Macros for the Splunk App for AWS Security Dashboards
The Splunk App for AWS Security Dashboards includes a set of macros that support dashboard performance. In most circumstances, you do not need to edit these macros.
Name | Default macro definition | Update required if you manage inputs from the add-on rather than the app |
---|---|---|
aws-security-cloudtrail-index | (index="main" OR `aws-security-s3-index`) | If you are using any index for your CloudTrail data other than main or another default index you have set for your environment, add it to this definition. |
aws-security-cloudwatch-logs-index | (index="main") | If you are using any indexes other than main for your CloudWatch Logs data, including any data that you collect through the add-on's Kinesis input, add them to this definition. |
aws-security-config-index | (index="main" OR `aws-security-s3-index`) | If you are using any index for your Config data other than main, or another default index you have set for your environment, add it to this definition. |
aws-security-description-index | (index="main") | If you are using any index for your Description data other than main, add it to this definition. |
aws-security-s3-index | (index="main") | If you are using any indexes for your S3 access logs, ELB access logs, and CloudFront access logs other than main, add them to this definition. |
Data models for the Splunk App for AWS Security Dashboards |
This documentation applies to the following versions of Splunk® App for AWS Security Dashboards: 1.0.0
Feedback submitted, thanks!