Overview of the dashboards in the Splunk App for AWS
The Splunk App for AWS offers a variety of dashboards to give you insight into your AWS data. As you navigate from one dashboard to another, the app retains your most recent filter selections for Account ID and region to facilitate easy browsing.
If you do not see data in a particular dashboard panel, check the source type of the panel for which data is missing. For example, if your Configuration Changes panel on the Overview dashboard shows zeroes, but you know changes have been made in your AWS environment, search sourcetype=aws:config:notification
to check that data is coming in to your Splunk platform from that source type. If you do not see events, troubleshoot that input with a Splunk administrator.
Overviews
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Overview | Gives a big picture overview of your AWS environment and status from different perspectives, including configuration changes, usage, security. If anything looks unusual, you can click a panel to drill down to a more detailed dashboard. | Configuration Changes | aws:config:notification
|
Notable CloudTrail Activity by Origin | aws:cloudtrail
| ||
Compute Instances | aws:description
| ||
Storage | aws:description , aws:cloudwatch
| ||
Billing | aws:cloudwatch , aws:billing
| ||
ELB | aws:description , aws:cloudwatch
| ||
CloudFront | aws:cloudfront:accesslogs
| ||
Usage Overview | Summarizes the usage of AWS services such as EC2 and EBS. | EC2 and EBS | aws:description
|
ELB | aws:description , aws:cloudwatch
| ||
Max CPU Utilization - Last 7 Days Top 5 | aws:cloudwatch , aws:description
| ||
Min CPU Utilization - Last 7 Days Top 5 | aws:cloudwatch , aws:description
| ||
Security Overview | Displays the number of error events from different services. Drill down to more detailed dashboards from this overview. | IAM Errors | aws:cloudtrail
|
VPC Errors | aws:cloudtrail
| ||
Security Group Errors | aws:cloudtrail
| ||
Key Pair Errors | aws:cloudtrail
| ||
Network ACL Errors | aws:cloudtrail
| ||
Unauthorized Activity | aws:cloudtrail
| ||
Authorized vs Unauthorized IAM Activity | aws:cloudtrail
| ||
Authorized vs Unauthorized Activity by User | aws:cloudtrail
| ||
Authorized vs Unauthorized Activity by Event Name | aws:cloudtrail
|
Note: If you see a message indicating that the Notable CloudTrail Activity by Origin map cannot display, this is due to the fact that AWS does not provide a valid sourceIPAddress
for data in the AWS region at this time.
Topology
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Topology | Displays the topology of your AWS resources and how they relate to each other. See Topology dashboard reference for the Splunk App for AWS for more details. | Topology | aws:config
|
Relationships | aws:config
| ||
Usage | aws:cloudwatch
| ||
Activity | aws:cloudtrail
| ||
VPC Flow | aws:cloudwatchlogs:vpcflow
| ||
IAM | aws:config
| ||
Billing | aws:billing
| ||
Amazon Inspector and Config Rules | aws:inspector , aws:config:rule
|
Usage
Dashboard | Description | Panel | Source Type |
---|---|---|---|
EC2 Instances | Describes the usage of your EC2 instances. | Running EC2 Instances | aws:description
|
In-Use Reserved EC2 Instances | aws:description
| ||
Unused Reserved EC2 Instances | aws:description
| ||
Running EC2 Instances by Category | aws:description
| ||
Running EC2 Instances by Region | aws:description
| ||
Running EC2 Instances by Type | aws:description
| ||
Running EC2 Instances by Type Over Time | aws:description
| ||
Running EC2 Instances by Region Over Time | aws:description
| ||
EC2 Spot Instances Details | aws:description
| ||
EC2 Reserved Instances | aws:description
| ||
High Utilization EC2 Instances | aws:cloudwatch , aws:description
| ||
Low Utilization EC2 Instances | aws:cloudwatch , aws:description
| ||
Individual EC2 Instances | Allows you to look up the detailed usage of specific EC2 instances. | EC2 Instance Details | aws:description
|
Average CPU Utilization - Last 24h | aws:cloudwatch
| ||
Total Network I/O - Last 24h | aws:cloudwatch
| ||
Total Failed Status Checks - Last 24h | aws:cloudwatch
| ||
Average CPU Utilization Over Time | aws:cloudwatch
| ||
Total Network I/O Over Time | aws:cloudwatch
| ||
Total Failed Status Checks Over Time | aws:cloudwatch
| ||
EBS Volumes | Describes the usage of EBS volumes. | In-Use EBS Volumes | aws:description
|
In-Use EBS Volume Size | aws:description
| ||
EBS Snapshots Size | aws:description
| ||
In-Use EBS Volumes by Type | aws:description
| ||
EBS Volumes by Sizes | aws:description
| ||
EBS Volumes by IOPS | aws:description
| ||
Unused EBS Volumes | aws:description
| ||
Non-Optimized EBS Volumes | aws:description
| ||
EBS Volumes Without Recent (30 days) Snapshot | aws:description
| ||
Standard EBS Volumes with IOPS > 95 - Last 7 Days | aws:description , aws:cloudwatch
| ||
EBS Volumes with IOPS < 1 - Last 7 Days | aws:description , aws:cloudwatch
| ||
Individual EBS Volumes | Allows you to look up the detailed usage of specific EBS volumes. | EBS Volume Details | aws:description
|
Average IOPS - Last 24h | aws:cloudwatch
| ||
Total Read/Write - Last 24h | aws:cloudwatch
| ||
Average Queue Length - Last 24h | aws:cloudwatch
| ||
Average IOPS Over Time | aws:cloudwatch
| ||
Total Read/Write Over Time | aws:cloudwatch
| ||
Average Queue Length Over Time | aws:cloudwatch
| ||
ELB Instances | Displays information about the ELBs in your environment. | Total ELBs | aws:description
|
Total Requests | aws:cloudwatch
| ||
Unhealthy EC2 Instances | aws:description
| ||
ELB Error Requests | aws:cloudwatch
| ||
HTTP 4XX Responses | aws:cloudwatch
| ||
HTTP 5XX Responses | aws:cloudwatch
| ||
ELBs by Region | aws:description
| ||
Requests by ELB | aws:cloudwatch
| ||
Requests by HTTP Status Code | aws:cloudwatch
| ||
Latency per ELB Over Time | aws:cloudwatch
| ||
Requests per ELB Over Time | aws:cloudwatch
| ||
Individual ELB Instances | Allows you to look up detailed information about specific ELBs. | Total Requests | aws:cloudwatch
|
ELB Error Requests | aws:cloudwatch
| ||
HTTP Error Requests | aws:cloudwatch
| ||
Unhealthy EC2 Instances | aws:description
| ||
ELB Details | aws:cloudwatch
| ||
EC2 Instances | aws:description
| ||
Latency Over Time | aws:cloudwatch
| ||
Request Count Over Time | aws:cloudwatch
| ||
HTTP Status Code Over Time | aws:cloudwatch
| ||
Capacity Planner | Allows you to analyze your usage to plan your capacity for upcoming months. Based on historical month data from Detailed billing reports with resources and tags. | Total Instance Hours | aws:billing
|
Percentage of On-Demand Hours | aws:billing
| ||
Total Instance Cost | aws:billing
| ||
Percentage of On-Demand Cost | aws:billing
| ||
Instance Hours | aws:billing
| ||
Relational Database Service | Displays RDS data from the CloudWatch service. | RDS Instance Details | aws:description , aws:cloudwatch
|
Average CPU Utilization | aws:description , aws:cloudwatch
| ||
Average Freeable Memory | aws:description , aws:cloudwatch
| ||
Average Free Storage Space | aws:description , aws:cloudwatch
| ||
Average Write IOPS | aws:description , aws:cloudwatch
| ||
Average Read Latency | aws:description , aws:cloudwatch
| ||
Average Write Latency | aws:description , aws:cloudwatch
|
Traffic & Access
Dashboard | Description | Panel | Source Type |
---|---|---|---|
ELB - Traffic Analysis | Data from your ELB access logs. | Total Entries | aws:elb:accesslogs
|
Total ELBs | aws:elb:accesslogs
| ||
Unique Clients | aws:elb:accesslogs
| ||
Total Data Sent | aws:elb:accesslogs
| ||
Total Data Received | aws:elb:accesslogs
| ||
Traffic Size by Location (Bytes) | aws:elb:accesslogs
| ||
Request Count by Location | aws:elb:accesslogs
| ||
Error Entries | aws:elb:accesslogs
| ||
Average Processing Time | aws:elb:accesslogs
| ||
Top Error-Causing Requests | aws:elb:accesslogs
| ||
Error Count | aws:elb:accesslogs
| ||
Top Time-Consuming Requests | aws:elb:accesslogs
| ||
Processing Time (ms) | aws:elb:accesslogs
| ||
VPC Flow Logs - Traffic Analysis | Provides an overview of your network traffic. | Monitored Interfaces | aws:cloudwatchlogs:vpcflow
|
Traffic Protocols | aws:cloudwatchlogs:vpcflow
| ||
All Traffic (GB) | aws:cloudwatchlogs:vpcflow
| ||
Traffic Destinations | aws:cloudwatchlogs:vpcflow
| ||
Traffic Sources | aws:cloudwatchlogs:vpcflow
| ||
Traffic Over Time by Interface (Top 5) | aws:cloudwatchlogs:vpcflow
| ||
Traffic Size by Protocol and Location | aws:cloudwatchlogs:vpcflow
| ||
Top Destination Addresses | aws:cloudwatchlogs:vpcflow
| ||
Top Destination Ports | aws:cloudwatchlogs:vpcflow
| ||
Top Source Addresses | aws:cloudwatchlogs:vpcflow
| ||
CloudFront - Traffic Analysis | Traffic and error metrics about your CloudFront distribution. | Total Requests | aws:cloudfront:accesslogs
|
Error Requests | aws:cloudfront:accesslogs
| ||
Total Request Traffic | aws:cloudfront:accesslogs
| ||
Total Response Traffic | aws:cloudfront:accesslogs
| ||
Cache Hit Ratio | aws:cloudfront:accesslogs
| ||
Traffic Size by Location (Bytes) | aws:cloudfront:accesslogs
| ||
Request Count by Location | aws:cloudfront:accesslogs
| ||
HTTP Status | aws:cloudfront:accesslogs
| ||
User Agents | aws:cloudfront:accesslogs
| ||
CloudFront Edge Details | aws:cloudfront:accesslogs
| ||
Top URLs | aws:cloudfront:accesslogs
| ||
Top Request by Edge Location | aws:cloudfront:accesslogs
| ||
Slowest Requests | aws:cloudfront:accesslogs
| ||
Heaviest Traffic Requests | aws:cloudfront:accesslogs
| ||
Latency Over Time | aws:cloudfront:accesslogs
| ||
Traffic (MB) Over Time | aws:cloudfront:accesslogs
| ||
S3 - Traffic Analysis | Data from your S3 access logs. | Total Requests | aws:s3:accesslogs
|
Error Requests | aws:s3:accesslogs
| ||
Total Traffic | aws:s3:accesslogs
| ||
Average Processing Time | aws:s3:accesslogs
| ||
Traffic Size by Location (Bytes) | aws:s3:accesslogs
| ||
Request Count by Location | aws:s3:accesslogs
| ||
HTTP Status | aws:s3:accesslogs
| ||
S3 Error Code | aws:s3:accesslogs
| ||
Top User Agents | aws:s3:accesslogs
| ||
Top Requests | aws:s3:accesslogs
| ||
Request Count Over Time | aws:s3:accesslogs
| ||
Top Error Requests | aws:s3:accesslogs
| ||
Error Count Over Time | aws:s3:accesslogs
|
Security
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Network ACLs | Describes the Network ACL activity in your AWS environment, including error events, the number of Network ACLs, activity over time, and the detailed list of error activities. | Network ACLs | aws:description
|
Error Events | aws:cloudtrail
| ||
Network ACL Actions | aws:cloudtrail
| ||
Network ACL Activity Over Time | aws:cloudtrail
| ||
Detailed Network ACLs Activity | aws:cloudtrail
| ||
Network ACL Error Activity | aws:cloudtrail
| ||
Security Groups | Describes security group activity in your AWS environment, including error events, number of security groups and rules, any unused security groups, activity over time, and the detailed list of error activities. | Security Groups | aws:description
|
Security Group Rules | aws:description
| ||
Error Events | aws:cloudtrail
| ||
Security Group Actions | aws:cloudtrail
| ||
Unused Security Groups | aws:config
| ||
Security Group Activity Over Time | aws:cloudtrail
| ||
Security Group Activity | aws:cloudtrail
| ||
Authorize and Revoke Activity | aws:cloudtrail
| ||
Security Group Error Activity | aws:cloudtrail
| ||
IAM Activity | Describes IAM activity in your environment, including the error events, which users have the most activity, activity over time, and the detailed list of error activities. | Error Events | aws:cloudtrail
|
Activity by User | aws:cloudtrail
| ||
IAM Actions | aws:cloudtrail
| ||
IAM Activity Over Time | aws:cloudtrail
| ||
Authorized vs. Unauthorized Activity | aws:cloudtrail
| ||
Detailed IAM Activity | aws:cloudtrail
| ||
IAM Error Activity | aws:cloudtrail
| ||
Key Pairs Activity | Describes the key pair activity in your AWS environment, including error events, the number of in-use key pairs, which key pair is most used, activity over time, and the detailed list of error activities. | In-Use Key Pairs | aws:description
|
Error Events | aws:cloudtrail
| ||
Key Pair Actions | aws:cloudtrail
| ||
Key Pair Usage | aws:description
| ||
Key Pair Activity Over Time | aws:cloudtrail
| ||
Key Pair Activity | aws:cloudtrail
| ||
Key Pair Error Activity | aws:cloudtrail
| ||
VPC Activity | Describes VPC activity in your environment, including the error events, number of VPCs, activity over time, and the detailed list of error activities. | VPCs | aws:description
|
Error Events | aws:cloudtrail
| ||
Network VPC Actions | aws:cloudtrail
| ||
VPC Activity Over Time | aws:cloudtrail
| ||
Detailed VPC Activity | aws:cloudtrail
| ||
VPC Error Activity | aws:cloudtrail
| ||
VPC Flow Logs - Security Analysis | Provides an overview of your rejected network traffic. | Accepted vs. Rejected Over Time (Bytes) | aws:cloudwatchlogs:vpcflow
|
Accepted vs. Rejected Traffic by Location | aws:cloudwatchlogs:vpcflow
| ||
Top Rejected Destination Ports | aws:cloudwatchlogs:vpcflow
| ||
Top Rejected Source Addresses | aws:cloudwatchlogs:vpcflow
| ||
Top 50 Rejected Address Pairs | aws:cloudwatchlogs:vpcflow
|
Audit
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Config Rules | Displays compliance status results based on the AWS Config rules that you have set up in your environment. | Active Config Rules | aws:config:rule
|
Active Config Rules | aws:config:rule
| ||
Non-Compliant Resources | aws:config:rule
| ||
Compliant vs Non-Compliant Resources | aws:config:rule
| ||
Active Config Rules Summary | aws:config:rule
| ||
Non-Compliant Resources Details | aws:config:rule
| ||
Amazon Inspector | Displays results of your Amazon Inspector findings, which you can filter by assessment run and severity. From the Findings table on this dashboard, click on an EC2 instance name to jump directly to the Topology dashboard and view that EC2 instance in context. | Completed Assessment Runs | aws:inspector
|
Total Findings | aws:inspector
| ||
High Severity | aws:inspector
| ||
Medium Severity | aws:inspector
| ||
Low Severity | aws:inspector
| ||
Informational Severity | aws:inspector
| ||
Findings | aws:inspector
| ||
Resource Activity | Shows the resource changes over time and the detailed change list. | Changes Over Time | aws:config:notification
|
Changes by Resource Type | aws:config:notification
| ||
Resources | aws:config:notification
| ||
User Activity | Describes user activity in your AWS environment, including the number of active users, error/unauthorized activities, activity over time, and list of activities. You can also filter activities by ARN or username. | Active Users | aws:cloudtrail
|
Error Activities | aws:cloudtrail
| ||
Unauthorized Activities | aws:cloudtrail
| ||
User Activity Over Time | aws:cloudtrail
| ||
User Activity Grouped by Event Name | aws:cloudtrail
|
Billing
Dashboard | Description | Panel | Source Type |
---|---|---|---|
Current Month Estimated Billing | Projected AWS bill information based on your CloudWatch billing metrics. Note that the Total Projected Cost -- This Month and Cost Projection Over Time panels rely on at least two data points before a projection can appear, thus these panels show "No results found" for the first few days of each new month. |
Estimated Cost - Month to Date | aws:cloudwatch
|
Total Projected Cost - This Month | aws:cloudwatch
| ||
Estimated Cost by Account | aws:cloudwatch
| ||
Estimated Cost by Service | aws:cloudwatch
| ||
Month over Month Comparison - Daily Cost | aws:cloudwatch
| ||
Cost Projection Over Time | aws:cloudwatch
| ||
Estimated Cost by Account and Service - Month to Date | aws:cloudwatch
| ||
Historical Monthly Bills | Displays your monthly billing cost up to but excluding the current month. AWS continues to update the monthly billing report several days after the last day of a calendar month, so you may see some fluctuation in the most recent monthly charge during the first few days of a new month. Note that the Cost by Region panel is not available in consolidated accounts and show incomplete costs in nonconsolidated accounts if your bills include items that do not have region information associated with them. |
Cost by Account | aws:billing
|
Cost by Service | aws:billing
| ||
Cost by Region | aws:billing
| ||
EC2 Cost by Instance Type | aws:billing
| ||
EBS Cost by Usage Type | aws:billing
| ||
Month over Month Comparison | aws:billing
| ||
Cost by Account and Service | aws:billing
| ||
Historical Detailed Bills | Allows you to analyze your detailed billing history using your Detailed billing reports with resources and tags. Does not include data for the current month. Expect long load times for this dashboard due to the large amount of data in the Detailed billing report. | Total Cost | aws:billing
|
Cost Over Time | aws:billing
|
Work with your data in the Splunk App for AWS | Filter dashboards by tags in the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.0, 4.2.1
Feedback submitted, thanks!