Data Manager

User Manual

This documentation does not apply to the most recent version of Data Manager. For documentation on the most recent version, go to the latest release.

AWS prerequisites for Data Manager

An AWS admin completes prerequisites ahead of time so that a Splunk Admin can use Data Manager for onboarding. Alternatively, an AWS admin can complete the entire process. Data Manager contains optional steps to guide you through this choice.

Splunk platform requirements

HTTP Event Collector requirements

If an AWS input has one or more data sources that will require Amazon Kinesis Data Firehose to send data to your Splunk Cloud deployment. Before you deploy the CloudFormation template, ensure that your Splunk Cloud deployment has a load balancer with HTTP Event Collector (HEC) acknowledgement enabled. If you are not sure, check with your Splunk administrator, or reach out to Splunk Support.

For more information on which data sources that require Amazon Kinesis Data Firehose, see the Data ingestion mechanisms and intervals in Data Manager topic in this manual.

Add-on compatibility requirements

The Splunk Add-on for Amazon Web Services, and the Splunk Add-on for Amazon Kinesis Firehose should not be configured for the same AWS account and same data sources as Data Manager.

Common Information Model prerequisites

Data Manager supports Common Information Model (CIM) normalization for Google Cloud platform inputs when the Splunk Add-on for Amazon Web Services (AWS) is installed on the part of your Splunk Cloud deployment that performs the parsing or search-time functionality for your data. This add-on must be installed, but does not need to be configured.

Download the Splunk Add-on for Amazon Web Services (AWS) from Splunkbase

For more information, see the Splunk Add-on for Amazon Web Services documentation manual.

For information on the CIM, see the Overview of the Splunk Common Information Model topic in the Common Information Model Add-on manual.

AWS Kinesis data source prerequisites

Some AWS Kinesis data sources only need to be selected during onboarding, but others need to be configured ahead of time.

Configure CloudTrail

If you select CloudTrail as a data source, you need to make sure that your AWS CloudTrail is configured to send its data to a CloudWatch log group for the accounts and regions that you select. See Sending Events to CloudWatch Logs.

Configure IAM Access Analyzer

If you select IAM Access Analyzer, it needs to be enabled in every region where you want to monitor access to your resources. See Enabling Access Analyzer.

Configure Security Hub or GuardDuty

If you select Security Hub or GuardDuty, you need to make sure that your AWS Security Hub or GuardDuty is enabled for the accounts and regions that you select. See Enabling Security Hub and Enable Amazon GuardDuty.

AWS CloudWatch data source prerequisites

Some AWS CloudWatch data sources only need to be selected during onboarding, but others need to be configured ahead of time.

Configure Amazon API Gateway

If you use the Amazon API Gateway as a data source, use the API Gateway console to send Amazon API Gateway logs to your CloudWatch log group for the accounts and regions that you select. See Setting up CloudWatch logging for a REST API in API Gateway.

Configure Amazon DocumentDB

If you use Amazon DocumentDB as a data source, you must both enable both audit logging on your cluster, and Amazon DocumentDB, in order to export logs to your CloudWatch log group for the accounts and regions that you select. See Monitoring Amazon DocumentDB with CloudWatch.

Configure Amazon Elastic Kubernetes Service (EKS)

If you use the Amazon Elastic Kubernetes Service (EKS) as a data source, make sure that each EKS cluster is configured to send its data to an Amazon CloudWatch log group for the accounts and regions that you select. See Amazon EKS control plane logging.

Configure Amazon Relational Database Service (RDS)

If you use the Amazon Relational Database Service (RDS) as a data source, make sure that your RDS instance is configured to send its data to an Amazon CloudWatch log group for the accounts and regions that you select. See Publishing PostgreSQL logs to Amazon CloudWatch Logs.

AWS CLI Prerequisites

You need AWS CLI version 2 to run the commands, such as the following:

$ aws --version
aws-cli/2.0.4 Python/3.8.2 Darwin/19.6.0 botocore/2.0.0dev8

The aws2 dev version is not supported.

There are numerous ways to prepare your terminal to use the credentials for your data account. Use the AWS documentation for details about configuring your CLI terminal with credentials to run AWS commands. See Configuring the AWS CLI.

Last modified on 30 August, 2022
Data ingestion mechanisms and intervals in Data Manager   Onboard AWS in Data Manager

This documentation applies to the following versions of Data Manager: 1.6.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters