Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Inputs overview for the Splunk App for AWS

The Splunk App for AWS offers the following inputs to gather useful data from your AWS environment to present in the app dashboards. The table below indicates which inputs feed data to which dashboards. Click the input name for instructions on how to configure it.

The Splunk App for AWS saves your account and input configurations in the Splunk Add-on for AWS. If you open the add-on, your accounts and inputs are listed there as well.

You can create and edit inputs through either the app or the add-on. The add-on offers additional advanced configuration options not visible in the app configuration. Any advanced configurations you enter in the add-on are honored by the app, even when those parameters are not visible in the app's input configuration screens.

Note: If you are using the Splunk App for AWS on a distributed, on-premises deployment of Splunk Enterprise, you must run the remote target command to connect your search head with your data collection node in order to be able to configure these inputs using the app configuration screen on your search heads. If you do not perform this step, configure your inputs through the add-on on your heavy forwarder and do not use the app configuration screens.

If you configure your inputs through the add-on, perform two additional steps:

  1. Manually enable and schedule the saved searches in this app, which you can find in the app under Search > Reports. For more information, see Saved searches for the Splunk App for AWS.
  2. Manually update the app's index macros if you are using any indexes other than "main." For more information, see Macros for the Splunk App for AWS.
Input Description Dashboards
AWS Config Configuration snapshots, historical configuration data, and change notifications from the AWS Config service. Overview
Topology
Security Groups
Resource Activity
Config Rules Compliance details, compliance summary, and evaluation status of your AWS Config Rules. Topology
Config Rules
CloudWatch Performance and billing metrics from the AWS CloudWatch service. Overview
Topology
Usage Overview
EC2 Instances
Individual EC2 Instances
EBS Volumes
Individual EBS Volumes
ELB Instances
Individual ELB Instances
Relational Database Service
Current Month Estimated Billing
CloudTrail Management and change events from the AWS CloudTrail service. Overview
Topology
Security Overview
IAM Activity
VPC Activity
Security Groups
Key Pairs Activity
Network ACLs
User Activity
Billing Billing data from the reports that you collect in the Billing & Cost Management console. Historical Monthly Bills
Historical Detailed Bills
Capacity Planning
S3 Generic log data and access logs from your S3 buckets. Overview
CloudFront - Traffic Analysis
ELB - Traffic Analysis
S3 - Traffic Analysis
VPC Flow Logs VPC flow logs from the CloudWatch Logs service. Flow logs allow you to capture IP traffic flow data for the network interfaces in your resources. Topology
VPC Flow Logs - Traffic Analysis
VPC Flow Logs - Security Analysis
Amazon Inspector Assessment Runs and Findings data from the Amazon Inspector service. Topology
Amazon Inspector
Metadata Metadata about your AWS resources. Overview
Usage Overview
EC2 Instances
EBS Volumes
VPC Activity
Security Groups
Key Pairs Activity
Network ACLs

For information about the source types and CIM compatibility of these inputs, see What data the Splunk App for AWS collects.

Last modified on 13 May, 2016
Upgrade the Splunk App for AWS   Add an AWS Config input for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.0, 4.2.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters