On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
Macros for the Splunk App for AWS
The Splunk App for AWS includes a set of macros that support dashboard performance. In most circumstances, you do not need to edit these macros.
| Name | Default macro definition | Update required if you manage inputs from the add-on rather than the app |
|---|---|---|
| aws-cloudtrail-index | (index="main" OR index="aws-cloudtrail")
|
If you are using any index for your CloudTrail data other than main, aws-cloudtrail, or another default index you have set for your environment, add it to this definition.
|
| aws-config-index | (index="main" OR index="aws-config")
|
If you are using any index for your Config data other than main, aws-config, or another default index you have set for your environment, add it to this definition.
|
| aws-billing-index | (index="main" OR index="default")
|
If you are using any index for your Billing data other than main or another default index you have set for your environment, add it to this definition.
|
| aws-billing-index-cur | (index="main")
|
If you are using any index for your AWS Cost and Usage Report data other than the main index you set for your environment, add it to this definition. |
| aws-cloudwatch-index | (index="main" OR index="default")
|
If you are using any index for your CloudWatch data other than main or another default index you have set for your environment, add it to this definition.
|
| aws-description-index | (index="main" OR index="default")
|
If you are using any index for your Description data other than main, add it to this definition.
|
| aws-config-rule-index | (index="main" OR index="default")
|
If you are using any index for your Config Rule data other than main, add it to this definition.
|
| aws-inspector-index | (index="main" OR index="default")
|
If you are using any index for your Amazon Inspector data other than main, add it to this definition.
|
| aws-s3-index | (index="main")
|
If you are using any indexes for your S3 access logs, ELB access logs, and CloudFront access logs other than main, add them to this definition.
|
| aws-health-index | (index="main")
|
If you are using any index for your AWS Personal Health data other than main, add it to this definition.
|
| aws-cloudwatch-logs-index | (index="main" OR index="default")
|
If you are using any indexes other than main for your CloudWatch Logs data, including any data that you collect through the add-on's Kinesis input, add it to this definition.
|
| aws-data-model-acceleration | summariesonly=f
|
If you want to improve performance for Billing dashboards and already enabled data model acceleration, change the definition to summariesonly=t.
|
Last modified on 07 November, 2019
| Data models for the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 6.0.0, 6.0.1, 6.0.2, 6.0.3
Download manual
Feedback submitted, thanks!