Splunk® App for AWS (Legacy)

User Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Overview of the dashboards in the Splunk App for AWS

The Splunk App for AWS offers a variety of dashboards to give you insight into your AWS data.

If you do not see data in a particular dashboard panel, check the source type of the panel for which data is missing. For example, if your Configuration Changes panel on the Overview dashboard shows zeroes, but you know changes have been made in your AWS environment, search sourcetype=aws:config to check that data is coming in to your Splunk platform from that source type. If you do not see events, troubleshoot that input with a Splunk administrator.

Dashboard Description Panel Source Type
Overview Gives a big picture overview of your AWS environment and status from different perspectives, including configuration changes, usage, security. If anything looks unusual, you can click a panel to drill down to a more detailed dashboard. Configuration Changes aws:confg:notification
Notable CloudTrail Activity by Origin aws:cloudtrail
Compute Instances aws:description
Storage aws:config
Security aws:config, aws:description
Networking aws:config
Topology Displays the topology of your AWS resources and how they relate to each other. See "Topology dashboard reference for the Splunk App for AWS" for more details. Topology aws:config
Relationships aws:config
Usage aws:cloudwatch
Activity aws:cloudtrail
Usage Overview Summarizes the usage of AWS services such as EC2 and EBS. Running EC2 Instances aws:description
In-Use EBS Volumes aws:config
In-Use EBS Volume Size aws:config
EBS Snapshots Size aws:description
Max CPU Utilization - Last Week Top 5 aws:cloudwatch, aws:description
Min CPU Utilization - Last Week Top 5 aws:cloudwatch, aws:description
EC2 Instances Describes the usage of your EC2 instances. Running EC2 Instances aws:description
In-Use Reserved EC2 Instances aws:description
Unused Reserved EC2 Instances aws:description
Running EC2 Instances by Category aws:description
Running EC2 Instances by Region aws:description
Running EC2 Instances by Type aws:description
Running EC2 Instances by Type Over Time aws:description
Running EC2 Instances by Region Over Time aws:description
EC2 Spot Instances Details aws:description
EC2 Reserved Instances aws:description
High Utilization EC2 Instances aws:cloudwatch, aws:description
Low Utilization EC2 Instances aws:cloudwatch, aws:description
Individual EC2 Instance Allows you to look up the detailed usage of specific EC2 instances. EC2 Instance Details aws:config
Average CPU Utilization - Last 24h aws:cloudwatch
Total Network I/O - Last 24h aws:cloudwatch
Total Failed Status Checks - Last 24h aws:cloudwatch
Average CPU Utilization Over Time aws:cloudwatch
Total Network I/O Over Time aws:cloudwatch
Total Failed Status Checks Over Time aws:cloudwatch
EBS Volumes Describes the usage of EBS volumes. In-Use EBS Volumes aws:config
In-Use EBS Volume Size aws:config
EBS Snapshots Size aws:description
In-Use EBS Volumes by Type aws:config
EBS Volumes by Sizes aws:config
EBS Volumes by IOPS aws:config
Unused EBS Volumes aws:config
Non-Optimized EBS Volumes aws:config, aws:description
EBS Volumes Without Recent (30 days) Snapshot aws:config, aws:description
Standard EBS Volumes with IOPS > 95 - Last 7 Days aws:cloudwatch, aws:config
EBS Volumes with IOPS < 1 - Last 7 Days aws:cloudwatch, aws:config
Individual EBS Volume Allows you to look up the detailed usage of specific EBS volumes. EBS Volume Details aws:config
Average IOPS - Last 24h aws:cloudwatch
Total Read/Write - Last 24h aws:cloudwatch
Average Queue Length - Last 24h aws:cloudwatch
Average IOPS Over Time aws:cloudwatch
Total Read/Write Over Time aws:cloudwatch
Average Queue Length Over Time aws:cloudwatch
Security Overview Displays the number of error events from different services. Drill down to more detailed dashboards from this overview. IAM Errors aws:cloudtrail
VPC Errors aws:cloudtrail
Security Group Errors aws:cloudtrail
Key Pair Errors aws:cloudtrail
Network ACL Errors aws:cloudtrail
Unauthorized Activity aws:cloudtrail
Authorized vs Unauthorized IAM Activity aws:cloudtrail
Authorized vs Unauthorized Activity by User aws:cloudtrail
Authorized vs Unauthorized Activity by Event Name aws:cloudtrail
IAM Activity Describes IAM activity in your environment, including the error events, which users have the most activity, activity over time, and the detailed list of error activities. Error Events aws:cloudtrail
Activity by User aws:cloudtrail
IAM Actions aws:cloudtrail
IAM Activity Over Time aws:cloudtrail
Authorized vs. Unauthorized Activity aws:cloudtrail
Detailed IAM Activity aws:cloudtrail
IAM Error Activity aws:cloudtrail
VPC Activity Describes VPC activity in your environment, including the error events, number of VPCs, activity over time, and the detailed list of error activities. VPCs aws:config
Error Events aws:cloudtrail
Network VPC Actions aws:cloudtrail
VPC Activity Over Time aws:cloudtrail
Detailed VPC Activity aws:cloudtrail
VPC Error Activity aws:cloudtrail
VPC Flow Logs - Traffic Analysis Provides an overview of your network traffic. Monitored Interfaces aws:cloudwatchlogs:vpcflow
Traffic Protocols aws:cloudwatchlogs:vpcflow
All Traffic (GB) aws:cloudwatchlogs:vpcflow
Traffic Destinations aws:cloudwatchlogs:vpcflow
Traffic Sources aws:cloudwatchlogs:vpcflow
Traffic Over Time by Interface (Top 5) aws:cloudwatchlogs:vpcflow
Traffic Size by Protocol and Location aws:cloudwatchlogs:vpcflow
Top Destination Addresses aws:cloudwatchlogs:vpcflow
Top Destination Ports aws:cloudwatchlogs:vpcflow
Top Source Addresses aws:cloudwatchlogs:vpcflow
VPC Flow Logs - Security Provides an overview of your rejected network traffic. Accepted vs. Rejected Over Time (Bytes) aws:cloudwatchlogs:vpcflow
Accepted vs. Rejected Traffic by Location aws:cloudwatchlogs:vpcflow
Top Rejected Destination Ports aws:cloudwatchlogs:vpcflow
Top Rejected Source Addresses aws:cloudwatchlogs:vpcflow
Top 50 Rejected Address Pairs aws:cloudwatchlogs:vpcflow
Security Groups Describes security group activity in your AWS environment, including error events, number of security groups and rules, any unused security groups, activity over time, and the detailed list of error activities. Security Groups aws:config
Security Group Rules aws:config
Error Events aws:cloudtrail
Security Group Actions aws:cloudtrail
Unused Security Groups aws:config
Security Group Activity Over Time aws:cloudtrail
Security Group Activity aws:cloudtrail
Authorize and Revoke Activity aws:cloudtrail
Security Group Error Activity aws:cloudtrail
Key Pairs Describes the key pair activity in your AWS environment, including error events, the number of in-use key pairs, which key pair is most used, activity over time, and the detailed list of error activities. In-Use Key Pairs aws:description
Error Events aws:cloudtrail
Key Pair Actions aws:cloudtrail
Key Pair Usage aws:description
Key Pair Activity Over Time aws:cloudtrail
Key Pair Activity aws:cloudtrail
Key Pair Error Activity aws:cloudtrail
Network ACLs Describes the Network ACL activity in your AWS environment, including error events, the number of Network ACLs, activity over time, and the detailed list of error activities. Network ACLs aws:config
Error Events aws:cloudtrail
Network ACL Actions aws:cloudtrail
Network ACL Activity Over Time aws:cloudtrail
Detailed Network ACLs Activity aws:cloudtrail
Network ACL Error Activity aws:cloudtrail
User Activity Describes user activity in your AWS environment, including the number of active users, error/unauthorized activities, activity over time, and list of activities. You can also filter activities by ARN or username. Active Users aws:cloudtrail
Error Activities aws:cloudtrail
Unauthorized Activities aws:cloudtrail
User Activity Over Time aws:cloudtrail
User Activity Grouped by Event Name aws:cloudtrail
Resource Activity Shows the resource changes over time and the detailed change list. Changes Over Time aws:config:notification
Changes by Resource Type aws:config:notification
Resources aws:config:notification
Billing Displays your monthly billing cost up to but excluding the current month. AWS continues to update the monthly billing report several days after the last day of a calendar month, so you may see some fluctuation in the most recent monthly charge during the first few days of a new month. Check the Consolidated Billing Account box if your billing reports are from a consolidated account to display your charges both by service and by account. Monthly Cost by Account aws:billing
Monthly Cost by Service aws:billing
Last modified on 20 November, 2015
Get your data for the Splunk App for AWS   Topology dashboard reference for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters