Insights reference for the Splunk App for AWS
On the Insights dashboards and the Topology dashboard, the Splunk App for AWS evaluates your AWS environment and provides insights and recommended actions to help you optimize your AWS resources.
If any insights are available for you to review, the Insights icon in the top right corner of your Topology dashboard displays a number in a small orange circle.
Click the icon to open your insightslist and review each one.
Note: In Splunk Light, the insights feature is not supported and the Insights dashboards and Insights icon on the Topology dashboad are unavailable.
Python for Scientific Computing
The app's ability to evaluate your environment and provide insights depends on the Python for Scientific Computing app, available on Splunkbase. Install the version appropriate for your environment on all Splunk search heads running the Splunk App for AWS, or contact a Splunk software admin to perform this installation for you.
- Python for Scientific Computing for Linux 64-bit
- Python for Scientific Computing for Windows 64-bit
- Python for Scientific Computing for Linux 32-bit
- Python for Scientific Computing for Mac
Note: Splunk Light does not support the insights feature and does not require the Python for Scientific Computing app as a prerequisite.
To use the commands provided by the app to take action on the insights, you need the CLI tools. See http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-get-set-up.html for more information. You can also use the AWS Management Console to perform these actions in the UI instead of using the commands.
To perform the suggested actions on your AWS EC2 resources, use an account with the following permissions.
ec2:StartInstances ec2:StopInstances ec2:ModifyInstanceAttribute ec2:DeleteSecurityGroup
Insights and recommended actions
Delete security groups
The Splunk App for AWS polls your security groups to check if any are not assigned to any EC2 instances. Unused security groups can be deleted to make it easier to organize and manage your environment. For more information about deleting a security group using the CLI or in the AWS management console, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#deleting-security-group.
Upgrade or downgrade instances
The Splunk App for AWS evaluates your instance usage to determine if any instances are either over- or under-utilized. The app will identify the instances that should be resized to a larger instance type to avoid performance problems or downtime. The app will also identify instances that are underutilized so that you can save cost by resizing those to smaller instance types.
For more information about modifying an instance type using the AWS Management Console, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html. For more information about the
modify-instance-attribute CLI command, see http://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html.
Recommended actions for load balancers
The Splunk App for AWS evaluates your ELB usage and their registered instances and recommends actions for load balancers identified with problems. Recommended actions include the following:
- Delete load balancers: See http://docs.aws.amazon.com/cli/latest/reference/elb/delete-load-balancer.html
- Troubleshoot load balancers: See http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ts-elb-healthcheck.html
Recommended actions for EBS
Based on your Amazon EBS usage, the Splunk App for AWS provides information and recommended actions to help you optimize your EBS resources. Refer to the following AWS documentation for information and instructions about managing EBS resources.
- Delete an Amazon EBS volume: See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html
- Take EBS snapshots: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html
- Amazon EBS–Optimized Instances: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html
- EBS IOPS detail information: https://aws.amazon.com/ebs/details
Topology dashboard reference for the Splunk App for AWS
This documentation applies to the following versions of Splunk® App for AWS: 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0