Add a Kinesis input for the Splunk App for AWS

Create a Kinesis input to capture data from Kinesis streams.

Prerequisites

Before you can successfully configure a Kinesis input, you need to:

1. Create Amazon Kinesis streams and configure data producers to continuously put data into the stream in all the regions that you want to track data in the Splunk App for AWS. If you have not already done this, see Configure your AWS services for the Splunk App for AWS in this manual.

2. Make sure that the account friendly name you use to configure this input corresponds to an AWS Account Access Key ID or EC2 IAM role that has the necessary permissions to gather this data. If you have not already done this, see Configure your AWS permissions for the Splunk App for AWS in this manual.

Add a new Kinesis input

1. In the app, click Configure in the app navigation bar.

2. Under Data Sources, in the Kinesis box, click New Input.

3. Select the friendly name of the AWS Account that you want to use to collect Kinesis data. If you have not yet configured the account you need, click Add New Account to configure one now.

4. Under Kinesis Configurations, select a Region for which you have enabled Kinesis.

5. Click Select a Stream name to view the Stream names for the region you have selected. If you do not see any, verify that you have completed all steps in the prerequisites.

6. Select the Stream name that you want to gather data from.

7. Click the + button to add another Stream. You can gather data from multiple Streams within a single region or from different regions.

8. Repeat steps 4 - 7 until you have configured Streams for all the regions from which you want to collect data.

9. Under Source Type, select one of these source types:

• aws:kinesis: Data from Kinesis Streams.
• aws:cloudwatchlogs:vpcflow: VPC flow logs from the Kinesis stream.

10. (Recommended) Configure a custom Index.

11. Click Add to save and enable this data input.

When you create the data input, the Splunk App for AWS immediately begins collecting your Kinesis Stream data, including all historical data, and checks for updates every ten minutes.

Edit or delete a Kinesis input

You can view, edit, or delete your existing Kinesis inputs from the Kinesis Inputs screen.

1. In the app, click Configure in the app navigation bar.

2. Under Data Sources, in the Kinesis box, click the link that tells you how many inputs you currently have configured for Kinesis.

3. The Kinesis Inputs screen displays a list of Kinesis inputs, organized by the name auto-assigned to the input.

4. From here, you can click the names to open the individual inputs to edit them, or you can delete an input by clicking the trash can icon.

Note: If you delete an input and then add a new one for the same Stream name, the app collects all your historical data again.