Content Pack for Amazon Web Services Dashboards and Reports

Content Pack for Amazon Web Services Dashboards and Reports

Entity search reference for the Content Pack for Amazon Web Services Dashboards and Reports

These entity searches are packaged in the content pack. You can enable them as part of the installation steps, see Enable entity searches . The searches are provided here as a point of reference. If you need manually create the entity searches for any reason follow the steps to manually import entities.

Entity type search SPL and column mapping SPL and column mapping

ITSI Import Objects - Import EC2 Instance Entity: Get a list of recently active EC2 instances.

Entity search SPL:

`aws-metadata(*, *, "ec2_instances","InstanceId")`
| fillnull value="N/A"
| spath output=tags path=Tags{}
| rex field=tags "\"Key\": \"Name\", \"Value\": \"(?<tagname>.+)\""
| rename tagname AS InstanceName
| eval entity_title=InstanceId
| eval entity_type="EC2 Instance"
| eval entity_type_info=entity_type
| table entity_title InstanceId InstanceName InstanceType AccountId region entity_type_info entity_type

Column mapping:

Column name Import column as
entity_title Entity Title
InstanceId Entity Alias
entity_type Entity Type
All other fields Entity Information Field

ITSI Import Objects - Import EBS Volume Entity: Get a list of recently active EBS volumes.

Entity search SPL:

`aws-metadata(*, *, "ec2_volumes","VolumeId")`
| fillnull value="N/A" 
| spath output=tags path=Tags{}
| rex field=tags "\"Key\": \"Name\", \"Value\": \"(?<tagname>.+)\"" 
| rename tagname AS VolumeName, Size AS Size(GB), Attachments{}.InstanceId AS InstanceId
| eval entity_title=VolumeId
| dedup entity_title
| eval entity_type="EBS Volume"
| eval entity_type_info=entity_type
| table entity_title VolumeId VolumeName VolumeType Size(GB) InstanceId AccountId region entity_type_info entity_type

Column mapping:

Column name Import column as
entity_title Entity Title
VolumeId Entity Alias
entity_type Entity Type
All other fields Entity Information Field

ITSI Import Objects - Import Lambda Function Entity: Get a list of recently active Lambda functions.

Entity search SPL:

`aws-metadata-lambda(*, *)`
| fillnull value="N/A" 
| rename name AS FunctionName
| eval entity_title=uniq_id
| eval entity_type="Lambda Function"
| eval entity_type_info=entity_type
| table entity_title uniq_id Description FunctionName Runtime Handler AccountId region entity_type_info entity_type

Column mapping:

Column name Import column as
entity_title Entity Title
uniq_id Entity Alias
entity_type Entity Type
All other fields Entity Information Field

ITSI Import Objects - Import ELB Instance Entity: Get a list of recently active ELB instances.

Entity search SPL:

`aws-metadata-elb(*, *)`
| eval VpcId=if(isnull(VPCId), VpcId, VPCId)
| fillnull value="N/A" 
| rename name AS ELBName
| eval entity_title=uniq_id
| eval entity_type="ELB Instance"
| eval entity_type_info=entity_type
| eval ELBType=if(Type="application", "Application Load Balancer", "Classic Load Balancer") 
| table entity_title uniq_id ELBName ELBType DNSName VpcId AccountId region entity_type_info entity_type

Column mapping:

Column name Import column as
entity_title Entity Title
uniq_id Entity Alias
entity_type Entity Type
All other fields Entity Information Field

Manually import entities

For each AWS entity you want to import, follow these steps:

  1. Go to Configuration > Entities from the ITSI or IT Essentials Work menu.
  2. Select Create Entity > Import from Search.
  3. Paste the SPL for the entity type you want to import in the Ad hoc Search field and click the search icon to preview your entities.
  4. Click Next.
  5. On the Entity/Service Import screen, map the columns as specified for the entity type.
  6. Click Import
  7. Click Set Up Recurring Import.
    1. Enter a name for your recurring import. For example, "Get_AWS_Entities."
    2. Select a schedule. We recommend scheduling it to run every hour.
    3. Click Submit.

When you've finished importing your entities, go to the Service Analyzer > Default Analyzer to see your services and KPIs light up.

Last modified on 22 May, 2024
Knowledge objects reference for the Content Pack for Amazon Web Services Dashboards and Reports  

This documentation applies to the following versions of Content Pack for Amazon Web Services Dashboards and Reports: 1.5.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters