Connect to AWS and send data to Splunk Observability Cloud 🔗
As a system administrator who wants to leverage the power of full-fidelity data monitoring across your infrastructure, you can establish a connection with AWS and then set the following configuration options to complete the integration:
Select Amazon Web Services (AWS) regions to collect data from
Enable the ingestion of metrics through polling or streaming
Decide whether to process information about application logs
Following configuration, you can use Amazon CloudWatch to import metrics and logs from supported AWS services into Splunk Observability Cloud, and analyze your data using Observability Cloud tools.
To connect Splunk Observability Cloud to AWS, follow these steps:
Plan the integration
Choose and use a connection option
Configure your connection
To connect AWS to Observability Cloud and integrate those platforms, you must meet the following prerequisites:
Administrator privileges in Observability Cloud and your AWS accounts
One of the following authentication methods:
An AWS IAM role and an external ID from Observability Cloud
A secure token, which combines an access key ID and a secret access key
The AWS GovCloud and China regions require a secure token for access. See Create and manage organization access tokens for more information.
Regardless of the connection option you choose, you can configure your system more efficiently if you decide beforehand what data types and sources you want.
Answer the following questions before you connect AWS to Splunk Observability Cloud to help you choose the most appropriate connection method and configuration settings:
Do I want to collect metrics through API polling at specified intervals, or through CloudWatch Metric Streams? (You configure through the Observability API to support CloudWatch Metric Streams)
Do I want to collect logs in addition to metrics? (If yes, then include logs while configuring through the API or when given that option while performing a guided setup)
You can connect Observability Cloud to AWS in several different ways. Choose the connection method that best matches your needs:
Reason for using this method
Connect to AWS using the guided setup in Splunk Observability Cloud
Guides you step-by-step to set up an AWS connection and default configuration in Observability Cloud. Guided setup includes links to Amazon CloudFormation templates that you can select to create needed AWS IAM roles.
Connect to AWS using the Splunk Observability Cloud API
Requires knowledge of POST and PUT call syntax, but includes options and automation that are not part of the guided setup. Choose this method if you want to configure many integrations at once, or enable CloudWatch Metric Streams rather than polling for metrics data.
Connect to AWS using Splunk Terraform
Can be used if you already manage your infrastructure as code by deploying through Terraform.
If you can’t connect AWS to Splunk Observability Cloud, see Troubleshoot your AWS connection.
CloudWatch Metric Streams send metrics to a Kinesis Data Firehose stream, so you can see and act on them faster than is possible when metrics are collected by polling the API at specified intervals, because stream functionality greatly reduces latency. Each metric stream generates its own set of metrics. See Low Latency Observability Into AWS Services With Splunk in the DevOps blog for more information.
Although metric streams are more efficient than API polling, CloudWatch metric streams also have constraints you should consider.
Collection interval 🔗
CloudWatch Metric Streams continually stream Amazon CloudWatch metrics as soon as they are published. In most cases, the metrics are published once per minute. For customers currently collecting Amazon CloudWatch metrics at the default polling rate of 300 seconds (5 minutes), this difference in intervals results in more data being collected from Amazon CloudWatch. This increase in data rate typically increases Amazon CloudWatch usage costs. Customers already polling at 1-minute intervals generally see a slight decrease in Amazon CloudWatch usage costs.
Tag filtering 🔗
CloudWatch Metric Streams do not support filtering based on resource tags. Configuration applies to individual services, and all resources that report metrics from a configured service stream those metrics. If you filter data based on tags, your costs for Amazon CloudWatch and Splunk Infrastructure Monitoring might increase.
See After connecting to AWS for an overview of the actions you can perform after you connect Observability Cloud to AWS.
See AWS metrics for a list of the available AWS resources.
For instructions on how to import AWS metrics and metadata or AWS tag and log information using namespaces and filters, see Monitor Amazon Web Service.