Splunk® App for AWS (Legacy)

Installation and Configuration Manual

Acrobat logo Download manual as PDF


On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

What data the Splunk App for AWS collects

The Splunk App for AWS can collect the following data from your AWS environment. Access this data by configuring the inputs, then exploring the relevant dashboards. For more information about which dashboards these inputs support, see Inputs overview for the Splunk App for AWS.

You can also search for data using the associated source type. When possible, the Splunk App for AWS tags the data for compliance with the Splunk Common Information Model, making it easy to integrate data from your AWS environment with your other security and infrastructure data in the Splunk platform using your own custom dashboards or those provided by other Splunk apps.

AWS data source Description Source type CIM compliance
Config Configuration snapshots and historical configuration data from the AWS Config service. aws:config Change Analysis
Configuration change notifications from the AWS Config service. aws:config:notification Change Analysis
Metadata Descriptions of your AWS resources, used to improve dashboard readability. aws:description None
CloudTrail Management and change events from the AWS CloudTrail service. aws:cloudtrail Change Analysis
VPC Flow Logs VPC flow logs from the CloudWatch Logs service. aws:cloudwatchlogs:vpcflow Network Traffic
CloudWatch Performance and billing metrics from the AWS CloudWatch service. aws:cloudwatch Performance, Databases
Billing Monthly cost allocation reports and Detailed reports with resources and tags that you have configured in AWS. aws:billing None
S3 Generic log data from your S3 buckets. aws:s3 None
S3 access logs. aws:s3:accesslogs None
CloudFront access logs. aws:cloudfront:accesslogs None
ELB access logs. aws:elb:accesslogs None
Last modified on 27 January, 2016
PREVIOUS
About the Splunk App for AWS
  NEXT
Hardware and software requirements for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.1.0, 4.1.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters