Connect to AWS and send data to Splunk Observability Cloud đź”—
Splunk Observability Cloud offers you several methods to connect and monitor Amazon Web Services (AWS), from a guided UI wizard to an extense API.
Before you start, see AWS authentication and supported regions, and check the list of AWS integrations available in Splunk Observability Cloud.
Read on to learn about data ingest options and available connection methods.
You have two ways to send AWS data to Splunk Observability Cloud:
Through API polling at specified intervals.
Using CloudWatch Metric Streams.
Caution
CloudWatch Metric Streams supports filtering by namespace and metric name but doesn’t support filtering based on resource tags.
You can poll data from AWS at specified intervals using CloudWatch APIs. Due to the CloudWatch metrics instability, for certain namespaces some metrics might be delayed a few minutes. See more in Configure API polling.
After you create an AWS integration, if more than 100,000 metrics are retrieved from CloudWatch, Splunk Observability Cloud automatically deactivates the integration and sends you a warning email.
This check runs just once per integration. If you activate the integration afterwards, it will work correctly.
You can deactivate this check by setting the enableCheckLargeVolume
field in the AWS integration to false
using the API .
If you filter data based on tags, your costs for Amazon CloudWatch and Splunk Infrastructure Monitoring might decrease.
Be careful when choosing tag names: Splunk Observability Cloud only allows alphanumeric characters, and the underscore and minus symbols. Unsupported characters include .
, :
, /
, =
, +
, @
, and spaces, which are replaced by the underscore character.
Rather than polling for data, Metric Streams continually stream Amazon CloudWatch metrics to Splunk Observability Cloud. You can activate this option in the UI wizard, or through the API.
Although they’re more efficient than API polling, consider the constraints below.
In most cases, metrics are reported every minute. However, some services use a different cadence: For example, selected S3 metrics are reported on a daily basis. Check AWS documentation to verify how often your services’ metrics are reported.
Collecting Amazon CloudWatch metrics via the polling APIs at the default polling rate of 300 seconds (5 minutes) is generally cheaper than using Metric Streams. On the other hand, if you set polling intervals to one minute, generally you’ll see an increase in Amazon CloudWatch usage costs compared to Metric Streams.
Learn more at Amazon CloudWatch usage costs.
You can connect Splunk Observability Cloud to AWS in several ways. By default, Splunk Observability Cloud brings in data from all supported AWS services associated with your account. To limit the amount of data to import, see Specify and limit the data and metadata to import.
Caution
Splunk is not responsible for data availability, and it can take up to several minutes (or longer, depending on your configuration) from the time you connect until you start seeing valid data from your account.
Choose the connection method that best matches your needs:
Connection option |
Why use this? |
---|---|
Guided setup in Splunk Observability Cloud |
Guides you step-by-step to set up an AWS connection and default configuration in Splunk Observability Cloud. Guided setup includes links to Amazon CloudFormation templates that you can select to create needed AWS IAM roles. |
Requires knowledge of POST and PUT call syntax, but includes options and automation that are not part of the guided setup. Choose this method if you want to configure many integrations at once. |
|
Use this connection method if you already manage your infrastructure as code by deploying through Terraform. |
If you can’t connect AWS to Splunk Observability Cloud, see Troubleshoot your AWS connection.
Observability Cloud also offers you the following options to connect to AWS:
To take advantage of the full benefits of the Splunk Observability Cloud platform, install the OpenTelemetry Collector, since it offers a higher degree of customization than the AWS integration.
You can track the degree of OpenTelemetry enablement in your AWS integrations by going to Data Management > AWS.

Select the OpenTelemetry Enabled button to see whether the Collector is installed on each AWS EC2 instance. This will help you identify the instances that still need to be instrumented. For instances that are successfully instrumented, you can see which version of the Collector is deployed.
See Leverage data from integration with AWS for an overview of what you can do after you connect Splunk Observability Cloud to AWS.
Learn about our AWS Infrastructure Monitoring options. You’ll find instructions on how to import AWS metrics and metadata, or AWS tag and log information using namespaces and filters.
Refer to the AWS official documentation for a list of the available AWS metrics and other data, or read about the metadata we provide.
To collect traces and metrics of your AWS Lambda functions for Splunk APM, see Instrument AWS Lambda functions for Splunk Observability Cloud.