Topology dashboard reference for the Splunk App for AWS
The Topology dashboard in the Splunk App for AWS displays the topology of your AWS resources and how they relate to each other. If your environment is complex, this dashboard may take several minutes to load.
Use this dashboard to examine your resource usage to ensure you are following AWS best practices, maximizing efficiency, and minimizing cost. For example, this dashboard can help reveal:
- too many instances in a single VPC
- too many security groups
- security groups with few or no linked EC2 instances
- stopped instances with many attached EBS volumes
- whether EC2 instances are well secured in your private and public subnets
- whether autoscaling worked as expected
This dashboard relies on three data inputs and a saved search. In order to see your data, ask your admin to configure AWS Config, CloudTrail, and CloudWatch inputs. When the AWS Config input becomes active, the app automatically enables the Config: Topology Data Generator saved search, which supplies additional data specifically for this dashboard. The saved search is scheduled to run every twenty minutes, on the hour, twenty minutes past the hour, and forty minutes past the hour. Your admin can also trigger the saved search to run immediately from Search > Reports in the app.
If you do not see the data that you expect in this dashboard, ask your admin to:
- check that the Config: Topology Data Generator saved search is enabled.
- trigger a new snapshot manually in the Configure tab, visible to admins.
- search for
sourcetype=aws:configto ensure data is successfully reaching your Splunk platform
If you are on a search head cluster, and your topology dashboard shows different data on different search head nodes, manually trigger the Config: Topology Data Generator saved search on each node to sync them.
Overview of the dashboards in the Splunk App for AWS
This documentation applies to the following versions of Splunk® App for AWS: 4.0.0