Installation overview for the Splunk Add-on for AWS
- Download the Splunk Add-on for AWS from Splunkbase or Splunk Web.
- Use the tables in this topic to determine where to install this add-on.
- Perform any prerequisite steps specified in the tables before installing.
- Use the links in the Installation walkthrough section to perform the installation.
Use the following tables to install the Splunk Add-on for AWS in a deployment that uses forwarders to get data in, such as a distributed deployment. You might need to install the add-on in multiple places.
Where to install this add-on
Unless otherwise noted, you can safely install all supported add-ons to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform:
|Splunk platform component||Supported||Required||Comments|
|Search heads||Yes||Yes||Data inputs for this add-on require large amounts of memory. See Hardware and software requirements for the Splunk Add-on for AWS.|
|Indexers||Yes||Conditional||Not required when the parsing operations occur on the heavy forwarders. When using an HTTP Event Collector (HEC) token, installation is required on indexers.|
|Heavy forwarders||Yes||Yes||This add-on requires heavy forwarders to perform data collection through modular inputs and to perform the setup and authentication with AWS in Splunk Web.|
|Universal forwarders||No||No||This add-on requires heavy forwarders.|
Distributed deployment compatibility
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features:
|Distributed deployment feature||Supported||Comments|
|Search head clusters||Yes||You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection. |
Before installing this add-on to a cluster, make the following changes to the add-on package:
|Indexer clusters||Yes||Before installing this add-on to a cluster, make the following changes to the add-on package:
|Deployment server||No||Deployment servers support deploying unconfigured add-ons only.
See the following links, or About installing Splunk add-ons in the Splunk Add-Ons manual, for an installation walkthrough specific to your deployment scenario:
- Install the Splunk Add-on for AWS in a Splunk Cloud deployment
- Install the Splunk Add-on for AWS in a single-instance Splunk Enterprise deployment
- Install the Splunk Add-on for AWS in a distributed Splunk Enterprise deployment
Configure Add-on Configurations & Accounts with Command Line Utility
The Splunk Add-on for AWS is shipped with the Command Line Utility which enables users to configure accounts, IAM roles and inputs in bulk.
For step-by-step instructions on how to use the utility, see the README.md file located at:
Deploy the Splunk Add-on for AWS
Install the Splunk Add-on for AWS in a Splunk Cloud Deployment
This documentation applies to the following versions of Splunk® Supported Add-ons: released