
API reference for the Splunk Add-on for AWS
See the following sections for API reference information for the Splunk Add-on for AWS.
Account
https://<host>:<mPort>splunk_ta_aws_aws_account
API for AWS Account settings.
GET, POST, or DELETE
API for AWS Account settings
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
key_id | Boolean true
|
Key ID |
secret_key | Boolean true
|
Secret Key |
category | Boolean true
|
Region Category |
iam | Boolean false
|
Identifies EC2 Instance Role |
Config inputs
https://<host>:<mPort>aws_config_inputs_rh_ucc
API for the AWS Config input.
GET, POST, or DELETE
API for the AWS Config input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
aws_account | Boolean true
|
AWS Account |
aws_region | Boolean true
|
AWS Region |
sqs_queue | Boolean true
|
SQS Queue Name |
polling_interval | Boolean true
|
Interval |
sourcetype | Boolean true
|
Sourcetype API for aws:config
|
index | Boolean true
|
Index |
enable_additional_notifications | Boolean false
|
API for enabling additional notifications. |
Description input
https://<host>:<mPort>splunk_ta_aws_aws_description
API for AWS Description inputs.
GET, POST, or DELETE
API for the AWS Description input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
account | Boolean true
|
AWS Account |
aws_iam_role | Boolean false
|
Assume role |
regions | Boolean true
|
AWS Regions |
apis | Boolean true
|
APIs for the following information:ec2_volumes/3600,ec2_instances/3600,ec2_reserved_instances/3600,ebs_snapshots/3600,classic_load_balancers/3600,application_load_balancers/3600,vpcs/3600,vpc_network_acls/3600,cloudfront_distributions/3600,vpc_subnets/3600,rds_instances/3600,ec2_key_pairs/3600,ec2_security_groups/3600,ec2_images/3600,ec2_addresses/3600,lambda_functions/3600,s3_buckets/3600 |
sourcetype | Boolean true
|
Sourcetype API for aws:description
|
index | Boolean true
|
Index |
IAM role settings
https://<host>:<mPort>splunk_ta_aws_iam_roles
API for IAM role settings.
GET, POST, or DELETE
API for IAM role settings
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
arn | Boolean true
|
Role ARN |
Incremental S3 input
https://<host>:<mPort>splunk_ta_aws_splunk_ta_aws_logs
API for the AWS Incremental S3 input.
GET, POST, or DELETE
API for AWS Config inputs
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
aws_account | Boolean true
|
AWS Account |
aws_iam_role | Boolean false
|
Assume role |
host_name | Boolean true
|
AWS S3 host name |
bucket_name | Boolean true
|
S3 bucket |
log_type | Boolean true
|
Log type information for the following sourcetypes: Log Type: cloudtrail, s3:accesslogs, cloudfront:accesslogs and elb:accesslogs |
log_file_prefix | Boolean false
|
Log file prefix |
log_start_date | Boolean false
|
Log start date |
log_name_format | Boolean false
|
Distribution ID (Required for log_type='cloudfront:accesslogs' )
|
interval | Boolean true
|
Interval |
sourcetype | Boolean true
|
Sourcetype API for aws:config
|
index | Boolean true
|
Index |
Inspector input
https://<host>:<mPort>splunk_ta_aws_aws_inspector
API for the AWS Inspector input.
GET, POST, or DELETE
API for the AWS Inspector input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
account | Boolean true
|
AWS Account |
aws_iam_role | Boolean false
|
Assume role |
regions | Boolean true
|
AWS Regions |
polling_interval | Boolean true
|
Interval |
sourcetype | Boolean true
|
Sourcetype API for aws:description
|
index | Boolean true
|
Index |
Kinesis input
https://<host>:<mPort>splunk_ta_aws_aws_kinesis
API for the AWS Kinesis input.
GET, POST, or DELETE
API for the AWS Kinesis input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
account | Boolean true
|
AWS Account |
aws_iam_role | Boolean false
|
Assume role |
region | Boolean true
|
AWS Region |
stream_names | Boolean true
|
Kinesis stream name |
init_stream_position | Boolean true
|
Initial Stream Position: LATEST or TRIM_HORIZON
|
encoding | Boolean false
|
Encoding with: gzip or (none) . (none) means empty string.
|
format | Boolean false
|
Record Format: CloudWatchLogs or (none) . (none) means empty string."
|
sourcetype | Boolean true
|
Sourcetype API for aws:description
|
index | Boolean true
|
Index |
S3 input
https://<host>:<mPort>splunk_ta_aws_aws_s3
API for the AWS S3 input.
GET, POST, or DELETE
API for the AWS S3 input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
aws_account | Boolean true
|
AWS Account |
aws_iam_role | Boolean false
|
Assume role |
host_name | Boolean true
|
S3 host name |
bucket_name | Boolean true
|
S3 bucket name |
key_name | Boolean false
|
S3 key prefix |
initial_scan_datetime | Boolean false
|
Start date/time. |
blacklist | Boolean false
|
Blacklist |
whitelist | Boolean false
|
Whitelist |
polling_interval | Boolean true
|
Interval. |
sourcetype | Boolean true
|
Sourcetype API for aws:cloudtrail , aws:s3:accesslogs , aws:cloudfront:accesslogs , and aws:elb:accesslogs .
|
index | Boolean true
|
Index |
SQS-based S3 input
https://<host>:<mPort>splunk_ta_aws_aws_sqs_based_s3
API for the AWS SQS-based S3 input.
GET, POST, or DELETE
API for the AWS SQS-based S3 input
Request parameters
Name | Type | Description |
---|---|---|
name | Boolean true
|
Name |
aws_account | Boolean true
|
AWS Account |
aws_iam_role | Boolean false
|
Assume role |
sqs_queue_region | Boolean true
|
Name of the AWS SQS region |
sqs_queue_url | Boolean true
|
URL of the AWS SQS queue |
sqs_batch_size | Boolean true
|
Maximum number of messages |
s3_file_decoder | Boolean true
|
Name of an S3 file decoder |
interval | Boolean true
|
Interval |
sourcetype | Boolean true
|
Sourcetype API for aws:description
|
index | Boolean true
|
Index |
PREVIOUS Access billing data for the Splunk Add-on for AWS |
NEXT Lookups for the Splunk Add-on for AWS |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!