Inputs overview for the Splunk App for AWS
The Splunk App for AWS offers the following inputs to gather useful data from your AWS environment to present in the app dashboards. The table below indicates which inputs feed data to which dashboards. Click the input name for instructions on how to configure it.
The Splunk App for AWS saves your account and input configurations in the Splunk Add-on for AWS. If you open the add-on, you should expect to see your accounts and inputs listed there.
You can create and edit inputs through either the app or the add-on. The add-on offers additional advanced configuration options not visible in the app configuration. Any advanced configurations you enter in the add-on are honored by the app, even though those parameters are not visible in the app's input configuration screens.
Note: If you are using the Splunk App for AWS on a distributed, on-premises deployment of Splunk Enterprise, you must run the remote target command to connect your search head with your data collection node in order to be able to configure these inputs using the app configuration screen on your search heads. If you do not perform this step, configure your inputs through the add-on on your heavy forwarder and do not use the app configuration screen. If you configure your inputs through the add-on, you need to manually enable and schedule the saved search called Config: Topology Data Generator, which you can find in the app under Search > Reports. This search runs every twenty minutes and helps populate your Topology dashboard.
| Input | Description | Dashboards |
|---|---|---|
| AWS Config | Configuration snapshots, historical configuration data, and change notifications from the AWS Config service, as well as metadata about your AWS EC2 instances, reserved instances, and EBS snapshots. | Overview Topology Usage Overview EC2 Instances Individual EC2 Instance EBS Volumes Individual EBS Volume VPC Activities Security Groups Key Pairs Network ACLs Resource Activities |
| CloudTrail | Management and change events from the AWS CloudTrail service. | Overview Topology Security Overview IAM VPC Activities Security Groups Key Pairs Network ACLs User Activities |
| VPC Flow Logs | VPC flow logs from the CloudWatch Logs service. Flow logs allow you to capture IP traffic flow data for the network interfaces in your resources. | VPC Flow Logs - Traffic Analysis VPC Flow Logs - Security |
| CloudWatch | Performance and billing metrics from the AWS CloudWatch service. | Topology Usage Overview EC2 Instances Individual EC2 Instance EBS Volumes Individual EBS Volume |
| Billing | Billing data from the monthly cost allocation reports that you collect in the Billing & Cost Management console. | Billing |
| S3 | Generic log data from your S3 buckets. | None |
For information about the source types and CIM compatibility of these inputs, see "What data the Splunk App for AWS collects".
| Add AWS accounts for the Splunk App for AWS | Add an AWS Config input for the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.0.0
Download manual
Feedback submitted, thanks!