Splunk® Supported Add-ons

Splunk Add-on for AWS

Download manual as PDF

Download topic as PDF

Source types for the Splunk Add-on for AWS

The Splunk Add-on for Amazon Web Services provides the index-time and search-time knowledge for alerts, events, and performance metrics in the following formats:

Data source Source type Description CIM data models ITSI data models
Config aws:config Configuration snapshots and historical configuration data from the AWS Config service. Change Analysis None
aws:config:notification Configuration change notifications from the AWS Config service. Change Analysis
Description aws:description Descriptions of your AWS EC2 instances, reserved instances, and EBS snapshots, used to improve dashboard readability. None Virtualization
Config Rules aws:config:rule Compliance details, compliance summary, and evaluation status of your AWS Config Rules. Inventory None
Inspector aws:inspector Assessment Runs and Findings data from the Amazon Inspector service. Inventory, Alerts None
CloudTrail aws:cloudtrail AWS API call history from the AWS CloudTrail service. Authentication, Change Analysis None
CloudWatch Logs aws:cloudwatchlogs Data from the CloudWatch Logs service. None None
aws:cloudwatchlogs:vpcflow VPC flow logs from the CloudWatch Logs service. Network Traffic
CloudWatch aws:cloudwatch Performance and billing metrics from the AWS CloudWatch service. Performance, Databases Virtualization
Billing aws:billing Billing reports that you have configured in AWS. None None
aws:billing:cur Cost and Usage Reports that you have configured in AWS.
S3 aws:s3 Generic log data from your S3 buckets. None None
aws:s3:accesslogs S3 access logs.
aws:cloudfront:accesslogs CloudFront access logs.
aws:elb:accesslogs ELB access logs.
aws:cloudtrail Cloudtrail data.
Kinesis aws:kinesis Data from Kinesis streams. None None
SQS aws:sqs Generic data from SQS. None None

To decide which input type to use for a specific AWS source type, refer to the Supported data types and corresponding AWS input types table in this manual.

For additional source types for internal logs to help with troubleshooting, see Troubleshoot the Splunk Add-on for AWS.

Last modified on 14 May, 2020
About the Splunk Add-on for Amazon Web Services
Release notes for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters