Splunk® App for AWS

Installation and Configuration Manual

Acrobat logo Download manual as PDF


On July 15, 2022, the Splunk App for AWS will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Amazon Web Services Dashboards and Reports.
This documentation does not apply to the most recent version of AWS. Click here for the latest version.
Acrobat logo Download topic as PDF

Inputs overview for the Splunk App for AWS

The Splunk App for AWS offers the following inputs to gather useful data from your AWS environment to present in the app dashboards. The table below indicates which inputs feed data to which dashboards. Click the input name for instructions on how to configure it.

The Splunk App for AWS saves your account and input configurations in the Splunk Add-on for AWS. If you open the add-on, you should expect to see your accounts and inputs listed there.

You can create and edit inputs through either the app or the add-on. The add-on offers additional advanced configuration options not visible in the app configuration. Any advanced configurations you enter in the add-on are honored by the app, even though those parameters are not visible in the app's input configuration screens.

Note: If you are using the Splunk App for AWS on a distributed, on-premises deployment of Splunk Enterprise, you must run the remote target command to connect your search head with your data collection node in order to be able to configure these inputs using the app configuration screen on your search heads. If you do not perform this step, configure your inputs through the add-on on your heavy forwarder and do not use the app configuration screen. If you configure your inputs through the add-on, you need to manually enable and schedule the saved search called Config: Topology Data Generator, which you can find in the app under Search > Reports. This search runs every twenty minutes and helps populate your Topology dashboard.

Input Description Dashboards
AWS Config Configuration snapshots, historical configuration data, and change notifications from the AWS Config service, as well as metadata about your AWS EC2 instances, reserved instances, and EBS snapshots. Overview
Topology
Usage Overview
EC2 Instances
Individual EC2 Instance
EBS Volumes
Individual EBS Volume
VPC Activities
Security Groups
Key Pairs
Network ACLs
Resource Activities
CloudTrail Management and change events from the AWS CloudTrail service. Overview
Topology
Security Overview
IAM
VPC Activities
Security Groups
Key Pairs
Network ACLs
User Activities
VPC Flow Logs VPC flow logs from the CloudWatch Logs service. Flow logs allow you to capture IP traffic flow data for the network interfaces in your resources. VPC Flow Logs - Traffic Analysis
VPC Flow Logs - Security
CloudWatch Performance and billing metrics from the AWS CloudWatch service. Topology
Usage Overview
EC2 Instances
Individual EC2 Instance
EBS Volumes
Individual EBS Volume
Billing Billing data from the monthly cost allocation reports that you collect in the Billing & Cost Management console. Billing
S3 Generic log data from your S3 buckets. None

For information about the source types and CIM compatibility of these inputs, see "What data the Splunk App for AWS collects".

Last modified on 12 January, 2016
PREVIOUS
Add AWS accounts for the Splunk App for AWS
  NEXT
Add an AWS Config input for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS: 4.0.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters