About the Splunk Add-on for Amazon Web Services
|Vendor Products||Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Log, Billing services, SQS, and SNS|
|Visible in Splunk Web||Yes. This add-on contains views for configuration.|
The Splunk Add-on for Amazon Web Services allows a Splunk software administrator to collect:
- Configuration snapshots, configuration changes, and historical configuration data from the AWS Config service.
- Metadata for your AWS EC2 instances, reserved instances, and EBS snapshots
- Compliance details, compliance summary, and evaluation status of your AWS Config Rules.
- Assessment Runs and Findings data from the Amazon Inspector service.
- Management and change events from the AWS CloudTrail service.
- VPC flow logs and other logs from the CloudWatch Logs service.
- Performance and billing metrics from the AWS CloudWatch service.
- Billing reports that you have configured in AWS.
- S3, CloudFront, and ELB access logs.
- Generic data from your S3 buckets.
- Generic data from your Kinesis streams.
- Generic data from SQS.
This add-on provides modular inputs and CIM-compatible knowledge to use with other Splunk apps, such as the Splunk App for AWS, Splunk Enterprise Security, and Splunk IT Service Intelligence.
Only CloudTrail, CloudWatch, Config, Config Rules, Amazon Inspector, and VPC Flow Logs data is tagged for CIM compliance. Because data gathered from S3 buckets and Kinesis is not predictable, the add-on cannot normalize it to the CIM data models.
You can also collect data using the Splunk Add-on for Amazon Kinesis Firehose, which offers an alternate method for integrating with your Amazon account and pushing data from AWS to the Splunk platform. For more information, see About the Splunk Add-on for Amazon Kinesis Firehose.
Download the Splunk Add-on for Amazon Web Services from Splunkbase.
For a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for Amazon Web Services.
For information about installing and configuring the Splunk Add-on for Amazon Web Services, see Installation and configuration overview for the Splunk Add-on for Amazon Web Services.
See Questions related to Splunk Add-on for Amazon Web Services on Splunk Answers.
Source types for the Splunk Add-on for AWS
This documentation applies to the following versions of Splunk® Supported Add-ons: released