Splunk® Supported Add-ons

Splunk Add-on for AWS

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install the Splunk Add-on for AWS in a distributed Splunk Enterprise deployment

If you are using a distributed Splunk Enterprise deployment, follow the instructions in each of the following sections to deploy the Splunk Add-on for Amazon Web Services (AWS) to your search heads, indexers, and forwarders. You must install the Splunk Add-on for AWS on a heavy forwarder. You cannot use this add-on with a universal forwarder. You can install this add-on onto search heads and indexers.

Heavy forwarders

To install the Splunk Add-on for AWS to a heavy forwarder, follow these steps:

  1. Download the Splunk Add-on for AWS from Splunkbase, if you have not already done so.
  2. From the Splunk Web home screen on your heavy forwarder, click the gear icon next to Apps.
  3. Click Install app from file.
  4. Locate the downloaded file and click Upload.
  5. If the forwarder prompts you to restart, do so.
  6. Verify that the add-on appears in the list of apps and add-ons. You can also find it on the server at $SPLUNK_HOME/etc/apps/Splunk_TA_AWS.

Search heads

To install the Splunk Add-on for AWS to a search head, follow these steps:

  1. Download the Splunk Add-on for AWS from Splunkbase, if you have not already done so.
  2. From the Splunk Web home screen, click the gear icon next to Apps.
  3. Click Install app from file.
  4. Locate the downloaded file and click Upload.
  5. If Splunk Enterprise prompts you to restart, do so.
  6. Verify that the add-on appears in the list of apps and add-ons.

Make sure the add-on is not visible. If the Visible column for the add-on is set to '''Yes''', edit the properties and change the visibility to '''No.''' Disable visibility of add-ons on search heads to avoid inputs from being created on search heads. Data collection for search heads might conflict with users' search activity.

You can also find the add-on on the server at $SPLUNK_HOME/etc/apps/Splunk_TA_AWS.

Search head clusters

Before deploying the Splunk Add-on for AWS to a search head cluster, make the following changes to the add-on package:

  1. Remove the inputs.conf and inputs.conf.spec files. If you are collecting data locally from the machines running your search head nodes, keep these files.
  2. Use the deployer to deploy an add-on to the search head cluster members.

See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.

Indexers

To install the Splunk Add-on for AWS to an indexer, follow these steps:

  1. Download the Splunk Add-on for AWS from Splunkbase, if you have not already done so.
  2. Unpack the .tgz package.
  3. Place the resulting Splunk_TA_AWS folder in the $SPLUNK_HOME/etc/apps directory on your indexer.
  4. Restart the indexer.

Indexer clusters

  1. Remove the inputs.conf and inputs.conf.spec files. If you are collecting data locally from the machines running your indexer nodes, keep these files.
  2. Deploy add-ons to peer nodes on indexer clusters using a master node.

For more information about using a master node to deploy to peer nodes of an indexer cluster, see Manage app deployment across all peers in Managing Indexers and Clusters of Indexers.

Last modified on 03 April, 2024
PREVIOUS
Install the Splunk Add-on for AWS in a single-instance Splunk Enterprise deployment 		  NEXT
Upgrade the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters