About Guided Data Onboarding for AWS
Using both Splunk Web and Splunk documentation, Guided Data Onboarding (GDO) provides end-to-end guidance for getting specific AWS and Kinesis Firehose data sources into specific Splunk platform deployments. If you have a Splunk deployment up and running and if you have an admin or equivalent role so that you can install add-ons, you can use these guides to get data from popular data sources into Splunk.
Where to find Guided Data Onboarding
From your home page in Splunk Web, you can find the data onboarding guides by clicking Add Data. Then, you can either search for a data source or explore different categories of data sources. Currently, the categories are Networking, Operating System, and Security.
After you select your data source, you must select a deployment scenario. Then, you can view diagrams and high-level steps to set up and to configure your data source.
Splunk Web links to documentation that explains how to set up and configure your data source in greater detail. You can find all the Guided Data Onboarding manuals by clicking the Add data tab on the Splunk Enterprise Documentation site.
Supported Deployment Scenarios
For each data source, Splunk currently supports Guided Data Onboarding for three deployment scenarios. See the following table for a description of each scenario:
|A single Splunk Enterprise instance handles both indexing and search management. In this deployment scenario, you typically also install forwarders on your data-generating hosts to feed data from the hosts to your single instance.|
|Distributed deployment with
|In a distributed deployment, multiple Splunk Enterprise instances work together to support environments in which data originates on many machines, or in which many users need to search the data. Indexer clustering is a Splunk Enterprise feature by which an indexer cluster replicates data to achieve several goals. They include data availability, data fidelity, disaster tolerance, and improved search performance.|
|Splunk Cloud||Splunk Cloud delivers the benefits of Splunk Enterprise as a cloud-based service.|
If you need help determining your deployment, see the Inheriting a Splunk Enterprise Deployment manual.
Turn off Guided Data Onboarding
If you do not want the Guided Data Onboarding feature to appear in Splunk Web, go to your
$SPLUNK_HOME/etc/apps/splunk_gdi/default/gdi_settings.conf file and set the
allowWebService variable to false.
Learn more about HEC
- Setting up distributed deployment of HTTP Event Collector data
- Configure an Elastic Load Balancer for the Splunk Add-on for Amazon Kinesis Firehose
- Set up and use HTTP Event Collector
Learn more about security
Configure your indexer to use your certificates in Securing Splunk Enterprise.
Validate your data
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10