The Splunk App for AWS includes the opt-in ability to send anonymized usage data to Splunk to help improve the app in future releases.
How data is collected
If you opt in, the app enables an internal library to track basic usage and crash information. The library uses browser cookies to track app user visitor uniqueness and sessions and sends events to Splunk using XHR in JSON format.
What data is collected
If enabled, the Splunk App for AWS sends five different kinds of events to Splunk.
Event | Source Type | Description | Data sent includes common fields, plus | ||
---|---|---|---|---|---|
Field | Type | Description | |||
Session start | mint:ping
|
Each ping event indicates that a new session has started. | fsEncrypted
|
N/A | Not used, always "NA" |
rooted
|
N/A | Not used, always false | |||
Session end | mint:gnip
|
Each gnip event indicates that a session has ended. | ses_duration
|
int | How long the session lasted |
Page views | mint:view
|
Triggered once per page view in the app. | current
|
string | The URL of the current web page, without the hostname. |
currentView
|
string | Not used. Hardcoded to 'examples'. | |||
domProcessingTime
|
int | Time spent to process the domain. | |||
domLookupTime
|
int | Time spent to look up the domain name. | |||
elapsedTime
|
int | Time spent to render the page. | |||
host
|
string | The hostname in the URL. | |||
loadTime
|
int | Time spent to load the page. | |||
previous
|
string | The referrer URL. | |||
serverTime
|
int | Time spent to get a response from the server. | |||
App performance and configuration |
mint:log
|
Usage and performance logs for the Splunk App for AWS that track dashboard memory usage, dashboard loading times, the number of accounts, inputs, and regions configured in the app, and non-sensitive input configuration parameters (for example, SQS queue names and S3 bucket names are not collected.) | level
|
int | Log level. For example, 60 means 'error'. |
log_name
|
any | Log content. See examples below. | |||
API calls | mint:network
|
XMLHTTPRequest calls, usually HTTP API calls from client side (browser) to the Splunk server. | failed
|
boolean | Indicates if the request failed or not. |
latency
|
int | Time spent before response received. | |||
protocol
|
string | Network protocol: either http or https. | |||
requestLength
|
string | N/A. Not used. | |||
responseLength
|
int | The size of the response. | |||
statusCode
|
string | HTTP response code. | |||
url
|
string | The request URL, without the hostname. |
Common fields
The data that the Splunk App for AWS sends to Splunk, if enabled, includes the following common fields. This set of fields includes several fields that are disabled or deliberately not used for the Splunk App for AWS for purposes of anonymization.
Field | Type | Description | Example value |
---|---|---|---|
apiKey
|
string | MINT API key for the Splunk App for AWS | 4t2fk73n |
appRunningState
|
Field is unused by the SDK. Shows a value of "NA" in all events. | ||
appVersionCode
|
Field is unused by the SDK. Shows a value of "NA" in all events. | ||
appVersionName
|
string | The version name of the app sending data. | 4.1.0 |
browser
|
string | The browser name. | Chrome |
browserVersion
|
string | The browser version. | 47.0.2526.111 |
carrier
|
Field is unused by the SDK. Shows a value of "NA" in all events. | ||
connection
|
Field is unused by the SDK. Shows a value of "NA" in all events. | ||
device
|
string | The device making the request. | MacIntel |
extraData
|
JSON object | This field stores custom information for the app. This app uses extraData.splunk_version to store the version number of the Splunk platform instance.
|
6.3.1511 |
locale
|
string | The user locale set in the browser. | en-US |
osVersion
|
string | The version code of the underlying operating system. | OS X 10.11.2 |
packageName
|
string | The package name of the Splunk App for AWS. | splunk_app_aws |
platform
|
Not used for the Splunk App for AWS. Shows a value of "web" in all events. | ||
remoteIP
|
Not used for the Splunk App for AWS. Shows a value of "3.0.0.0" in all events. | ||
sdkVersion
|
string | The version of the SDK. | 4.3 |
screenOrientation
|
Field is unused by the SDK. Shows a value of "NA" in all events. | ||
session_id
|
string | A unique string to identify a session. | a5026251 |
state
|
string | Indicator of whether the browser is online or not. Can be either CONNECTED or DISCONNECTED. | CONNECTED |
uuid
|
UUID | A random identifier to track the user's uniqueness | 837227ea-4569-4675-9a17-ccb39ca69505 |
Example app performance and configuration events
The Splunk App for AWS sends performance and configuration information using the log_name
field in the mint:log
source type. This log_name
field contains two sub-fields, name
, which indicates which type of logs are being transmitted, and data
, the content of the tracking log.
There are two possible options for name
:
track_performance
. When a user accesses a dashboard in the app, the Splunk App for AWS sends performance logs for dashboard memory usage and loading times.track_configuration
. When a Splunk admin visits the Configure page, the Splunk App for AWS sends a log of the number of accounts, inputs, and regions configured in the app, and non-sensitive input configuration parameters. (For example, SQS queue names and S3 bucket names are not collected.)
The following examples demonstrate what data the Splunk App for AWS sends for each type of event.
log_name.name
|
Example JSON object |
---|---|
track_performance
|
{ "memory":{ "totalJSHeapSize":72200000, "usedJSHeapSize":39600000, "jsHeapSizeLimit":1620000000 }, "timing":{ "navigationStart":1453273923766, "unloadEventStart":1453273923929, "unloadEventEnd":1453273923930, "redirectStart":0, "redirectEnd":0, "fetchStart":1453273923766, "domainLookupStart":1453273923766, "domainLookupEnd":1453273923766, "connectStart":1453273923766, "connectEnd":1453273923766, "secureConnectionStart":0, "requestStart":1453273923773, "responseStart":1453273923927, "responseEnd":1453273923929, "domLoading":1453273923939, "domInteractive":1453273923975, "domContentLoadedEventStart":1453273923975, "domContentLoadedEventEnd":1453273923975, "domComplete":1453273926985, "loadEventStart":1453273926985, "loadEventEnd":1453273926987 } } |
track_configuration
|
{ "accounts":{ "count":3, "details":[ { "name":"testaccount4", "category":"4" }, { "name":"testaccount1", "category":"1" }, { "name":"Peter", "category":"1" } ] }, "inputs":{ "config":{ "count":1, "details":[ { "account":"Peter", "regions":"ap-southeast-1", "index":"main", "interval":"30" } ] }, "billing":{ "count":1, "details":[ { "account":"Peter", "index":"main", "interval":"86400", "billing_daily_type":"2", "billing_montly_type":"2" } ] }, "cloudwatch-logs":{ "count":2, "details":[ { "account":"Peter", "regions":"ap-southeast-1", "index":"history", "interval":"600" }, { "account":"Peter", "regions":"ap-southeast-1,ap-southeast-2", "index":"history", "interval":"600" } ] }, "cloudwatch":{ "count":2, "details":[ { "account":"testaccount4", "regions":"cn-north-1", "index":"default", "interval":"3600", "metric_namespaces":"[\"AWS/Billing\", \"AWS/EBS\", \"AWS/EC2\", \"AWS/ELB\", \"AWS/S3\", \"AWS/SNS\", \"AWS/SQS\"]", "metric_details":"[{\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"ServiceName\": [\".*\"], \"Currency\": \".*\"}], \"metrics\": [\"EstimatedCharges\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"VolumeId\": [\".*\"]}], \"metrics\": [\"VolumeWriteOps\", \"VolumeTotalReadTime\", \"VolumeQueueLength\", \"VolumeTotalWriteTime\", \"VolumeWriteBytes\", \"VolumeIdleTime\", \"VolumeReadOps\", \"VolumeReadBytes\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"InstanceId\": [\".*\"]}], \"metrics\": [\"NetworkOut\", \"NetworkIn\", \"CPUCreditBalance\", \"StatusCheckFailed_Instance\", \"CPUCreditUsage\", \"StatusCheckFailed_System\", \"DiskReadOps\", \"DiskWriteBytes\", \"StatusCheckFailed\", \"CPUUtilization\", \"DiskReadBytes\", \"DiskWriteOps\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"LoadBalancerName\": [\".*\"]}], \"metrics\": [\"UnHealthyHostCount\", \"HealthyHostCount\", \"BackendConnectionErrors\", \"HTTPCode_ELB_5XX\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"BucketName\": [\".*\"], \"StorageType\": [\".*\"]}], \"metrics\": [\"NumberOfObjects\", \"BucketSizeBytes\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"TopicName\": [\".*\"]}], \"metrics\": [\"NumberOfNotificationsFailed\", \"NumberOfMessagesPublished\", \"PublishSize\", \"NumberOfNotificationsDelivered\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"QueueName\": [\".*\"]}], \"metrics\": [\"ApproximateNumberOfMessagesVisible\", \"NumberOfMessagesSent\", \"NumberOfMessagesDeleted\", \"ApproximateNumberOfMessagesNotVisible\", \"SentMessageSize\", \"ApproximateNumberOfMessagesDelayed\", \"NumberOfMessagesReceived\", \"NumberOfEmptyReceives\"]}]" }, { "account":"Peter", "regions":"eu-central-1,ap-northeast-1,eu-west-1,us-east-1,ap-southeast-1,ap-southeast-2,us-west-2,us-west-1,sa-east-1", "index":"default", "interval":"3600", "metric_namespaces":"[\"AWS/Billing\", \"AWS/EBS\", \"AWS/EC2\", \"AWS/ELB\", \"AWS/S3\", \"AWS/SNS\", \"AWS/SQS\"]", "metric_details":"[{\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"ServiceName\": [\".*\"], \"Currency\": \".*\"}], \"metrics\": [\"EstimatedCharges\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"VolumeId\": [\".*\"]}], \"metrics\": [\"VolumeIdleTime\", \"VolumeWriteBytes\", \"VolumeReadOps\", \"VolumeQueueLength\", \"VolumeReadBytes\", \"VolumeTotalWriteTime\", \"VolumeWriteOps\", \"VolumeTotalReadTime\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"InstanceId\": [\".*\"]}], \"metrics\": [\"DiskReadBytes\", \"NetworkOut\", \"StatusCheckFailed_Instance\", \"NetworkIn\", \"StatusCheckFailed\", \"StatusCheckFailed_System\", \"CPUUtilization\", \"CPUCreditBalance\", \"DiskWriteOps\", \"DiskWriteBytes\", \"DiskReadOps\", \"CPUCreditUsage\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"LoadBalancerName\": [\".*\"]}], \"metrics\": [\"UnHealthyHostCount\", \"HTTPCode_ELB_5XX\", \"HealthyHostCount\", \"BackendConnectionErrors\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"BucketName\": [\".*\"], \"StorageType\": [\".*\"]}], \"metrics\": [\"NumberOfObjects\", \"BucketSizeBytes\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"TopicName\": [\".*\"]}], \"metrics\": [\"NumberOfNotificationsFailed\", \"NumberOfMessagesPublished\", \"PublishSize\", \"NumberOfNotificationsDelivered\"]}, {\"statistics\": [\"Minimum\", \"Maximum\", \"Sum\", \"Average\"], \"dimensions\": [{\"QueueName\": [\".*\"]}], \"metrics\": [\"SentMessageSize\", \"ApproximateNumberOfMessagesNotVisible\", \"ApproximateNumberOfMessagesDelayed\", \"NumberOfMessagesDeleted\", \"NumberOfMessagesSent\", \"NumberOfMessagesReceived\", \"ApproximateNumberOfMessagesVisible\", \"NumberOfEmptyReceives\"]}]" } ] }, "cloudtrail":{ "count":1, "details":[ { "account":"Peter", "regions":"ap-southeast-1", "index":"main", "interval":"30" } ] }, "description":{ "count":2, "details":[ { "account":"testaccount4", "regions":"cn-north-1", "index":"default" }, { "account":"Peter", "regions":"eu-west-1,ap-southeast-1,ap-southeast-2,eu-central-1,ap-northeast-2,ap-northeast-1,us-east-1,sa-east-1,us-west-1,us-west-2", "index":"main" } ] }, "s3":{ "count":1, "details":[ { "account":"Peter", "index":"default", "interval":null } ] } } } |
What data is not collected
The following kinds of data are not collected:
- Sensitive data such as usernames or passwords
- Identifying information such as addresses, phone numbers, IP addresses, hostnames.
- Indexed data that you ingest into your Splunk platform instance
No data is collected that is not explicitly described in the What data is collected section above.
How to opt in or out
The Splunk App for AWS presents an opt-in request the first time that you access the Configure page in the Splunk App for AWS after you install this version of the app. You can also opt in at any later time on the Configure page by checking the box at the bottom of the screen.
To opt out, leave the box unchecked when the app presents the "Help us improve Splunk products and services" box. If you previously opted in but want to change your response, uncheck the box at the bottom of the Configure page, then click Stop sending data. If you opt out after having previously opted in, the app immediately stops sending data to MINT Cloud.
For more information about how Splunk collects and uses data, please refer to the Splunk Privacy Policy.
Note: The Configure page is only visible to Splunk administrators.
Troubleshoot the Splunk App for AWS | Saved searches for the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (EOL): 4.1.0, 4.1.1
Feedback submitted, thanks!