On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy).
For documentation on the most recent version, go to the latest release.
Data models for the Splunk App for AWS
The Splunk App for AWS includes five data models to support dashboard performance.
| Name | Purpose | Accelerated | Action required |
|---|---|---|---|
| CloudFront Access Log | Supports the Overview and CloudFront - Traffic Analysis dashboards. | Yes | None |
| S3 Access Log | Supports the S3 - Traffic Analysis dashboard. | Yes | None |
| VPC Flow | Supports the VPC Flow Logs - Traffic Analysis and VPC Flow Logs - Security Analysis dashboards. | Yes | If you ingest high volume VPC flow log data through the Splunk Add-on for AWS's Kinesis input and encounter issues with bundle replication or data model acceleration performance, reduce the data model's summary range to one day. |
| Detailed Billing | Supports the Historical Detailed Bills dashboard. | Yes | None |
| Instance Hour | Supports the Capacity Planner dashboard. | Yes | None |
Last modified on 17 May, 2016
| Lookups for the Splunk App for AWS | Macros for the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.0, 4.2.1
Download manual
Feedback submitted, thanks!