Use the Amazon CloudWatch Metrics connector with Splunk DSP
Use the Amazon CloudWatch Metrics connector to collect performance data from Amazon CloudWatch. The Amazon CloudWatch Metrics connector uses namespaces and regions to provide system-wide visibility into resource utilization, application performance, and operational health.
See Using Amazon CloudWatch Metrics in the Amazon Web Services (AWS) documentation for more information about setting up and using Amazon CloudWatch Metrics.
Prerequisites
Before you can use the Amazon CloudWatch Metrics connector, you must have an AWS account. If you don't have an AWS account, ask your AWS admin to create an account and provide the Access Key ID and Secret Access Key. See Access Keys (Access Key ID and Secret Access Key) in the Amazon Web Services (AWS) documentation for more information about Access Key credentials.
Permissions for Amazon CloudWatch Metrics
Make sure your AWS account has the following permissions for Amazon CloudWatch Metrics:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Resource": "*" } ] }
Permissions for the AWS/EC2 namespace
Empty metrics in the AWS/EC2 namespace can be filtered out of the results. Make sure your AWS account has the following permissions:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "1", "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "autoscaling:DescribeAutoScalingGroups" ], "Resource": "*" } ] }
If your AWS account doesn't have these permissions, the connector still works with the AWS/EC2 namespace, but it takes longer to collect the metrics, and there are more AWS API calls.
Parameters used in the Amazon CloudWatch Metrics connector
In addition to the common configuration parameters, the Amazon CloudWatch Metrics connector uses the following parameters:
aws_credential
: The AWS credentials used to access the Amazon CloudWatch Metricsaccess_key
: The AWS access key credential informationaws_access_key_id
: Your AWS access key IDaws_secret_access_key
: Your AWS secret access key
namespace
: An array of namespacesregion
: An array of regionsperiod
: The length of time associated with a specific Amazon CloudWatch statisticstats
: An array of statistics. Statistics are metric data aggregations over specified periods of time. One statistic can beMaximum
,Sum
,Minimum
,Average
, orSampleCount
.delay
: (Optional) The number of seconds to delay the metrics data collection to compensate for latency in the availability of Amazon CloudWatch Metrics data points. The default is 300 seconds.
See Amazon CloudWatch Concepts in the Amazon Web Services documentation for more information about Amazon CloudWatch Metrics concepts.
All credentials are transmitted securely by HTTPS and saved in the Collection Service with industry-standard encryption. They can't be accessed outside of the current tenant.
Limitations of the Amazon CloudWatch Metrics connectors
The Amazon CloudWatch Metrics connector has the following limitations:
- The first time a scheduled job runs, metrics are collected for only one time interval as defined by the
period
parameter. For all following scheduled jobs, metrics are collected from the last execution up to the current time.
Amazon CloudWatch Metrics connector output
The following dimensions are included in the metric events collected from the Amazon CloudWatch Metrics:
AccountID
: The account ID of the AWS account. This dimension isn't included if the account ID can't be found.Region
: The region of the metric.
A typical metric event looks like this:
{ "metric_name": "AWS/EC2.NetworkOut.Sum", "_time": 2019-07-11T01:00:33.336+00:00, "_value": 13001145.0, "AccountID": "123412341234", //dimension "Region": "ca-central-1", //dimension "InstanceID": "i-123a12b12c123d12e", //dimension "source": "ca-central-1:AWS/EC2", "host": "aws_cwm_connector-v1.0.0", "index": "metrics", "sourcetype": "aws:cloudwatch:metrics", }
Create, modify, and delete a scheduled job using the Collect API
You can create, modify, and delete a scheduled job in the Amazon CloudWatch connector using the Collect API.
Create a scheduled job
The following example creates a job, schedules it to run at 45 minutes past every hour, and assigns 2 workers.
curl -X POST "https://api.scp.splunk.com/<tenant>/collect/v1beta1/jobs/" \ -H "Authorization: Bearer <accessToken>" \ -H "Content-Type: application/json" \ -d '{ "name": "cwm-connector-aksk-job", "connectorID": "aws-cloudwatch-metrics", "schedule": "45 * * * *", "parameters": { "aws_credential": { "access_key": { "aws_access_key_id": "your AWS access key", "aws_secret_access_key": "your AWS secret key" } }, "namespaces": [ "AWS/EC2" ], "regions": [ "us-west-1" ], "period": 300, "stats": [ "Maximum", "SampleCount" ] }, "enabled": true, "scalePolicy": { "static": { "workers": 2 } } }'
A typical response when you create a scheduled job using a POST request looks like this:
{ "data": { "connectorID": "aws-cloudwatch-metrics", "createUserID": "your user ID" "createdAt": "2019-02-22T14:29:23.852Z", "id": "your job ID", "lastModifiedAt": "2019-02-22T14:29:23.852Z", "lastUpdateUserID": "last user who updated" "name": "your connection name", "parameters": { "aws_credential": {}, "period": 300, "namespaces": [ "AWS/EC2" ], "regions": [ "us-west-1" ], "stats": ["Maximum", "SampleCount"] }, "scalePolicy": { "static": { "workers": 2 } }, "schedule": "45 * * * *", "scheduled": "true", "tenant": "your tenant ID" } }
Verify the job
After you create the scheduled job, you can find the job id
in the POST response. The following example performs a GET request on the job id
to verify the job was created and scheduled correctly:
curl -X GET "https://<DSP_HOST>:31000/default/v1beta1/jobs/<jobId>" \ -H "Authorization: Bearer <accessToken>" \ -H "Content-Type: application/json"
A typical response for a GET request on a job id
in a scheduled job looks like this:
{ "data": { "connectorID": "aws-cloudwatch-metrics", "createUserID": "your user ID", "createdAt": "2019-02-22T14:29:23.852Z", "id": "your job ID", "lastModifiedAt": "2019-02-22T14:29:23.852Z", "lastUpdateUserID": "last user who updated", "name": "your connection name", "schedule": "45 * * * *", "scheduled": true, "tenant": "your tenant ID", "eventExtraFields": null, "parameters": { "aws_credential": {}, "namespaces": [ "AWS/EC2" ], "regions": [ "us-west-1" ], "period": 300, "stats": [ "Maximum", "SampleCount" ] }, "scalePolicy": { "static": { "workers": 2 } } } }
Modify a scheduled job
The following example modifies the scheduled job with the PATCH request to increase the number of workers to 4:
curl -X PATCH "https://<DSP_HOST>:31000/default/collect/v1beta1/jobs/<jobId>" \ -H "Authorization: Bearer <accessToken>" \ -H "Content-Type: application/merge-patch+json" \ -d '{ "scalePolicy": { "static": { "workers": 4 } } }'
A typical response for a PATCH request on a scheduled job looks like this:
{ "data": { "id": "your job ID", "tenant": "default", "name": "your connection name", "connectorID": "aws-cloudwatch-metrics", "schedule": "45 * * * *", "parameters": {}, "scalePolicy": { "static": { "workers": 4 } }, "createdAt": "2019-02-22T14:29:23.852Z", "lastModifiedAt": "2019-02-25T19:19:09.892Z" } }
Note that the lastModifiedAt
value is updated.
Delete a scheduled job
The following example deletes a scheduled job based on job id
:
Make sure that no active pipelines are using the scheduled job you want to delete. If you delete a scheduled job with an active pipeline, your pipeline stops processing data.
curl -X DELETE "https://<DSP_HOST>:31000/default/collect/v1beta1/jobs/<jobId>" \ -H "Authorization: Bearer <accessToken>" \ -H "Content-Type: application/json"
When the connection is successfully deleted, you receive a "204 No content" response.
Create, modify, and delete a scheduled job using Global Connection Management
You can create, modify, and delete a scheduled job in the Amazon CloudWatch Metrics connector with Global Connection Management. See Manage connections to external data sources.
Get data in with the Collect service and a pull-based connector | Use the Amazon S3 connector with Splunk DSP |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.0.1
Feedback submitted, thanks!