Onboard AWS in Data Manager
Data Manager helps you quickly set up multiple AWS accounts for data ingestion into your Splunk Cloud deployment.
Logging in and getting started with Data Manager
Complete the following steps to get started:
- Log into Splunk Cloud using Splunk-provided credentials.
- Save the email that contains the credentials. It contains a Forgot Password link, in case you need to reset your password.
- Change your password at the prompt.
- Sign the terms and conditions.
- Start onboarding or take the product tour.
Data Manager walks you through adding existing data sources so that you can monitor and investigate any alerts that impact the security state of your environment. It also helps you to see which services you are ingesting, but not yet using, so that you can expand your security coverage.
Stages of onboarding
Data Manager walks you through various stages depending if you're onboarding a single AWS account or multiple AWS accounts.
The onboarding steps are described in detail within Data Manager. The details are not duplicated here. Wait for each step to finish, before attempting to continue on to the next step.
Onboard a single account for push-based data ingestion
Onboarding a single AWS account consists of the following stages:
- Configure the AWS prerequisites in the data account.
- Configure the data account, regions, and data sources.
- Create a data ingestion CloudFormation stack in each region.
Onboard multiple accounts for push-based data ingestion
Onboarding multiple AWS accounts consists of the following stages:
- Configure the AWS prerequisites in the control account and data accounts.
- Configure the control account, data accounts, regions, and data sources.
- Create a control account CloudFormation StackSet to manage the data accounts.
- Create data account CloudFormation stack instances per region.
Onboard a single account for pull-based data ingestion
Onboarding a single AWS account consists of the following stages:
- AWS Admin completes the setup prerequisites in the data account
- Input AWS SQS Queue ARNs, Data Account IDs, and S3 bucket names.
- Establish an IAM role for SQS queue reads, and S3 bucket reads.
- Summary
Prerequisites for onboarding AWS data sources | About CloudFormation stack templates |
This documentation applies to the following versions of Data Manager: 1.8.2
Feedback submitted, thanks!