On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
Lookups for the Splunk App for AWS
The Splunk App for AWS includes lookups that map data from AWS to support dashboard displays. The lookup files are located in
$SPLUNK_HOME/etc/apps/splunk_app_aws/lookups.
| Filename | Description |
|---|---|
all_eventName.csv
|
Maps IAM event names to an alert level and boolean for notable event status. |
cn_price.csv
|
Maps instance_type to region, instance_type, region, on_demand_hourly, reserved_one_all_yearly, reserved_one_partial_yearly, reserved_one_partial_hourly
|
price.csv
|
Maps instance_type to region, instance_type, region, on_demand_hourly, reserved_one_all_yearly, reserved_one_partial_yearly, reserved_one_partial_hourly
|
regions.csv
|
Maps AWS region strings to latitude and longitude calculations and friendly names. |
resource_timeline_services.csv
|
Maps serviceID to serviceName
|
unauthorized_errorCode.csv
|
Maps four variations on unauthorized error strings to a boolean value. |
well_known_ports.csv
|
Maps name to port, name
|
Last modified on 18 August, 2017
| Saved searches for the Splunk App for AWS | Data models for the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3
Download manual
Feedback submitted, thanks!