Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.

Lookups for the Splunk App for AWS

The Splunk App for AWS includes lookups that map data from AWS to support dashboard displays. The lookup files are located in $SPLUNK_HOME/etc/apps/splunk_app_aws/lookups.

Filename Description
all_eventName.csv Maps IAM event names to an alert level and boolean for notable event status.
cn_price.csv Maps instance_type to region, instance_type, region, on_demand_hourly, reserved_one_all_yearly, reserved_one_partial_yearly, reserved_one_partial_hourly
price.csv Maps instance_type to region, instance_type, region, on_demand_hourly, reserved_one_all_yearly, reserved_one_partial_yearly, reserved_one_partial_hourly
regions.csv Maps AWS region strings to latitude and longitude calculations and friendly names.
resource_timeline_services.csv Maps serviceID to serviceName
unauthorized_errorCode.csv Maps four variations on unauthorized error strings to a boolean value.
well_known_ports.csv Maps name to port, name
Last modified on 18 August, 2017
Saved searches for the Splunk App for AWS   Data models for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters