Inputs overview for the Splunk App for AWS
The Splunk App for AWS offers the following inputs to gather useful data from your AWS environment to present in the app dashboards. The table below indicates which inputs feed data to which dashboards. Click the input name for instructions on how to configure it.
The Splunk App for AWS saves your account and input configurations in the Splunk Add-on for AWS. If you open the add-on, your accounts and inputs are listed there as well.
You can create and edit inputs through either the app or the add-on. The add-on offers additional advanced configuration options not visible in the app configuration. Any advanced configurations you enter in the add-on are honored by the app, even when those parameters are not visible in the app's input configuration screens.
Note: If you are using the Splunk App for AWS on a distributed, on-premises deployment of Splunk Enterprise, you must run the remote target command to connect your search head with your data collection node in order to be able to configure these inputs using the app configuration screen on your search heads. If you do not perform this step, configure your inputs through the add-on on your heavy forwarder and do not use the app configuration screens.
If you configure your inputs through the add-on, perform two additional steps:
- Manually enable and schedule the saved searches in this app, which you can find in the app under Search > Reports. For more information, see Saved searches for the Splunk App for AWS.
- You also need to manually update the app's index macros if you are using any indexes other than "main." You can add your custom indexes by going to Settings > Advanced search on your search heads.
| Input | Description | Dashboards |
|---|---|---|
| AWS Config | Configuration snapshots, historical configuration data, and change notifications from the AWS Config service. | Overview Topology Security Groups Resource Activity |
| CloudTrail | Management and change events from the AWS CloudTrail service. | Overview Topology Security Overview IAM Activity VPC Activity Security Groups Key Pairs Network ACLs User Activity |
| VPC Flow Logs | VPC flow logs from the CloudWatch Logs service. Flow logs allow you to capture IP traffic flow data for the network interfaces in your resources. | Topology VPC Flow Logs - Traffic Analysis VPC Flow Logs - Security |
| CloudWatch | Performance and billing metrics from the AWS CloudWatch service. | Overview Topology Usage Overview EC2 Instances Individual EC2 Instance EBS Volumes Individual EBS Volume Elastic Load Balancing (ELB) Individual Elastic Load Balancing (ELB) Estimated Billing - Current Month |
| Billing | Billing data from the reports that you collect in the Billing & Cost Management console. | Monthly Billing Detailed Billing Capacity Planning |
| S3 | Generic log data and access logs from your S3 buckets. | Overview CloudFront Distribution ELB Access Log S3 Access Log |
| Metadata | Metadata about your AWS resources. | Overview Usage Overview EC2 Instances EBS Volumes VPC Activity Security Groups Key Pairs Network ACLs |
For information about the source types and CIM compatibility of these inputs, see What data the Splunk App for AWS collects.
| Add AWS accounts for the Splunk App for AWS | Add an AWS Config input for the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.1.0, 4.1.1
Download manual
Feedback submitted, thanks!