Content Pack for Amazon Web Services Dashboards and Reports

Content Pack for Amazon Web Services Dashboards and Reports

This documentation does not apply to the most recent version of Content Pack for Amazon Web Services Dashboards and Reports. For documentation on the most recent version, go to the latest release.

Entity search reference for the Content Pack for Amazon Web Services Dashboards and Reports

These entity searches are packaged in the content pack. You can enable them as part of the installation steps, see Enable entity searches . The searches are provided here as a point of reference. If you need manually create the entity searches for any reason follow the steps to manually import entities.

Entity type search SPL and column mapping SPL and column mapping

ITSI Import Objects - Import EC2 Instance Entity: Get a list of recently active EC2 instances.

Entity search SPL:

`aws-description-resource(*, *, "ec2_instances")`
| fillnull value="N/A"
| rename id AS InstanceId, tags.Name AS InstanceName, instance_type AS InstanceType, account_id AS AccountId, region AS Region
| eval entity_title=InstanceId
| eval entity_type="EC2 Instance"
| eval entity_type_info=entity_type
| table entity_title InstanceId InstanceName InstanceType AccountId Region entity_type_info entity_type

Column mapping:

Column name Import column as
entity_title Entity Title
InstanceId Entity Alias
entity_type Entity Type
All other fields Entity Information Field

ITSI Import Objects - Import EBS Volume Entity: Get a list of recently active EBS volumes.

Entity search SPL:

`aws-description-resource(*, *, "ec2_volumes")`
| fillnull value="N/A" 
| rename id AS VolumeId, tags.Name AS VolumeName, type AS VolumeType, size AS Size(GB), attach_data.instance_id AS InstanceId, account_id AS AccountId, region AS Region
| eval entity_title=VolumeId
| dedup entity_title
| eval entity_type="EBS Volume"
| eval entity_type_info=entity_type
| table entity_title VolumeId VolumeName VolumeType Size(GB) InstanceId AccountId Region entity_type_info entity_type

Column mapping:

Column name Import column as
entity_title Entity Title
VolumeId Entity Alias
entity_type Entity Type
All other fields Entity Information Field

ITSI Import Objects - Import Lambda Function Entity: Get a list of recently active Lambda functions.

Entity search SPL:

`aws-description-lambda(*, *)`
| fillnull value="N/A" 
| rename name AS FunctionName, account_id AS AccountId, region AS Region
| eval entity_title=uniq_id
| eval entity_type="Lambda Function"
| eval entity_type_info=entity_type
| table entity_title uniq_id Description FunctionName Runtime Handler AccountId Region entity_type_info entity_type

Column mapping:

Column name Import column as
entity_title Entity Title
uniq_id Entity Alias
entity_type Entity Type
All other fields Entity Information Field

ITSI Import Objects - Import ELB Instance Entity: Get a list of recently active ELB instances.

Entity search SPL:

`aws-description-elb(*, *)`
| fillnull value="N/A" 
| rename name AS ELBName, dns_name AS DNSName, vpc_id AS VpcId, account_id AS AccountId, region AS Region
| eval entity_title=uniq_id
| eval entity_type="ELB Instance"
| eval entity_type_info=entity_type
| eval ELBType=if(Type="application", "Application Load Balancer", "Classic Load Balancer") 
| table entity_title uniq_id ELBName ELBType DNSName VpcId AccountId Region entity_type_info entity_type

Column mapping:

Column name Import column as
entity_title Entity Title
uniq_id Entity Alias
entity_type Entity Type
All other fields Entity Information Field

Manually import entities

For each AWS entity you want to import, follow these steps:

  1. Go to Configuration > Entities from the ITSI or IT Essentials Work menu.
  2. Select Create Entity > Import from Search.
  3. Paste the SPL for the entity type you want to import in the Ad hoc Search field and click the search icon to preview your entities.
  4. Click Next.
  5. On the Entity/Service Import screen, map the columns as specified for the entity type.
  6. Click Import
  7. Click Set Up Recurring Import.
    1. Enter a name for your recurring import. For example, "Get_AWS_Entities."
    2. Select a schedule. We recommend scheduling it to run every hour.
    3. Click Submit.

When you've finished importing your entities, go to the Service Analyzer > Default Analyzer to see your services and KPIs light up.

Last modified on 14 January, 2022
Knowledge objects reference for the Content Pack for Amazon Web Services Dashboards and Reports  

This documentation applies to the following versions of Content Pack for Amazon Web Services Dashboards and Reports: 1.2.0, 1.2.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters