Splunk® Supported Add-ons

Splunk Add-on for AWS

Download manual as PDF

Download topic as PDF

About the Splunk Add-on for Amazon Web Services

Version 4.6.0
Vendor Products Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Log, Billing services, SQS, and SNS
Visible in Splunk Web Yes. This add-on contains views for configuration.

The Splunk Add-on for Amazon Web Services allows a Splunk software administrator to collect:

  • Configuration snapshots, configuration changes, and historical configuration data from the AWS Config service.
  • Metadata for your AWS EC2 instances, reserved instances, and EBS snapshots
  • Compliance details, compliance summary, and evaluation status of your AWS Config Rules.
  • Assessment Runs and Findings data from the Amazon Inspector service.
  • Management and change events from the AWS CloudTrail service.
  • VPC flow logs and other logs from the CloudWatch Logs service.
  • Performance and billing metrics from the AWS CloudWatch service.
  • Billing reports that you have configured in AWS.
  • S3, CloudFront, and ELB access logs.
  • Generic data from your S3 buckets.
  • Generic data from your Kinesis streams.
  • Generic data from SQS.

This add-on provides modular inputs and CIM-compatible knowledge to use with other Splunk apps, such as the Splunk App for AWS, Splunk Enterprise Security, and Splunk IT Service Intelligence.

Only CloudTrail, CloudWatch, Config, Config Rules, Amazon Inspector, and VPC Flow Logs data is tagged for CIM compliance. Because data gathered from S3 buckets and Kinesis is not predictable, the add-on cannot normalize it to the CIM data models.

You can also collect data using the Splunk Add-on for Amazon Kinesis Firehose, which offers an alternate method for integrating with your Amazon account and pushing data from AWS to the Splunk platform. For more information, see About the Splunk Add-on for Amazon Kinesis Firehose.

Download the Splunk Add-on for Amazon Web Services from Splunkbase.

For a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for Amazon Web Services.

For information about installing and configuring the Splunk Add-on for Amazon Web Services, see Installation and configuration overview for the Splunk Add-on for Amazon Web Services.

See Questions related to Splunk Add-on for Amazon Web Services on Splunk Answers.

  NEXT
Source types for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Comments

Greetings - where is the checkpointer file that stores the last_modified timestamp after the initial runs? My s3 pulls seem to have stalled at a date in the past and I'd like to advance a day to see if there's a troublesome file in the S3 bucket. Changing the inputs.conf entry is documented to be useless after the initial run.

Rgonzale6
April 4, 2017

Hi Adancha, you can find release notes and history in this doc - the 3rd and 4th topics under Overview, right after the Source Types section.

Hunters splunk, Splunker
December 15, 2016

Having trouble finding the Release Notes / Changelog for versions of this App.
Could anyone point me to the document?

Adancha
December 6, 2016

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters