| ||
| Amazon Inspector and Config Rules | aws:inspector, aws:config:rule
|
Timeline
| Dashboard | Description and recommended input types in the Splunk Add-on for AWS | Panel | Source Type |
|---|---|---|---|
| Timeline | Chronologically display up to 200 historical events on a timeline associated with the following AWS services: Config Notification, Amazon Inspector, Config Rules, CloudTrail, Personal Health, SQS (custom events). For SQS custom events to be displayed on the timeline, the events must be described in the following json format and are ingested from the SQS queue by the Splunk Add-on for AWS. {
"title": "<event title>",
"description": "<event description>",
"resourceId": "AWS resource ID",
"accountId": "AWS account ID",
"regioin": "AWS region"
}
Recommended input types: SQS-based S3, Description, Inspector |
Timeline | aws:description, aws:inspector, aws:cloudtrail, aws:config:rule, aws:config:notifications
|
Usage
| Dashboard | Description and recommended input types in the Splunk Add-on for AWS | Panel | Source Type |
|---|---|---|---|
| EC2 Instances | Describes the usage of your EC2 instances. Recommended input types: Description, CloudWatch | ||
| Running EC2 Instances | aws:description
| ||
| In-Use Reserved EC2 Instances | aws:description
| ||
| Unused Reserved EC2 Instances | aws:description
| ||
| Running EC2 Instances by Category | aws:description
| ||
| Running EC2 Instances by Region | aws:description
| ||
| Running EC2 Instances by Type | aws:description
| ||
| Running EC2 Instances by Type Over Time | aws:description
| ||
| Running EC2 Instances by Region Over Time | aws:description
| ||
| EC2 Spot Instances Details | aws:description
| ||
| EC2 Reserved Instances | aws:description
| ||
| High Utilization EC2 Instances | aws:cloudwatch, aws:description
| ||
| Low Utilization EC2 Instances | aws:cloudwatch, aws:description
| ||
| Individual EC2 Instances | Allows you to look up the detailed usage of specific EC2 instances. Recommended input types: Description, CloudWatch | ||
| EC2 Instance Details | aws:description
| ||
| Average CPU Utilization - Last 24h | aws:cloudwatch
| ||
| Total Network I/O - Last 24h | aws:cloudwatch
| ||
| Total Failed Status Checks - Last 24h | aws:cloudwatch
| ||
| Average CPU Utilization Over Time | aws:cloudwatch
| ||
| Total Network I/O Over Time | aws:cloudwatch
| ||
| Total Failed Status Checks Over Time | aws:cloudwatch
| ||
| EBS Volumes | Describes the usage of EBS volumes. Recommended input types: Description, CloudWatch |
In-Use EBS Volumes | aws:description
|
| In-Use EBS Volume Size | aws:description
| ||
| EBS Snapshots Size | aws:Description
| ||
| In-Use EBS Volumes by Type | aws:Description
| ||
| EBS Volumes by Sizes | aws:Description
| ||
| EBS Volumes by IOPS | aws:Description
| ||
| Unused EBS Volumes | aws:Description
| ||
| Non-Optimized EBS Volumes | aws:Description
| ||
| EBS Volumes Without Recent (30 days) Snapshot | aws:Description
| ||
| Standard EBS Volumes with IOPS > 95 - Last 7 Days | aws:Description, aws:cloudwatch
| ||
| EBS Volumes with IOPS < 1 - Last 7 Days | aws:Description, aws:cloudwatch
| ||
| Individual EBS Volumes | Allows you to look up the detailed usage of specific EBS volumes. Recommended input types: Description, CloudWatch |
EBS Volume Details | aws:Description
|
| Average IOPS - Last 24h | aws:cloudwatch
| ||
| Total Read/Write - Last 24h | aws:cloudwatch
| ||
| Average Queue Length - Last 24h | aws:cloudwatch
| ||
| Average IOPS Over Time | aws:cloudwatch
| ||
| Total Read/Write Over Time | aws:cloudwatch
| ||
| Average Queue Length Over Time | aws:cloudwatch
| ||
| ELB Instances | Displays information about the ELBs in your environment. Recommended input types: Description, CloudWatch |
Total ELBs | aws:Description
|
| Total Requests | aws:cloudwatch
| ||
| Unhealthy EC2 Instances | aws:Description
| ||
| ELB Error Requests | aws:cloudwatch
| ||
| HTTP 4XX Responses | aws:cloudwatch
| ||
| HTTP 5XX Responses | aws:cloudwatch
| ||
| ELBs by Region | aws:Description
| ||
| Requests by ELB | aws:cloudwatch
| ||
| Requests by HTTP Status Code | aws:cloudwatch
| ||
| Latency per ELB Over Time | aws:cloudwatch
| ||
| Requests per ELB Over Time | aws:cloudwatch
| ||
| Individual ELB Instances | Allows you to look up detailed information about specific ELBs. Recommended input types: Description, CloudWatch |
Total Requests | aws:cloudwatch
|
| ELB Error Requests | aws:cloudwatch
| ||
| HTTP Error Requests | aws:cloudwatch
| ||
| Unhealthy EC2 Instances | aws:Description
| ||
| ELB Details | aws:cloudwatch
| ||
| EC2 Instances | aws:Description
| ||
| Latency Over Time | aws:cloudwatch
| ||
| Request Count Over Time | aws:cloudwatch
| ||
| HTTP Status Code Over Time | aws:cloudwatch
| ||
| Relational Database Service | Displays RDS data from the CloudWatch service. Recommended input types: Description, CloudWatch |
RDS Instance Details | aws:Description, aws:cloudwatch
|
| Average CPU Utilization | aws:Description, aws:cloudwatch
| ||
| Average Freeable Memory | aws:Description, aws:cloudwatch
| ||
| Average Free Storage Space | aws:Description, aws:cloudwatch
| ||
| Average Write IOPS | aws:Description, aws:cloudwatch
| ||
| Average Read Latency | aws:Description, aws:cloudwatch
| ||
| Average Write Latency | aws:Description, aws:cloudwatch
| ||
| Lambda | Provides detailed metrics of functions run by the AWS Lambda compute service. Recommended input types: CloudWatch |
Duration (ms) by Function | aws:cloudwatch
|
| Invocations by Function | aws:cloudwatch
| ||
| Errors by Function | aws:cloudwatch
| ||
| Throttles by Function | aws:cloudwatch
| ||
| GB-s by Function | aws:cloudwatch
| ||
| Duration (ms) by Function Over Time | aws:cloudwatch
| ||
| Invocations by Function Over Time | aws:cloudwatch
| ||
| Errors by Function Over Time | aws:cloudwatch
| ||
| Throttles by Function Over Time | aws:cloudwatch
| ||
| GB-s by Function Over Time | aws:cloudwatch
| ||
| API Gateway | Lets you visually view metrics of APIs managed through your API Gateway. Recommended input types: CloudWatch | ||
| Total Count by API | aws:cloudwatch
| ||
| Total Count by API Over Time | aws:cloudwatch
| ||
| Total Count by API | aws:cloudwatch
| ||
| Total Count by API Over Time | aws:cloudwatch
| ||
| Most Active Methods | aws:cloudwatch
| ||
| Slowest Methods | aws:cloudwatch
| ||
| Capacity Planner | Allows you to analyze your usage to plan your capacity for upcoming months. Based on historical month data from Detailed billing reports with resources and tags. Recommended input types: Billing (Cost and Usage Report) |
Total Instance Hours | aws:billing, aws:billing:cur
|
| Percentage of On-Demand Hours | aws:billing
| ||
| Total Instance Cost | aws:billing
| ||
| Percentage of On-Demand Cost | aws:billing
| ||
| Instance Hours | aws:billing
| ||
| Reserved Instance Planner | Helps you better plan your reserved instances by letting you view existing resources and providing optimal resource recommendations with estimated annual savings based on historical or predictive usage data. | Reserved Instance Planner Recommended input types: Billing (Cost and Usage Report), Description |
aws:billing, aws:billing:cur, aws:description
|
| Reserved Instance Inventory | Displays usage statistics of reserved instances (RI) as well as current RI plans. Recommended input types: Description |
RIs by Instance Type | aws:Description
|
| RIs by Region | aws:Description
| ||
| RIs by Payment Option | aws:Description
| ||
| RI Plans | aws:Description
| ||
| RI Utilization by Family in Last Month | aws:Description, aws:billingaws:billing:cur
|
Security
| Dashboard | Description and recommended input types in the Splunk Add-on for AWS | Panel | Source Type |
|---|---|---|---|
| Network ACLs | Describes the Network ACL activity in your AWS environment, including error events, the number of Network ACLs, activity over time, and the detailed list of error activities. Recommended input types: SQS-based S3, Description |
Network ACLs | aws:Description
|
| Error Events | aws:cloudtrail
| ||
| Network ACL Actions | aws:cloudtrail
| ||
| Network ACL Activity Over Time | aws:cloudtrail
| ||
| Detailed Network ACLs Activity | aws:cloudtrail
| ||
| Network ACL Error Activity | aws:cloudtrail
| ||
| Security Groups | Describes security group activity in your AWS environment, including error events, number of security groups and rules, any unused security groups, activity over time, and the detailed list of error activities. Recommended input types: SQS-based S3, Description |
Security Groups | aws:Description
|
| Security Group Rules | aws:Description
| ||
| Error Events | aws:cloudtrail
| ||
| Security Group Actions | aws:cloudtrail
| ||
| Unused Security Groups | aws:config
| ||
| Security Group Activity Over Time | aws:cloudtrail
| ||
| Security Group Activity | aws:cloudtrail
| ||
| Authorize and Revoke Activity | aws:cloudtrail
| ||
| Security Group Error Activity | aws:cloudtrail
| ||
| IAM Activity | Describes IAM activity in your environment, including the error events, which users have the most activity, activity over time, and the detailed list of error activities. Recommended input types: SQS-based S3 |
Error Events | aws:cloudtrail
|
| Activity by User | aws:cloudtrail
| ||
| IAM Actions | aws:cloudtrail
| ||
| IAM Activity Over Time | aws:cloudtrail
| ||
| Authorized vs. Unauthorized Activity | aws:cloudtrail
| ||
| Detailed IAM Activity | aws:cloudtrail
| ||
| IAM Error Activity | aws:cloudtrail
| ||
| Key Pairs Activity | Describes the key pair activity in your AWS environment, including error events, the number of in-use key pairs, which key pair is most used, activity over time, and the detailed list of error activities. Recommended input types: SQS-based S3, Description |
In-Use Key Pairs | aws:Description
|
| Error Events | aws:cloudtrail
| ||
| Key Pair Actions | aws:cloudtrail
| ||
| Key Pair Usage | aws:Description
| ||
| Key Pair Activity Over Time | aws:cloudtrail
| ||
| Key Pair Activity | aws:cloudtrail
| ||
| Key Pair Error Activity | aws:cloudtrail
| ||
| S3 - Data Event | Displays S3 event statistics Recommended input types: SQS-based S3 |
Error Events | aws:s3:accesslogs
|
| Unauthorized Events | aws:s3:accesslogs
| ||
| Activities by User | aws:s3:accesslogs
| ||
| Events by UserAgent | aws:s3:accesslogs
| ||
| Events by UserName | aws:s3:accesslogs
| ||
| Events by BucketName | aws:s3:accesslogs
| ||
| Events Over Time | aws:s3:accesslogs
| ||
| Events by Origin | aws:s3:accesslogs
| ||
| Most Frequently Accessed Objects - Top 10 | aws:s3:accesslogs
| ||
| Most Recent Modifications - Latest 10 | aws:s3:accesslogs
| ||
| VPC Activity | Describes VPC activity in your environment, including the error events, number of VPCs, activity over time, and the detailed list of error activities. Recommended input types: SQS-based S3, Description |
VPCs | aws:Description
|
| Error Events | aws:cloudtrail
| ||
| Network VPC Actions | aws:cloudtrail
| ||
| VPC Activity Over Time | aws:cloudtrail
| ||
| Detailed VPC Activity | aws:cloudtrail
| ||
| VPC Error Activity | aws:cloudtrail
| ||
| Resource Activity | Shows the resource changes over time and the detailed change list. Recommended input types: SQS-based S3 |
Changes Over Time | aws:config:notification
|
| Changes by Resource Type | aws:config:notification
| ||
| Resources | aws:config:notification
| ||
| User Activity | Describes user activity in your AWS environment, including the number of active users, error/unauthorized activities, activity over time, and list of activities. You can also filter activities by ARN or username. Recommended input types: SQS-based S3 |
Active Users | aws:cloudtrail
|
| Error Activities | aws:cloudtrail
| ||
| Unauthorized Activities | aws:cloudtrail
| ||
| User Activity by Event Name Over Time | aws:cloudtrail
| ||
| User Activity by User Name Over Time | aws:cloudtrail
| ||
| Most Recent User Activity Grouped by Event Name | aws:cloudtrail
| ||
| Event Details | aws:cloudtrail
| ||
| Geographic Source of Event(s) | aws:cloudtrail
| ||
| CloudFront - Traffic Analysis | Traffic and error metrics about your CloudFront distribution. Recommended input types: SQS-based S3 |
Total Requests | aws:cloudfront:accesslogs
|
| Error Requests | aws:cloudfront:accesslogs
| ||
| Total Request Traffic | aws:cloudfront:accesslogs
| ||
| Total Response Traffic | aws:cloudfront:accesslogs
| ||
| Cache Hit Ratio | aws:cloudfront:accesslogs
| ||
| Traffic Size by Location (Bytes) | aws:cloudfront:accesslogs
| ||
| Request Count by Location | aws:cloudfront:accesslogs
| ||
| HTTP Status | aws:cloudfront:accesslogs
| ||
| User Agents | aws:cloudfront:accesslogs
| ||
| CloudFront Edge Details | aws:cloudfront:accesslogs
| ||
| Top URLs | aws:cloudfront:accesslogs
| ||
| Top Request by Edge Location | aws:cloudfront:accesslogs
| ||
| Slowest Requests | aws:cloudfront:accesslogs
| ||
| Heaviest Traffic Requests | aws:cloudfront:accesslogs
| ||
| Latency Over Time | aws:cloudfront:accesslogs
| ||
| Traffic (MB) Over Time | aws:cloudfront:accesslogs
| ||
| ELB - Traffic Analysis | Data from your ELB access logs. Recommended input types: SQS-based S3 |
Total Entries | aws:elb:accesslogs
|
| Total ELBs | aws:elb:accesslogs
| ||
| Unique Clients | aws:elb:accesslogs
| ||
| Total Data Sent | aws:elb:accesslogs
| ||
| Total Data Received | aws:elb:accesslogs
| ||
| Traffic Size by Location (Bytes) | aws:elb:accesslogs
| ||
| Request Count by Location | aws:elb:accesslogs
| ||
| Error Entries | aws:elb:accesslogs
| ||
| Average Processing Time | aws:elb:accesslogs
| ||
| Top Error-Causing Requests | aws:elb:accesslogs
| ||
| Error Count | aws:elb:accesslogs
| ||
| Top Time-Consuming Requests | aws:elb:accesslogs
| ||
| Processing Time (ms) | aws:elb:accesslogs
| ||
| S3 - Traffic Analysis | Data from your S3 access logs. Recommended input types: SQS-based S3 |
Total Requests | aws:s3:accesslogs
|
| Error Requests | aws:s3:accesslogs
| ||
| Total Traffic | aws:s3:accesslogs
| ||
| Average Processing Time | aws:s3:accesslogs
| ||
| Traffic Size by Location (Bytes) | aws:s3:accesslogs
| ||
| Request Count by Location | aws:s3:accesslogs
| ||
| HTTP Status | aws:s3:accesslogs
| ||
| S3 Error Code | aws:s3:accesslogs
| ||
| Top User Agents | aws:s3:accesslogs
| ||
| Top Requests | aws:s3:accesslogs
| ||
| Request Count Over Time | aws:s3:accesslogs
| ||
| Top Error Requests | aws:s3:accesslogs
| ||
| Error Count Over Time | aws:s3:accesslogs
| ||
| VPC Flow Logs - Traffic Analysis | Provides an overview of your network traffic. Recommended input types: SQS-based S3 |
Monitored Interfaces | aws:cloudwatchlogs:vpcflow
|
| Traffic Protocols | aws:cloudwatchlogs:vpcflow
| ||
| All Traffic (GB) | aws:cloudwatchlogs:vpcflow
| ||
| Traffic Destinations | aws:cloudwatchlogs:vpcflow
| ||
| Traffic Sources | aws:cloudwatchlogs:vpcflow
| ||
| Traffic Over Time by Interface (Top 5) | aws:cloudwatchlogs:vpcflow
| ||
| Traffic Size by Protocol and Location | aws:cloudwatchlogs:vpcflow
| ||
| Top Destination Addresses | aws:cloudwatchlogs:vpcflow
| ||
| Top Destination Ports | aws:cloudwatchlogs:vpcflow
| ||
| Top Source Addresses | aws:cloudwatchlogs:vpcflow
| ||
| VPC Flow Logs - Security Analysis | Provides an overview of your rejected network traffic. Recommended input types: SQS-based S3 |
Accepted vs. Rejected Over Time (Bytes) | aws:cloudwatchlogs:vpcflow
|
| Accepted vs. Rejected Traffic by Location | aws:cloudwatchlogs:vpcflow
| ||
| Top Rejected Destination Ports | aws:cloudwatchlogs:vpcflow
| ||
| Top Rejected Source Addresses | aws:cloudwatchlogs:vpcflow
| ||
| Top 50 Rejected Address Pairs | aws:cloudwatchlogs:vpcflow
|
Insights
Note: Splunk Light does not support the Insights dashboards, including the Insights Overview dashboard under the Overview menu. If you use Splunk Light, all Insight dashboard menus will be hidden from view.
| Dashboard | Description and recommended input types in the Splunk Add-on for AWS | Panel | Source Type |
|---|---|---|---|
| Config Rules | Displays compliance status results based on the AWS Config rules that you have set up in your environment. Recommended input types: SQS-based S3 |
Active Config Rules | aws:config:rule
|
| Non-Compliant Config Rules | aws:config:rule
| ||
| Non-Compliant Resources | aws:config:rule
| ||
| Compliant vs Non-Compliant Config Rules | aws:config:rule
| ||
| Compliant vs Non-Compliant Resources | aws:config:rule
| ||
| Non-Compliant Resources by Config Rules | aws:config:rule
| ||
| Active Config Rules Summary | aws:config:rule
| ||
| Non-Compliant Resource Details | aws:config:rule
| ||
| Non-Compliant Resources Over Time | aws:config:rule
| ||
| Amazon Inspector | Displays results of your Amazon Inspector findings, which you can filter by assessment run and severity. From the Findings table on this dashboard, click on an EC2 instance name to jump directly to the Topology dashboard and view that EC2 instance in context. Recommended input types: Inspector |
Completed Assessment Runs | aws:inspector
|
| Total Findings | aws:inspector
| ||
| High Severity | aws:inspector
| ||
| Medium Severity | aws:inspector
| ||
| Low Severity | aws:inspector
| ||
| Informational Severity | aws:inspector
| ||
| Findings | aws:inspector
| ||
| EC2 Insights | Displays EC2 instances with potential problems. Note: At least four days worth of CloudWatch data for EC2 instances over the past seven days must be available for the dashboard to work. Recommended input types: Description, CloudWatch |
EC2 Insights | aws:description, aws:cloudwatch
|
| Elastic IP Insights | Displays public IPs with problems and provides best practice recommendations. Recommended input types: Description |
Elastic IP Insights | aws:description
|
| ELB Insights | Displays load-balancing problems at different severity levels and provides best practice recommendations. Recommended input types: Description, CloudWatch |
Elastic Load Balancing Insights | aws:Description, aws:cloudwatch
|
| EBS Insights | Displays detected EBS-related anomalies at different severity levels and provides best practice recommendations. Recommended input types: Description |
EBS Insights | aws:description, aws:cloudwatch
|
| AWS Personal Health | Displays statuses of different types of services. Recommended input types: SQS |
Service Status | aws:sqs
|
| Security Group Insights | Displays different severity levels of detected problems with the configuration and usage of security groups in your AWS environment. Recommended input types: Description |
Security Group Insights | aws:description
|
| IAM Insights | Displays different severity levels of detected problems with IAM authentication setup and management in your AWS environment. Recommended input types: Description |
IAM Insights | aws:description
|
Billing
| Dashboard | Description and recommended input types in the Splunk Add-on for AWS | Panel | Source Type |
|---|---|---|---|
| Budget Planner | Helps you better plan budgets and control expenses by letting you set monthly budgets over a period of time and visually view all aspects of your budget information and track actual expenses against your budgets. Recommended input types: Billing (Cost and Usage Report) |
Total Budget | aws:billing, aws:billing:cur
|
| Monthly Budget | aws:billing, aws:billing:cur
| ||
| Remaining Total Budget | aws:billing, aws:billing:cur
| ||
| Budget Burndown | aws:billing, aws:billing:cur
| ||
| Budget | aws:billing, aws:billing:cur
| ||
| Month-over-month Budget | aws:billing, aws:billing:cur
| ||
| Current Month Estimated Billing | Projected AWS bill information based on your CloudWatch billing metrics. Note that the Total Projected Cost -- This Month and Cost Projection Over Time panels rely on at least two data points before a projection can appear, thus these panels show "No results found" for the first few days of each new month. Recommended input types: CloudWatch |
Estimated Cost - Month to Date | aws:cloudwatch
|
| Total Projected Cost - This Month | aws:cloudwatch
| ||
| Estimated Cost by Account | aws:cloudwatch
| ||
| Estimated Cost by Service | aws:cloudwatch
| ||
| Month over Month Comparison - Daily Cost | aws:cloudwatch
| ||
| Cost Projection Over Time | aws:cloudwatch
| ||
| Estimated Cost by Account and Service - Month to Date | aws:cloudwatch
| ||
| Historical Monthly Bills | Displays your monthly billing cost up to but excluding the current month. AWS continues to update the monthly billing report several days after the last day of a calendar month, so you may see some fluctuation in the most recent monthly charge during the first few days of a new month. Note that the Cost by Region panel is not available in consolidated accounts and show incomplete costs in nonconsolidated accounts if your bills include items that do not have region information associated with them. Recommended input types: Billing (Cost and Usage Report) |
Cost by Account | aws:billing, aws:billing:cur
|
| Cost by Service | aws:billing, aws:billing:cur
| ||
| Cost by Region | aws:billing, aws:billing:cur
| ||
| EC2 Cost by Instance Type | aws:billing, aws:billing:cur
| ||
| EBS Cost by Usage Type | aws:billing, aws:billing:cur
| ||
| Month over Month Comparison | aws:billing, aws:billing:cur
| ||
| Cost by Account and Service | aws:billing, aws:billing:cur
| ||
| Historical Detailed Bills | Allows you to analyze your detailed billing history using your Detailed billing reports with resources and tags. Does not include data for the current month. Expect long load times for this dashboard due to the large amount of data in the Detailed billing report. Recommended input types: Billing (Cost and Usage Report) |
Total Cost | aws:billing, aws:billing:cur
|
| Cost Over Time | aws:billing, aws:billing:cur
|
Last modified on 30 March, 2021
| Work with your data in the Splunk App for AWS | Filter dashboards by tags in the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 6.0.1, 6.0.2, 6.0.3
Download manual
Feedback submitted, thanks!