Related Answers
This documentation does not apply to the most recent version of Splunk® App for AWS Security Dashboards.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Macros for the Splunk App for AWS Security Dashboards
The Splunk App for AWS Security Dashboards includes a set of macros that support dashboard performance. In most circumstances, you do not need to edit these macros.
| Name | Default macro definition | Update required if you manage inputs from the add-on rather than the app |
|---|---|---|
| aws-security-cloudtrail-index | (index="main" OR `aws-security-s3-index`) | If you are using any index for your CloudTrail data other than main or another default index you have set for your environment, add it to this definition. |
| aws-security-cloudwatch-logs-index | (index="main") | If you are using any indexes other than main for your CloudWatch Logs data, including any data that you collect through the add-on's Kinesis input, add them to this definition. |
| aws-security-config-index | (index="main" OR `aws-security-s3-index`) | If you are using any index for your Config data other than main, or another default index you have set for your environment, add it to this definition. |
| aws-security-description-index | (index="main") | If you are using any index for your Description data other than main, add it to this definition. |
| aws-security-s3-index | (index="main") | If you are using any indexes for your S3 access logs, ELB access logs, and CloudFront access logs other than main, add them to this definition. |
Last modified on 28 February, 2022
|
PREVIOUS Data models for the Splunk App for AWS Security Dashboards |
This documentation applies to the following versions of Splunk® App for AWS Security Dashboards: 1.0.0
Feedback submitted, thanks!