Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

What data the Splunk App for AWS collects

The Splunk App for AWS can collect the following data from your AWS environment. Access this data by configuring the inputs, then exploring the relevant dashboards. For more information about which dashboards these inputs support, see Inputs overview for the Splunk App for AWS.

You can also search for data using the associated source type. When possible, the Splunk App for AWS tags the data for compliance with the Splunk Common Information Model, making it easy to integrate data from your AWS environment with your other security and infrastructure data in the Splunk platform using your own custom dashboards or those provided by other Splunk apps.

Data source Description Source type CIM compliance
Config Configuration snapshots and historical configuration data from the AWS Config service. aws:config Change Analysis
Configuration change notifications from the AWS Config service. aws:config:notification Change Analysis
Descriptions of your AWS EC2 instances, reserved instances, and EBS snapshots, used to improve dashboard readability. aws:description None
Config Rules Compliance details, compliance summary, and evaluation status of your AWS Config Rules. aws:config:rule Inventory
Inspector Assessment Runs and Findings data from the Amazon Inspector service. aws:inspector Inventory, Alerts
CloudTrail Management and change events from the AWS CloudTrail service. aws:cloudtrail Change Analysis
CloudWatch Logs Data from the CloudWatch Logs service. aws:cloudwatchlogs None
VPC flow logs from the CloudWatch Logs service. aws:cloudwatchlogs:vpcflow Network Traffic
CloudWatch Performance and billing metrics from the AWS CloudWatch service. aws:cloudwatch Performance, Databases
Billing Billing reports that you have configured in AWS. aws:billing None
S3 Generic log data from your S3 buckets. aws:s3 None
S3 access logs. aws:s3:accesslogs None
CloudFront access logs. aws:cloudfront:accesslogs None
ELB access logs. aws:elb:accesslogs None
Last modified on 13 May, 2016
About the Splunk App for AWS   Hardware and software requirements for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.0, 4.2.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters