Splunk® App for AWS

User Manual

Acrobat logo Download manual as PDF

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of AWS. Click here for the latest version.
Acrobat logo Download topic as PDF

Topology dashboard reference for the Splunk App for AWS

The Topology dashboard in the Splunk App for AWS displays the topology of your AWS resources and how they relate to each other. If your environment is complex, this dashboard may take several minutes to load.

Use cases

Use this dashboard to examine your resource usage to ensure you are following AWS best practices, maximizing efficiency, and minimizing cost. For example, this dashboard can help reveal:

  • too many instances in a single VPC
  • too many security groups
  • security groups with few or no linked EC2 instances
  • stopped instances with many attached EBS volumes
  • whether EC2 instances are well secured in your private and public subnets
  • whether autoscaling worked as expected

Data sources

This dashboard relies on three data inputs and a saved search. In order to see your data, ask your admin to configure AWS Config, CloudTrail, and CloudWatch inputs. When the AWS Config input becomes active, the app automatically enables the Config: Topology Data Generator saved search, which supplies additional data specifically for this dashboard. The saved search is scheduled to run every twenty minutes, on the hour, twenty minutes past the hour, and forty minutes past the hour. Your admin can also trigger the saved search to run immediately from Search > Reports in the app.


If you do not see the data that you expect in this dashboard, ask your admin to:

  • check that the Config: Topology Data Generator saved search is enabled.
  • trigger a new snapshot manually in the Configure tab, visible to admins.
  • search for sourcetype=aws:config to ensure data is successfully reaching your Splunk platform

If you are on a search head cluster, and your topology dashboard shows different data on different search head nodes, manually trigger the Config: Topology Data Generator saved search on each node to sync them.

Last modified on 14 January, 2016
Overview of the dashboards in the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS: 4.0.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters