Splunk® Supported Add-ons

Splunk Add-on for AWS

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Installation overview for the Splunk Add-on for AWS

  1. Download the Splunk Add-on for AWS from Splunkbase or Splunk Web.
  2. Use the tables in this topic to determine where to install this add-on.
  3. Perform any prerequisite steps specified in the tables before installing.
  4. Use the links in the Installation walkthrough section to perform the installation.

Distributed deployments

Use the following tables to install the Splunk Add-on for AWS in a deployment that uses forwarders to get data in, such as a distributed deployment. You might need to install the add-on in multiple places.

Where to install this add-on

Unless otherwise noted, you can safely install all supported add-ons to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.

This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform:

Splunk platform component Supported Required Comments
Search heads Yes Yes Data inputs for this add-on require large amounts of memory. See Hardware and software requirements for the Splunk Add-on for AWS.
Indexers Yes Conditional Not required when the parsing operations occur on the heavy forwarders. When using an HTTP Event Collector (HEC) token, installation is required on indexers.
Heavy forwarders Yes Yes This add-on requires heavy forwarders to perform data collection through modular inputs and to perform the setup and authentication with AWS in Splunk Web.
Universal forwarders No No This add-on requires heavy forwarders.

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features:

Distributed deployment feature Supported Comments
Search head clusters Yes You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection.
Before installing this add-on to a cluster, make the following changes to the add-on package:
  1. Remove the inputs.conf file.
Indexer clusters Yes Before installing this add-on to a cluster, make the following changes to the add-on package:
  1. Remove the inputs.conf file.
Deployment server No Deployment servers support deploying unconfigured add-ons only.
  • Using a deployment server to deploy the configured add-on to multiple forwarders acting as data collectors causes duplication of data.
  • The add-on uses the credential vault to secure your credentials, and this credential management solution is incompatible with the deployment server.

Installation walkthroughs

See the following links, or About installing Splunk add-ons in the Splunk Add-Ons manual, for an installation walkthrough specific to your deployment scenario:

Configure Add-on Configurations & Accounts with Command Line Utility

The Splunk Add-on for AWS is shipped with the Command Line Utility which enables users to configure accounts, IAM roles and inputs in bulk.

For step-by-step instructions on how to use the utility, see the README.md file located at: $SPLUNK_HOME/etc/apps/Splunk_TA_aws/bin/tools/configure/README.md

Last modified on 17 November, 2023
PREVIOUS
Deploy the Splunk Add-on for AWS 		  NEXT
Install the Splunk Add-on for AWS in a Splunk Cloud Deployment

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters