Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Upgrade the Splunk App for AWS

When you upgrade from a previous version to the 5.0.0 version of the Splunk App for AWS, be aware of the following changes.

  • This version of the app requires Splunk Add-on for AWS 4.1.2 or later.
  • The new inputs in this version of the app require additional setup and IAM permissions in the AWS Management Console.
  • The Topology and EC2 Insights, and Insights Overview dashboards require the use of the Python for Scientific Computing libraries to be fully functional.
  • This version of the app requires you to manually set a Region Category for all new AWS accounts: Global, GovCloud, or China. If you are using legacy accounts that do not already have a region category set or detected, the app displays an "invalid account detected" message on your Configure page. Edit these accounts by clicking their friendly name in the Accounts listing and selecting the appropriate region category. Until you adjust the accounts, any inputs that use the account cease collecting data until the Region Category is correctly set.
  • This version of the app introduces a new aws_admin role that lets you grant non-admin users permissions to configure the Splunk App for AWS. To take advantage of this new feature, you need to set up access control in the Splunk App for AWS.


If you are upgrading from the 4.1.0 version to the 5.0.0 version of the Splunk App for AWS, perform an in-place upgrade.

If you use a non-clustered distributed Spunk deployment, you do not need to perform any additional upgrade activity.

If you use a clustered distributed Splunk deployment, you need to perform some additional steps:

  • Configure the search head tier to directly forward data to the indexer tier.
  • Distribute the summary index configuration bundle across clustered indexers.

For detailed instructions, see Install in a clustered distributed environment.

If you are upgrading from the 4.0.0 version to the 4.1.1 version of the Splunk App for AWS, see Upgrade guide for the Splunk App for AWS in the 4.1.0 version of the documentation for upgrade steps and new behavior to be aware of.

If you are upgrading from a pre-4.X version of the app, install the version as a new app. Starting from version 4.X, the app has a new folder name, so it does not replace 3.X or older versions in your environment. See Migrate from an unsupported version of the Splunk App for AWS in the version 4.0.0 documentation.

Last modified on 29 December, 2016
Add AWS accounts for the Splunk App for AWS   Inputs overview for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 5.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters