Splunk® Enterprise

Add AWS Config Notifications data: Distributed deployment with indexer clustering

Download manual as PDF

Download topic as PDF

Configure Splunk Enterprise to work with Amazon Kinesis Firehose

Indexers in AWS VPC

If you have placed your indexers on the AWS Virtual Private Cloud, use an elastic load balancer to send data to your indexers. Firehose-to-VPC.png

Indexers in Splunk Enterprise

If you have not placed your indexers in an AWS Virtual Private Cloud, but the indexers are accessible from AWS Firehose via public IPs, install a CA-signed SSL certificate on each indexer, then send data directly to your indexers.


Prepare your indexers before you proceed:

  1. Install a CA-signed SSL certificate on each indexer.
  2. Create a DNS name that resolves to the set of indexers that you plan to use to collect data from Amazon Kinesis Firehose. You will need this DNS name in a later step.

For more information about SSL, see the Additional resources topic at the end of this manual.

Configure Amazon Web Services to collect data
Install the Splunk Add-on for Amazon Kinesis Firehose

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.3.0, 7.3.1, 7.3.2

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters