Docs » Connect to your cloud service provider » Connect AWS to Splunk Observability Cloud

Connect AWS to Splunk Observability Cloud 🔗

You have several data ingestion and connection methods when it comes to monitoring your Amazon Web Services (AWS) data in Splunk Observability Cloud.

Note

If you want to send AWS data to the Splunk platform, use the Splunk add-on. Learn more at Splunk Add-on for AWS .

Before you start, see AWS authentication, permissions, and supported regions, and check the Supported AWS integrations in Splunk Observability Cloud.

Available options to connect with AWS

See a comparison of the connection options at Compare AWS connection options, and choose the connection method that best matches your needs:

Connection option

Available at

Polling (default)

Use either the Splunk Observability Cloud UI guided setup or the Splunk Observability Cloud API.

Streaming (Splunk-managed)

Use either the Splunk Observability Cloud UI guided setup or the Splunk Observability Cloud API.

Streaming (AWS-managed)

Connect and manage Metric Streams from the AWS console.

Managing your infrastructure as code (Splunk Terraform)

If you already manage your infrastructure as code, continue deploying through Splunk Terraform.

Note

If you can’t connect AWS to Splunk Observability Cloud, see Troubleshoot your AWS connection.

Constraints and limitations for data polling

There are constraints to consider in terms of high data volume and filtering.

High data volume warning

After you create an AWS integration, if it retrieves more than 100,000 metrics from CloudWatch, Splunk Observability Cloud automatically deactivates the integration and sends you a warning email.

This check runs once per integration. If you activate the integration afterwards, it will work correctly.

You can deactivate this check by setting the enableCheckLargeVolume field in the AWS integration to false using the API. See the API reference guide in the Splunk Observability developer docs.

Tag filtering

If you filter data based on tags, your costs for Amazon CloudWatch and Splunk Infrastructure Monitoring might decrease. Read more at Control the data and metadata to import.

Be careful when choosing tag names. Splunk Observability Cloud only allows alphanumeric characters (lower and upper case latin letters and digits), the underscore ( _ ) and the minus/hyphen ( - ) symbols. Spaces and unsupported characters are replaced by the underscore character.

The following characters are not supported. This list is not exhaustive.

  • periods ( . )

  • colons ( : )

  • forward slashes ( / )

  • equal signs ( = )

  • plus signs ( + )

  • at symbols ( @ )

Constraints and limitations for streaming

CloudWatch Metric Streams supports filtering by namespace and metric name but doesn’t support filtering based on resource tags.

Imported data

By default, Splunk Observability Cloud brings in data from all supported AWS services associated with your account. See Supported integrations in Splunk Observability Cloud.

To manage the amount of data to import, see Manage Amazon Web Services data import.

Data availability

Caution

Splunk Observability Cloud is not responsible for data availability.

Depending on your configuration, it might take up to several minutes from the time you connect until you start seeing valid data from your account.

If you’re streaming data with Metric Streams, the configured buffering settings on the Kinesis Data Firehose delivery stream determine how long it takes for data to appear.

  • Buffering is expressed in maximum payload size or maximum wait time, whichever is reached first.

  • If set to the minimum values (60 seconds or 1MB) the expected latency is within 3 minutes if the selected CloudWatch namespaces have active streams.

Data collection interval and costs

In most cases, metrics are reported every minute. However, some services use a different cadence. For example, selected S3 metrics are reported on a daily basis. Check the AWS documentation to verify how often your services’ metrics are reported.

Collecting Amazon CloudWatch metrics through the polling APIs at the default polling rate of 300 seconds (5 minutes) is usually cheaper than using Metric Streams. On the other hand, if you set polling intervals to 1 minute, generally you see an increase in Amazon CloudWatch usage costs compared to Metric Streams.

Learn more at Costs for AWS monitoring.

Install the Splunk Distribution of OpenTelemetry Collector

To take advantage of the full benefits of the Splunk Observability Cloud platform, install the Splunk Distribution of the OpenTelemetry Collector.

Track your OpenTelemetry enablement

To track the degree of OpenTelemetry enablement in your AWS integrations:

  1. From Splunk Observability Cloud, go to Data Management > Deployed integrations > AWS.

  2. Select either the AWS EC2 or AWS EKS tabs to see whether the OTel Collector is installed on each AWS EC2 instance or AWS EKS cluster. This helps you identify the instances that still need to be instrumented.

Amount of AWS entities with the Collector installed.
  1. For OTel Collector instances that are successfully instrumented, you can see which version of the Collector is deployed.

Collector enablement in AWS EKS, with information on version installed

Private connectivity

Splunk Observability Cloud also offers secured connectivity with AWS. For more information, see Private Connectivity using AWS PrivateLink.

See also