AWS prerequisites for Data Manager
An AWS admin completes prerequisites ahead of time so that a Splunk Admin can use Data Manager for onboarding. Alternatively, an AWS admin can complete the entire process. Data Manager contains optional steps to guide you through this choice.
Splunk platform requirements
HTTP Event Collector requirements
If an AWS input has one or more data sources that will require Amazon Kinesis Data Firehose to send data to your Splunk Cloud deployment. Before you deploy the CloudFormation template, ensure that your Splunk Cloud deployment has a load balancer with HTTP Event Collector (HEC) acknowledgement enabled. If you are not sure, check with your Splunk administrator, or reach out to Splunk Support.
For more information on which data sources that require Amazon Kinesis Data Firehose, see the Data ingestion mechanisms and intervals in Data Manager topic in this manual.
Add-on compatibility requirements
The Splunk Add-on for Amazon Web Services, and the Splunk Add-on for Amazon Kinesis Firehose should not be configured for the same AWS account and same data sources as Data Manager.
Common Information Model prerequisites
Data Manager supports Common Information Model (CIM) normalization for Google Cloud platform inputs when the Splunk Add-on for Amazon Web Services (AWS) is installed on the part of your Splunk Cloud deployment that performs the parsing or search-time functionality for your data. This add-on must be installed, but does not need to be configured.
Download the Splunk Add-on for Amazon Web Services (AWS) from Splunkbase
For more information, see the Splunk Add-on for Amazon Web Services documentation manual.
For information on the CIM, see the Overview of the Splunk Common Information Model topic in the Common Information Model Add-on manual.
AWS Kinesis data source prerequisites
Some AWS Kinesis data sources only need to be selected during onboarding, but others need to be configured ahead of time.
Configure CloudTrail
If you select CloudTrail as a data source, you need to make sure that your AWS CloudTrail is configured to send its data to a CloudWatch log group for the accounts and regions that you select. See Sending Events to CloudWatch Logs.
Configure IAM Access Analyzer
If you select IAM Access Analyzer, it needs to be enabled in every region where you want to monitor access to your resources. See Enabling Access Analyzer.
Configure Security Hub or GuardDuty
If you select Security Hub or GuardDuty, you need to make sure that your AWS Security Hub or GuardDuty is enabled for the accounts and regions that you select. See Enabling Security Hub and Enable Amazon GuardDuty.
AWS CloudWatch data source prerequisites
Some AWS CloudWatch data sources only need to be selected during onboarding, but others need to be configured ahead of time.
Configure Amazon API Gateway
If you use the Amazon API Gateway as a data source, use the API Gateway console to send Amazon API Gateway logs to your CloudWatch log group for the accounts and regions that you select. See Setting up CloudWatch logging for a REST API in API Gateway.
Configure Amazon DocumentDB
If you use Amazon DocumentDB as a data source, you must both enable both audit logging on your cluster, and Amazon DocumentDB, in order to export logs to your CloudWatch log group for the accounts and regions that you select. See Monitoring Amazon DocumentDB with CloudWatch.
Configure Amazon Elastic Kubernetes Service (EKS)
If you use the Amazon Elastic Kubernetes Service (EKS) as a data source, make sure that each EKS cluster is configured to send its data to an Amazon CloudWatch log group for the accounts and regions that you select. See Amazon EKS control plane logging.
Configure Amazon Relational Database Service (RDS)
If you use the Amazon Relational Database Service (RDS) as a data source, make sure that your RDS instance is configured to send its data to an Amazon CloudWatch log group for the accounts and regions that you select. See Publishing PostgreSQL logs to Amazon CloudWatch Logs.
AWS CLI Prerequisites
You need AWS CLI version 2 to run the commands, such as the following:
$ aws --version aws-cli/2.0.4 Python/3.8.2 Darwin/19.6.0 botocore/2.0.0dev8
The aws2 dev version is not supported.
There are numerous ways to prepare your terminal to use the credentials for your data account. Use the AWS documentation for details about configuring your CLI terminal with credentials to run AWS commands. See Configuring the AWS CLI.
Data ingestion mechanisms and intervals in Data Manager | Onboard AWS in Data Manager |
This documentation applies to the following versions of Data Manager: 1.6.1
Feedback submitted, thanks!