Splunk® Enterprise

Add AWS Config Rules data: Distributed deployment with indexer clustering

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

Configure Splunk Enterprise to work with Amazon Kinesis Firehose

Indexers in AWS VPC

If you have placed your indexers on the AWS Virtual Private Cloud, use an elastic load balancer to send data to your indexers. Firehose-to-VPC.png

Indexers in Splunk Enterprise

If you have not placed your indexers in an AWS Virtual Private Cloud, but the indexers are accessible from AWS Firehose via public IPs, install a CA-signed SSL certificate on each indexer, then send data directly to your indexers.


Prepare your indexers before you proceed:

  1. Install a CA-signed SSL certificate on each indexer.
  2. Create a DNS name that resolves to the set of indexers that you plan to use to collect data from Amazon Kinesis Firehose. You will need this DNS name in a later step.

For more information about SSL, see the Additional resources topic at the end of this manual.

Last modified on 12 June, 2019
Configure Amazon Web Services to collect data
Install the Splunk Add-on for Amazon Kinesis Firehose

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters