Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Macros for the Splunk App for AWS

The Splunk App for AWS includes a set of macros that support dashboard performance. In most circumstances, you do not need to edit these macros.

Name Default macro definition Update required if you manage inputs from the add-on rather than the app
aws-cloudtrail-index (index="main" OR index="aws-cloudtrail") If you are using any index for your CloudTrail data other than main, aws-cloudtrail, or another default index you have set for your environment, add it to this definition.
aws-config-index (index="main" OR index="aws-config") If you are using any index for your Config data other than main, aws-config, or another default index you have set for your environment, add it to this definition.
aws-billing-index (index="main" OR index="default") If you are using any index for your Billing data other than main or another default index you have set for your environment, add it to this definition.
aws-billing-index-cur (index="main") If you are using any index for your AWS Cost and Usage Report data other than the main index you set for your environment, add it to this definition.
aws-cloudwatch-index (index="main" OR index="default") If you are using any index for your CloudWatch data other than main or another default index you have set for your environment, add it to this definition.
aws-description-index (index="main" OR index="default") If you are using any index for your Description data other than main, add it to this definition.
aws-config-rule-index (index="main" OR index="default") If you are using any index for your Config Rule data other than main, add it to this definition.
aws-inspector-index (index="main" OR index="default") If you are using any index for your Amazon Inspector data other than main, add it to this definition.
aws-s3-index (index="main") If you are using any indexes for your S3 access logs, ELB access logs, and CloudFront access logs other than main, add them to this definition.
aws-health-index (index="main") If you are using any index for your AWS Personal Health data other than main, add it to this definition.
aws-cloudwatch-logs-index (index="main" OR index="default") If you are using any indexes other than main for your CloudWatch Logs data, including any data that you collect through the add-on's Kinesis input, add it to this definition.
Last modified on 07 November, 2019
Data models for the Splunk App for AWS  

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 5.2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters