Content Pack for Amazon Web Services Dashboards and Reports

Content Pack for Amazon Web Services Dashboards and Reports

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Content Pack for Amazon Web Services Dashboards and Reports. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Migrate from the Splunk App for AWS to the Content Pack for Amazon Web Services Dashboards and Reports

The Content Pack for Amazon Web Services Dashboards and Reports replicates the dashboards and reports available in the Splunk App for AWS. Migrate from the legacy app to the content pack to take advantage of a consolidated experience within one app, either ITSI or IT Essentials Work. In addition, you can upgrade all content packs by upgrading the one app, the Splunk App for Content Packs.

On July 15, 2022, the Splunk App for AWS reached its end of life. Splunk no longer maintains or develops this product. The functionality in this app migrated to the Content Pack for Amazon Web Services Dashboards and Reports.

If you are currently using the Splunk App for AWS, your deployment might look like the following image:

This image is a diagram of pre-migration deployment. A series of connected boxes represent the different parts of a deployment and include the Data Collection Node, Indexer, and Search Heads. Review the table that follows for more information.
Product Data collection node (forwarder) Indexer Search head
Splunk Add-on for AWS
Splunk App for AWS

To review dashboards included with the Content Pack for Amazon Web Services Dashboards and Reports before you migrate, see Dashboard reference for the Content Pack for Amazon Web Services Dashboards and Reports.

Migration steps for cloud environments

For Migration on Cloud, file a ticket on the Splunk Support Portal, see Support and Services. Splunk Cloud TechOps will provide assistance for the migration from Splunk App for AWS to Content Pack for Unix Dashboards and Reports.

Migration steps for on-premises standalone or distributed environments

If you're using an on-prem environment, you can perform the migration from the Splunk App for AWS to the Content Pack for Amazon Web Services Dashboards and Reports yourself.

Before migration

Before migrating to Content Pack for AWS Dashboards and Reports, make sure to follow the steps below in order to make a backup of your custom configurations and lookups.

  1. Make a backup of the following directories in the splunk_app_aws package present in the $SPLUNK_HOME/etc/apps on each search head:
    1. /local directory which contains all the local configurations of the conf files
    2. /lookups directory which contains the CSV lookups
    3. /metadata/local.meta which contains the updated permissions for the Knowledge Objects.
  2. Make a backup of the KV Store lookups present in the app.
    1. Identify the KV Store captain from different search heads. (Perform this step if the you are using a Search Head Cluster environment). For Single Search Head deployment, the only search head will be KV store captain:
      $SPLUNK_HOME/bin/splunk show kvstore-status
    2. Login to the KVStore Captain search head and run the following command.
      $SPLUNK_HOME/bin/splunk backup kvstore -archiveName splunk_app_aws_kvstore_backup -appName splunk_app_aws
    3. Identify the latest backup in $SPLUNK_HOME/var/lib/splunk/kvstorebackup and copy the splunk_app_aws_kvstore_backup.tar.gz backup file to $SPLUNK_HOME/tmp. This archive file is required to restore the App KV Store lookup data during migration.

Migrate from Splunk App for AWS to Content Pack for AWS Dashboards and Reports

Follow the steps below to migrate from Splunk App for AWS to Content Pack for AWS Dashboards and Reports. Only perform this migration procedure after you've completed the prerequisites in the Before migration sub-section to back up your existing lookups and custom configurations.

  1. Perform the following steps on each search head present in your deployment to disable the Splunk App for AWS
    1. Create an app.conf file in your local directory if it is not present, then navigate to {SPLUNK_HOME}/etc/apps/splunk_app_aws/local/app.conf and edit the "state" property of "install" stanza as shown below:
      [install]
      state = disabled
      
    2. Restart the instance:
      $SPLUNK_HOME/bin/splunk restart
  2. Install IT Service Intelligence (ITSI) or IT Essentials Work on the same search head with AWS data according to your type of deployment. Refer to these topics in the Splunk IT Service Intelligence Install and Upgrade Manual:
    1. Install Splunk IT Service Intelligence on a single instance
    2. Install Splunk IT Service intelligence in a distributed environment
    3. Install IT Service Intelligence in a search head cluster environment
    4. Install IT Essentials Work
  3. Install the Splunk App for Content Packs according to your type of deployment:
    1. Install the Splunk App for Content Packs on a single on-premises environment
    2. Install the Splunk App for Content Packs on a search head cluster environment
    3. Install the Splunk App for Content Packs on a distributed environment

After following the previous steps, the deployment looks like the following image:

This image is a diagram of post-migration deployment. A series of connected boxes represent the different parts of a deployment and include the Data Collection Node, Indexer, and Search Heads. Review the table that follows for more information.
Product Data collection node (forwarder) Indexer Search head
Splunk Add-on for AWS
Splunk App for AWS Disabled
ITSI or IT Essentials Work
Splunk App for Content Packs

After migration

After migration, perform the following procedure:

  1. Restore the backup of the KV Store lookup.
    1. Identify the KV Store captain from different Search Heads. (Perform this step if the you are using Search Head Cluster environment). For Single Search Head Deployment, the only search head will be KV store captain:
      $SPLUNK_HOME/bin/splunk show kvstore-status
    2. If the KV Store captain has changed, then move the KV Store backup file from old KV Store Captain to current KV Store Captain. Run the following command on the search head where KVStore backup was taken as part of the "Before migration" sub-section (Perform this step if the you are using Search Head Cluster environment):
      scp /path_of_splunk_app_aws_kvstore_backup.tar.gz {SPLUNK_USER}@{$search_head_ip}:/{SPLUNK_HOME}/tmp
    3. Login to KV Store Search Head captain instance and update the owner of the backup tar file:
      chown splunk:splunk $SPLUNK_HOME/tmp/splunk_app_aws_kvstore_backup.tar.gz
    4. On your current KV Store captain, untar the backup tar file.
      tar -xzvf $SPLUNK_HOME/tmp/splunk_app_aws_kvstore_backup.tar.gz
    5. Rename the folder:
      mv $SPLUNK_HOME/tmp/splunk_app_aws $SPLUNK_HOME/tmp/DA-ITSI-CP-aws-dashboards
    6. Tar the upgraded folder name:
      tar -czf $SPLUNK_HOME/tmp/DA-ITSI-CP-aws-dashboards_kvstore_backup.tar.gz DA-ITSI-CP-aws-dashboards
    7. Move the $SPLUNK_HOME/tmp/DA-ITSI-CP-aws-dashboards_kvstore_backup.tar.gz file in $SPLUNK_HOME/var/lib/splunk/kvstorebackup.
    8. Restore the backup:
      splunk restore kvstore -archiveName DA-ITSI-CP-aws-dashboards_kvstore_backup.tar.gz -appName DA-ITSI-CP-aws-dashboards
  2. Perform the following steps on each search head present in your deployment:
    1. Move the following directories from the App package to the DA-ITSI-CP-aws-dashboards folder that was backed up before you started migration:
      1. /local directory collected from the app which contains all the local configurations of the app
      2. /lookups directory
      3. /metadata/local.meta directory
    2. Remove the app.conf file from local directory.
    3. Restart the instance:
      $SPLUNK_HOME/bin/splunk restart

Install and configure the content pack

You can now install the content pack and make configurations:

  1. Make sure that the AWS data collected using the Splunk Add-on for AWS is searchable from the search head where you installed the Splunk App for Content Packs.
  2. Install and configure the Content Pack for Amazon Web Services Dashboards and Reports.

Access the dashboards in the content pack

You can now access the dashboards from the content pack:

  1. Log into your Splunk platform instance and open ITSI or IT Essentials Work.
  2. Go to Dashboards on the main navigation bar and choose Dashboards from the drop-down menu.
  3. From the list of dashboards, those with the suffix - AWS are from the Content Pack for Amazon Web Services Dashboards and Reports. Select the dashboard title to open the dashboard.

Configure the Content Pack for Amazon Web Services Dashboards and Reports in a new environment

The second option for migrating from the Splunk App for AWS to the Content Pack for Amazon Web Services Dashboards and Reports is to configure the content pack in a new environment.

To configure the content pack in a new environment, create a test environment and perform these steps to set up the Content Pack for Amazon Web Services Dashboards and Reports:

  1. After installing the Splunk App for Content Packs, install the content pack in your test environment.
  2. Once you complete testing the content pack in your test environment, install the content pack in your production environment.

To learn how to install the content pack, see Install and configure the Content Pack for Amazon Web Services Dashboards and Reports.

Last modified on 18 October, 2022
PREVIOUS
Install and configure the Content Pack for Amazon Web Services Dashboards and Reports
  NEXT
Use the Content Pack for Amazon Web Services Dashboards and Reports

This documentation applies to the following versions of Content Pack for Amazon Web Services Dashboards and Reports: 1.2.2, 1.3.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters