Splunk® Content Packs for ITSI and IT Essentials Work

Splunk Content Packs for ITSI and IT Essentials Work

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Dashboard reference for the Content Pack for Amazon Web Services Dashboards and Reports

The Content Pack for Amazon Web Services Dashboards and Reports offers a variety of dashboards to give you insight into your AWS data. Each dashboard is powered by data collected from your AWS environment using one or more input types configured in the Splunk Add-on for Amazon Web Services. And as you navigate between dashboards your filter selections for Account ID and region are retained.

You can configure each dashboard included in the content pack. Refer to the following tables for the configurable input types by available dashboard.

Overview dashboards

Overview dashboards provide high level, summary insights on data from your AWS environment.

Overview - AWS

This dashboard gives an overview of your AWS environment and status from different perspectives, including configuration changes, usage, security. If anything looks unusual, you can click a panel to drill down to a more detailed dashboard.

Example input types: SQS-based S3, Description.

See the following table for the Overview-AWS dashboard panels and their corresponding source types:

Panel Source type
CloudFront aws:cloudfront:accesslogs
Compute Instances aws:description
Configuration Changes aws:config:notification
Elastic Load Balancing (ELB) aws:description, aws:cloudwatch
Notable CloudTrail Activity by Origin aws:cloudtrail
Storage aws:description, aws:cloudwatch

Usage Overview - AWS

This dashboard summarizes the usage of AWS services, such as EC2 and Elastic Block Store (EBS).

Example input types: Description, CloudWatch.

See the following table for the Usage Overview-AWS dashboard panels and their corresponding source types:

Panel Source type
EBS aws:description
EC2 aws:description
ELB aws:description, aws:cloudwatch
Max CPU Utilization - Last 7 Days Top 5 aws:cloudwatch, aws:description
Min CPU Utilization - Last 7 Days Top 5 aws:cloudwatch, aws:description

Insights Overview - AWS

This dashboard summarizes the numbers and trends of detected problems with resource usages.

Example input types: Description, CloudWatch.

See the following table for the Insights Overview-AWS dashboard panels and their corresponding source types:

Panel Source type
Anomaly - Last 100 by 12 a.m. aws:cloudwatch, aws:cloudtrail
Anomaly - Yesterday aws:description, aws:cloudwatch, aws:cloudtrail
Insights - Yesterday aws:description, aws:cloudwatch

Anomaly Detection Overview - AWS

This dashboard displays anomaly trends over time, as well as a list of recent anomalies. You can also view and manage all the configured anomaly detection jobs in this dashboard.

Example input types: Description, CloudWatch.

See the following table for the Anomaly Detection Overview-AWS dashboard panels and their corresponding source types:

Panel Source type
Anomaly Detection Jobs aws:cloudwatch, aws:cloudtrail
Anomaly Trends aws:description, aws:cloudwatch
Latest 100 Anomalies aws:description, aws:cloudwatch, aws:cloudtrail

Topology dashboards

Topology dashboards displays the topology of your AWS resources and how they relate to each other.

Topology - AWS

This dashboard relies on data from the AWS Config service, which isn't available in GovCloud or China regions at this time.

Example input types: SQS-based S3, CloudWatch, Kinesis, Billing.

See the following table for the Topology-AWS dashboard panels and their corresponding source types:

Panel Source type
Activity aws:cloudtrail
Amazon Inspector and Config Rules aws:inspector, aws:config:rule
Billing aws:billing
IAM aws:config
Relationships aws:config
Topology aws:config
Usage aws:cloudwatch
VPC Flow aws:cloudwatchlogs:vpcflow

Timeline dashboards

Timeline dashboards display historical events on a timeline.

Timeline - AWS

This dashboard chronologically displays up to 200 historical events on a timeline associated with the following AWS services: Config Notification, Amazon Inspector, Config Rules, CloudTrail, Personal Health, SQS (custom events).

For SQS custom events to be displayed on the timeline, the events have to be described in the following json format and are ingested from the SQS queue by the Splunk Add-on for AWS.

{
    "title": "<event title>",
    "description": "<event description>",
    "resourceId": "AWS resource ID",
    "accountId": "AWS account ID",
    "regioin": "AWS region"
}

Example input types: SQS-based S3, Description, Inspector.

See the following table for the Timeline-AWS dashboard panels and their corresponding source types:

Panel Source type
Timeline aws:description, aws:inspector, aws:cloudtrail, aws:config:rule, aws:config:notifications

Usage dashboards

Usage dashboards provide insights on data from your EC2 instances, Elastic Block Store, Elastic Load Balancing, capacity planner, and reserved instance planner.

EC2 Instances - AWS

This dashboard describes the usage of your EC2 instances.

Example input types: Description, CloudWatch.

See the following table for the EC2 Instances-AWS dashboard panels and their corresponding source types:

Panel Source type
CloudRunning EC2 Instances by Type aws:description
EC2 Spot Instances Details aws:description
In-Use Reserved EC2 Instances aws:description
Running EC2 Instances aws:description
Running EC2 Instances by Category aws:description
Running EC2 Instances by Region aws:description
Running EC2 Instances by Region Over Time aws:description
Running EC2 Instances by Type Over Time aws:description
Unused Reserved EC2 Instances aws:description

Individual EC2 Instances - AWS

This dashboard allows you to look up the detailed usage of specific EC2 instances.

Example input types: Description, CloudWatch.

See the following table for the Individual EC2 Instances-AWS dashboard panels and their corresponding source types:

Panel Source type
Average CPU Utilization - Last 24h aws:cloudwatch
Average CPU Utilization Over Time aws:cloudwatch
EC2 Instance Details aws:description
Total Failed Status Checks - Last 24h aws:cloudwatch
Total Failed Status Checks Over Time aws:cloudwatch
Total Network I/O - Last 24h aws:cloudwatch
Total Network I/O Over Time aws:cloudwatch

EBS Volumes - AWS

This dashboard describes the usage of Elastic Block Store (EBS) volumes.

Example input types: Description, CloudWatch.

See the following table for the EBS Volumes-AWS dashboard panels and their corresponding source types:

Panel Source type
EBS Snapshots Size aws:description
EBS Volumes by IOPS aws:description
EBS Volumes by Sizes aws:description
EBS Volumes with IOPS < 1 - Last 7 Days aws:description, aws:cloudwatch
EBS Volumes without Recent (30 days) Snapshot aws:description
In-Use EBS Volumes aws:description
In-Use EBS Volume Size aws:description
In-Use EBS Volumes by Type aws:description
Non-Optimized EBS Volumes aws:description
Standard EBS Volumes with IOPS > 95 - Last 7 Days aws:description, aws:cloudwatch
Unused EBS Volumes aws:description

ELB Instances - AWS

This dashboard displays information about Elastic Load Balancing (ELB) in your environment.

Example input types: Description, CloudWatch.

See the following table for the ELB Instances-AWS dashboard panels and their corresponding source types:

Panel Source type
ELB Error Requests aws:cloudwatch
ELBs by Region aws:description
HTTP 4XX Responses aws:cloudwatch
HTTP 5XX Responses aws:cloudwatch
Latency per ELB Over Time aws:cloudwatch
Requests per ELB Over Time aws:cloudwatch
Requests by ELB aws:cloudwatch
Requests by HTTP Status Code aws:cloudwatch
Total ELBs aws:description
Total Requests aws:cloudwatch
Unhealthy EC2 Instances aws:description

Individual ELB Instances - AWS

This dashboard allows you to look up detailed information about specific ELBs.

Example input types: Description, CloudWatch.

See the following table for the ELB Instances-AWS dashboard panels and their corresponding source types:

Panel Source type
EC2 Instances aws:description
ELB Details aws:cloudwatch
ELB Error Requests aws:cloudwatch
HTTP Error Requests aws:cloudwatch
HTTP Status Code Over Time aws:cloudwatch
Latency Over Time aws:cloudwatch
Request Count Over Time aws:cloudwatch
Total Requests aws:cloudwatch
Unhealthy EC2 Instances aws:description

Capacity Planner - AWS and Capacity Planner CUR - AWS

This dashboard allows you to analyze your usage to plan your capacity for upcoming months. The dashboard is based on historical month data from AWS Detailed Billing Reports with resources and tags.

Example input types: Billing (Cost and Usage Report)

See the following table for the Capacity Planner-AWS or Capacity Planner CUR-AWS dashboard panels and their corresponding source types:

Panel Source type
Instance Hours aws:billing
Percentage of On-Demand Cost aws:billing
Percentage of On-Demand Hours aws:billing
Total Instance Cost aws:billing
Total Instance Hours aws:billing, aws:billing:cur

Reserved Instance Planner - AWS and Reserved Instance Planner CUR - AWS

This dashboard helps you better plan your reserved instances by showing existing resources and providing optimal resource recommendations with estimated annual savings based on historical or predictive usage data.

Example input types: Billing (Cost and Usage Report), Description

See the following table for the Reserved Instance Planner-AWS or Reserved Instance Planner CUR-AWS dashboard panels and their corresponding source types:

Panel Source type
Reserved Instance Planner aws:billing, aws:billing:cur, aws:description

Reserved Instance Inventory - AWS

This dashboard displays usage statistics of reserved instances (RI) as well as current RI plans.

Example input types: Description

The RI Utilization by Family in Last Month Panel displays based on the data present. If detailed data is present, then the RI Utilization by Family in Last Month (Detailed) displays. If the CUR data is present, then RI Utilization by Family in Last Month (CUR) panel displays. The default panel is RI Utilization by Family in Last Month (Detailed) if data is not present.

See the following table for the Reserved Instance Inventory-AWS dashboard panels and their corresponding source types:

Panel Source type
RIs by Instance Type aws:description
RIs by Payment Option aws:description
RI Plans aws:description
RIs by Region aws:description
RI Utilization by Family in Last Month aws:description

Relational Database Service - AWS

This dashboard displays RDS data from the CloudWatch service.

Example input types: Description, CloudWatch.

See the following table for the Relational Database Service-AWS dashboard panels and their corresponding source types:

Panel Source type
Average CPU Utilization aws:description, aws:cloudwatch
Average Free Storage Space aws:description, aws:cloudwatch
Average Freeable Memory aws:description, aws:cloudwatch
Average Read Latency aws:description, aws:cloudwatch
Average Write IOPS aws:description, aws:cloudwatch
Average Write Latency aws:description, aws:cloudwatch
RDS Instance Details aws:description, aws:cloudwatch

Lambda - AWS

This dashboard provides detailed metrics of functions run by the AWS Lambda compute service.

Example input types: CloudWatch.

See the following table for the Lambda-AWS dashboard panels and their corresponding source types:

Panel Source type
Duration (ms) by Function aws:cloudwatch
Duration (ms) by Function Over Time aws:cloudwatch
Errors by Function aws:cloudwatch
Errors by Function Over Time aws:cloudwatch
GB-s by Function aws:cloudwatch
GB-s by Function Over Time aws:cloudwatch
Invocations by Function aws:cloudwatch
Invocations by Function Over Time aws:cloudwatch
Throttles by Function aws:cloudwatch
Throttles by Function Over Time aws:cloudwatch

API Gateway - AWS

This dashboard visualizes metrics of APIs managed through your API Gateway.

Example input types: CloudWatch.

See the following table for the API Gateway-AWS dashboard panels and their corresponding source types:

Panel Source type
Most Active Methods aws:cloudwatch
Slowest Methods aws:cloudwatch
Total Count by API aws:cloudwatch
Total Count by API Over Time aws:cloudwatch
Total Error by API aws:cloudwatch
Total Error by API Over Time aws:cloudwatch

Insights dashboards

Config Rules - AWS

This dashboard displays compliance status results based on the AWS Config rules that you set up in your environment.

Example input types: SQS-based S3

Panel Source type
Active Config Rules aws:config:rule
Active Config Rules Summary aws:config:rule
Compliant vs Non-Compliant Config Rules aws:config:rule
Compliant vs Non-Compliant Resources aws:config:rule
Non-Compliant Config Rules aws:config:rule
Non-Compliant Resources aws:config:rule
Non-Compliant Resources by Config Rules aws:config:rule
Non-Compliant Resource Details aws:config:rule
Non-Compliant Resources Over Time aws:config:rule

Amazon Inspector - AWS

This dashboard displays the results of your Amazon Inspector findings, which you can filter by assessment run and severity.

From the Findings table on the Amazon Inspector - AWS dashboard, click an EC2 instance name to jump directly to the Topology dashboard and view that EC2 instance in context.

Example input types: Inspector

Panel Source type
Completed Assessment Runs aws:inspector
Findings aws:inspector
High Severity aws:inspector
Informational Severity aws:inspector
Low Severity aws:inspector
Medium Severity aws:inspector
Total Findings aws:inspector

Elastic IP Insights - AWS

This dashboard displays public IPs with problems and provides best practices.

Example input types: Description


Panel Source type
Elastic IP Insights aws:description

ELB Insights - AWS

This dashboard displays load-balancing problems at different severity levels and provides best practices.

Example input types: Description, CloudWatch

Panel Source type
Elastic Load Balancing Insights aws:description, aws:cloudwatch

EBS Insights - AWS

This dashboard displays detected EBS-related anomalies at different severity levels and provides best practices.

Example input types: Description

Panel Source type
EBS Insights aws:description, aws:cloudwatch

AWS Personal Health - AWS

This dashboard displays statuses of different types of services.

Example input types: SQS-based S3

Panel Source type
Service Status aws:sqs

Billing dashboards

Billing dashboards provide billing and budget related insights on data from your AWS environment.

Billing Detailed Overview - AWS and Billing CUR Overview - AWS

This dashboard shows an overview of billing information.

Example input types: Billing (Cost and Usage Report), CloudWatch

Panel Source type
Cost by Service aws:billing, aws:billing:cur
Estimated Cost - Month to Date aws:cloudwatch
Total Cost by Product Name and Operation aws:billing, aws:billing:cur

Budget Planner - AWS and Budget Planner CUR - AWS

This dashboard helps you better plan budgets and control expenses by letting you set monthly budgets over time, and view all aspects of your budget information and track expenses against your budgets.

Example input types: Billing (Cost and Usage Report)

Panel Source type
Budget aws:billing, aws:billing:cur
Budget Burndown aws:billing, aws:billing:cur
Monthly Budget aws:billing, aws:billing:cur
Month-over-Month Budget aws:billing, aws:billing:cur
Remaining Total Budget aws:billing, aws:billing:cur
Total Budget aws:billing, aws:billing:cur

Current Month Estimated Billing - AWS and Current Month Estimated Billing CUR - AWS

The dashboard shows projected AWS bill information based on your CloudWatch billing metrics.

The Total Projected Cost -- This Month and Cost Projection Over Time panels rely on at least two data points before a projection can appear. These panels show "No results found" for the first few days of each new month.

Example input types: CloudWatch

Panel Source type
Cost Projection Over Time aws:cloudwatch
Estimated Cost by Account aws:cloudwatch
Estimated Cost by Account and Service - Month to Date aws:cloudwatch
Estimated Cost - Month to Date aws:cloudwatch
Estimated Cost by Service aws:cloudwatch
Month over Month Comparison - Daily Cost aws:cloudwatch
Total Projected Cost - This Month aws:cloudwatch

Historical Monthly Bills - AWS and Historical Monthly Bills CUR - AWS

This dashboard displays your monthly billing cost up to but excluding the current month. AWS continues to update the monthly billing report several days after the last day of a calendar month, so you might see some fluctuation in the most recent monthly charge during the first few days of a new month.

The Cost by Region panel is not available in consolidated accounts and shows incomplete costs in non-consolidated accounts if your bills include items that do not have region information associated with them.

Example input types: Billing (Cost and Usage Report)

Panel Source type
Cost by Account aws:billing, aws:billing:cur
Cost by Account and Service aws:billing, aws:billing:cur
Cost by Region aws:billing, aws:billing:cur
Cost by Service aws:billing, aws:billing:cur
EBS Cost by Usage Type aws:billing, aws:billing:cur
EC2 Cost by Instance Type aws:billing, aws:billing:cur
Month over Month Comparison aws:billing, aws:billing:cur

Historical Detailed Bills - AWS and Historical Detailed Bills CUR - AWS

This dashboard allows you to analyze your detailed billing history using your AWS Detailed Billing Reports with resources and tags. This dashboard does not include data for the current month. Expect long load times for this dashboard due to the large amount of data in the Detailed Billing Report.

Example input types: Billing (Cost and Usage Report)

Panel Source type
Cost Over Time aws:billing, aws:billing:cur
Total Cost aws:billing, aws:billing:cur
Last modified on 27 September, 2021
PREVIOUS
Troubleshoot the Content Pack for Amazon Web Services Dashboards and Reports
  NEXT
Knowledge objects reference for the Content Pack for Amazon Web Services Dashboards and Reports

This documentation applies to the following versions of Splunk® Content Packs for ITSI and IT Essentials Work: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters