Splunk® App for AWS (Legacy)

User Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.

Work with your data in the Splunk App for AWS

Work with the dashboards

Use the dashboards provided by the Splunk App for AWS to access and analyze your data.

See Overview of the dashboards in the Splunk App for AWS for an introduction to the dashboards and some tips for troubleshooting if you do not see your data.

Work with alerts

The Splunk App for AWS includes preconfigured alerts that can be used to monitor CloudTrail events and Billing thresholds. You can find these alerts on the app's Alerts screen.

Use them as templates to build your own alerts, or simply enable them to use the default configuration. For example, if you would like to get a notification when an IAM role is deleted, enable CloudTrail Alert: IAM: Create/Delete Roles.

Access reports

The Splunk App for AWS includes a set of reports based on saved searches that are enabled by default when you start collecting data with this app. For more information, see Saved searches for the Splunk App for AWS in the Installation and Configuration Manual.

In most cases, you do not need to run these reports manually. Most of them are scheduled to run every twenty minutes on the hour, twenty minutes past the hour, and forty minutes past the hour. If you want to refresh the data sooner, you can run them manually. However, AWS does not deliver CloudTrail or Config data in real time, so you may experience a one to two hour delay before it arrives in your S3 bucket regardless of when you last ran these reports.

Search

As with any data source, you can search the raw data in the Splunk platform. For a full list of source types to use in your searches, see Source types for the Splunk Add-on for AWS in the Splunk Add-on for AWS manual.

Last modified on 08 September, 2017
Log in and get started with the Splunk App for AWS   Filter dashboards by tags in the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.1.1, 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters