What data the Splunk App for AWS collects
The Splunk App for AWS can collect the following data from your AWS environment. Access this data by configuring the inputs, then exploring the relevant dashboards. For more information about which dashboards these inputs support, see "Inputs overview for the Splunk App for AWS".
You can also search for data using the associated source type. When possible, the Splunk App for AWS tags the data for compliance with the Splunk Common Information Model, making it easy to integrate data from your AWS environment with your other security and infrastructure data in the Splunk platform using your own custom dashboards or those provided by other Splunk apps.
AWS data source | Description | Source type | CIM compliance |
---|---|---|---|
Config | Configuration snapshots and historical configuration data from the AWS Config service. | aws:config
|
Change Analysis |
Configuration change notifications from the AWS Config service. | aws:config:notification
|
Change Analysis | |
Metadata | Descriptions of your AWS resources, used to improve dashboard readability. | aws:description
|
None |
CloudTrail | Management and change events from the AWS CloudTrail service. | aws:cloudtrail
|
Change Analysis |
VPC Flow Logs | VPC flow logs from the CloudWatch Logs service. | aws:cloudwatchlogs:vpcflow
|
Network Traffic |
CloudWatch | Performance and billing metrics from the AWS CloudWatch service. | aws:cloudwatch
|
Performance, Databases |
Billing | Monthly cost allocation reports and Detailed reports with resources and tags that you have configured in AWS. | aws:billing
|
None |
S3 | Generic log data from your S3 buckets. | aws:s3
|
None |
About the Splunk App for AWS | Hardware and software requirements for the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.0.0
Feedback submitted, thanks!