Splunk® App for AWS Security Dashboards

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for AWS Security Dashboards. For documentation on the most recent version, go to the latest release.

Macros for the Splunk App for AWS Security Dashboards

The Splunk App for AWS Security Dashboards includes a set of macros that support dashboard performance. In most circumstances, you do not need to edit these macros.

Name Default macro definition Update required if you manage inputs from the add-on rather than the app
aws-security-cloudtrail-index (index="main" OR `aws-security-s3-index`) If you are using any index for your CloudTrail data other than main or another default index you have set for your environment, add it to this definition.
aws-security-cloudwatch-logs-index (index="main") If you are using any indexes other than main for your CloudWatch Logs data, including any data that you collect through the add-on's Kinesis input, add them to this definition.
aws-security-config-index (index="main" OR `aws-security-s3-index`) If you are using any index for your Config data other than main, or another default index you have set for your environment, add it to this definition.
aws-security-description-index (index="main") If you are using any index for your Description data other than main, add it to this definition.
aws-security-s3-index (index="main") If you are using any indexes for your S3 access logs, ELB access logs, and CloudFront access logs other than main, add them to this definition.
Last modified on 28 February, 2022
Data models for the Splunk App for AWS Security Dashboards  

This documentation applies to the following versions of Splunk® App for AWS Security Dashboards: 1.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters