Splunk® Supported Add-ons

Splunk Add-on for AWS

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

API reference for the Splunk Add-on for AWS

See the following sections for API reference information for the Splunk Add-on for AWS.

Account

https://<host>:<mPort>splunk_ta_aws_aws_account

API for AWS Account settings.


GET, POST, or DELETE

API for AWS Account settings

Request parameters

Name Type Description
name Boolean true Name
key_id Boolean true Key ID
secret_key Boolean true Secret Key
category Boolean true Region Category
iam Boolean false Identifies EC2 Instance Role

Config inputs

https://<host>:<mPort>aws_config_inputs_rh_ucc

API for the AWS Config input.


GET, POST, or DELETE

API for the AWS Config input

Request parameters

Name Type Description
name Boolean true Name
aws_account Boolean true AWS Account
aws_region Boolean true AWS Region
sqs_queue Boolean true SQS Queue Name
polling_interval Boolean true Interval
sourcetype Boolean true Sourcetype API for aws:config
index Boolean true Index
enable_additional_notifications Boolean false API for enabling additional notifications.

Description input

https://<host>:<mPort>splunk_ta_aws_aws_description

API for AWS Description inputs.


GET, POST, or DELETE

API for the AWS Description input

Request parameters

Name Type Description
name Boolean true Name
account Boolean true AWS Account
aws_iam_role Boolean false Assume role
regions Boolean true AWS Regions
apis Boolean true APIs for the following information:
ec2_volumes/3600,ec2_instances/3600,ec2_reserved_instances/3600,ebs_snapshots/3600,classic_load_balancers/3600,application_load_balancers/3600,vpcs/3600,vpc_network_acls/3600,cloudfront_distributions/3600,vpc_subnets/3600,rds_instances/3600,ec2_key_pairs/3600,ec2_security_groups/3600,ec2_images/3600,ec2_addresses/3600,lambda_functions/3600,s3_buckets/3600
sourcetype Boolean true Sourcetype API for aws:description
index Boolean true Index

IAM role settings

https://<host>:<mPort>splunk_ta_aws_iam_roles

API for IAM role settings.


GET, POST, or DELETE

API for IAM role settings

Request parameters

Name Type Description
name Boolean true Name
arn Boolean true Role ARN


Incremental S3 input

https://<host>:<mPort>splunk_ta_aws_splunk_ta_aws_logs

API for the AWS Incremental S3 input.


GET, POST, or DELETE

API for AWS Config inputs

Request parameters

Name Type Description
name Boolean true Name
aws_account Boolean true AWS Account
aws_iam_role Boolean false Assume role
host_name Boolean true AWS S3 host name
bucket_name Boolean true S3 bucket
log_type Boolean true Log type information for the following sourcetypes: 
Log Type: cloudtrail, s3:accesslogs, cloudfront:accesslogs and elb:accesslogs
log_file_prefix Boolean false Log file prefix
log_start_date Boolean false Log start date
log_name_format Boolean false Distribution ID (Required for log_type='cloudfront:accesslogs')
interval Boolean true Interval
sourcetype Boolean true Sourcetype API for aws:config
index Boolean true Index


Inspector input

https://<host>:<mPort>splunk_ta_aws_aws_inspector

API for the AWS Inspector input.


GET, POST, or DELETE

API for the AWS Inspector input

Request parameters

Name Type Description
name Boolean true Name
account Boolean true AWS Account
aws_iam_role Boolean false Assume role
regions Boolean true AWS Regions
polling_interval Boolean true Interval
sourcetype Boolean true Sourcetype API for aws:description
index Boolean true Index

Kinesis input

https://<host>:<mPort>splunk_ta_aws_aws_kinesis

API for the AWS Kinesis input.


GET, POST, or DELETE

API for the AWS Kinesis input

Request parameters

Name Type Description
name Boolean true Name
account Boolean true AWS Account
aws_iam_role Boolean false Assume role
region Boolean true AWS Region
stream_names Boolean true Kinesis stream name
init_stream_position Boolean true Initial Stream Position: LATEST or TRIM_HORIZON
encoding Boolean false Encoding with: gzip or (none). (none) means empty string.
format Boolean false Record Format: CloudWatchLogs or (none). (none) means empty string."
sourcetype Boolean true Sourcetype API for aws:description
index Boolean true Index


S3 input

https://<host>:<mPort>splunk_ta_aws_aws_s3

API for the AWS S3 input.


GET, POST, or DELETE

API for the AWS S3 input

Request parameters

Name Type Description
name Boolean true Name
aws_account Boolean true AWS Account
aws_iam_role Boolean false Assume role
host_name Boolean true S3 host name
bucket_name Boolean true S3 bucket name
key_name Boolean false S3 key prefix
initial_scan_datetime Boolean false Start date/time.
blacklist Boolean false Blacklist
whitelist Boolean false Whitelist
polling_interval Boolean true Interval.
sourcetype Boolean true Sourcetype API for aws:cloudtrail, aws:s3:accesslogs, aws:cloudfront:accesslogs, and aws:elb:accesslogs.
index Boolean true Index

SQS-based S3 input

https://<host>:<mPort>splunk_ta_aws_aws_sqs_based_s3

API for the AWS SQS-based S3 input.


GET, POST, or DELETE

API for the AWS SQS-based S3 input

Request parameters

Name Type Description
name Boolean true Name
aws_account Boolean true AWS Account
aws_iam_role Boolean false Assume role
sqs_queue_region Boolean true Name of the AWS SQS region
sqs_queue_url Boolean true URL of the AWS SQS queue
sqs_batch_size Boolean true Maximum number of messages
s3_file_decoder Boolean true Name of an S3 file decoder
interval Boolean true Interval
sourcetype Boolean true Sourcetype API for aws:description
index Boolean true Index
Last modified on 27 February, 2023
PREVIOUS
Access billing data for the Splunk Add-on for AWS 		  NEXT
Lookups for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters