Splunk® Supported Add-ons

Splunk Add-on for AWS

Download manual as PDF

Download topic as PDF

About the Splunk Add-on for Amazon Web Services

Version 5.0.1
Vendor Products Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Log, Billing services, SQS, and SNS
Add-on has a web UI Yes. This add-on contains views for configuration.

The Splunk Add-on for Amazon Web Services (AWS) allows a Splunk software administrator to collect:

  • Configuration snapshots, configuration changes, and historical configuration data from the AWS Config service.
  • Metadata for your AWS EC2 instances, reserved instances, and EBS snapshots
  • Compliance details, compliance summary, and evaluation status of your AWS Config Rules.
  • Assessment Runs and Findings data from the Amazon Inspector service.
  • Management and change events from the AWS CloudTrail service.
  • VPC flow logs and other logs from the CloudWatch Logs service.
  • Performance and billing metrics from the AWS CloudWatch service.
  • Billing reports that you have configured in AWS.
  • S3, CloudFront, and ELB access logs.
  • Generic data from your S3 buckets.
  • Generic data from your Kinesis streams.
  • Generic data from SQS.

This add-on provides modular inputs and CIM-compatible knowledge to use with other Splunk apps, such as the Splunk App for AWS, Splunk Enterprise Security, and Splunk IT Service Intelligence.

Only CloudTrail, CloudWatch, Config, Config Rules, Amazon Inspector, and VPC Flow Logs data is tagged for CIM compliance. Because data gathered from S3 buckets and Kinesis is not predictable, the add-on cannot normalize it to the CIM data models.

You can also collect data using the Splunk Add-on for Amazon Kinesis Firehose, which offers an alternative method for integrating with your Amazon account and pushing data from AWS to the Splunk platform. For more information, see About the Splunk Add-on for Amazon Kinesis Firehose.

Download the Splunk Add-on for Amazon Web Services from Splunkbase.

For a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for Amazon Web Services.

For information about installing and configuring the Splunk Add-on for Amazon Web Services, see Installation and configuration overview for the Splunk Add-on for Amazon Web Services.

See Questions related to Splunk Add-on for Amazon Web Services on Splunk Answers.

Last modified on 26 June, 2020
Source types for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters