Connect AWS to Splunk Observability Cloud 🔗
You have several data ingestion and connection methods when it comes to monitoring your Amazon Web Services (AWS) data in Splunk Observability Cloud.
Note
If you want to send AWS data to the Splunk platform, use the Splunk add-on. Learn more at Splunk Add-on for AWS .
Before you start, see AWS authentication, permissions, and supported regions, and check the Supported AWS integrations in Splunk Observability Cloud.
See a comparison of the connection options at Compare AWS connection options, and choose the connection method that best matches your needs:
Connection option |
Available at |
---|---|
Use either the Splunk Observability Cloud UI guided setup or the Splunk Observability Cloud API. |
|
Use either the Splunk Observability Cloud UI guided setup or the Splunk Observability Cloud API. |
|
Connect and manage Metric Streams from the AWS console. |
|
If you already manage your infrastructure as code, continue deploying through Splunk Terraform. |
Note
If you can’t connect AWS to Splunk Observability Cloud, see Troubleshoot your AWS connection.
There are constraints to consider in terms of high data volume and filtering.
After you create an AWS integration, if it retrieves more than 100,000 metrics from CloudWatch, Splunk Observability Cloud automatically deactivates the integration and sends you a warning email.
This check runs once per integration. If you activate the integration afterwards, it will work correctly.
You can deactivate this check by setting the enableCheckLargeVolume
field in the AWS integration to false
using the API. See the API reference guide in the Splunk Observability developer docs.
If you filter data based on tags, your costs for Amazon CloudWatch and Splunk Infrastructure Monitoring might decrease.
Be careful when choosing tag names. Splunk Observability Cloud allows only alphanumeric characters, and the underscore ( _
) and minus ( -
) symbols. Spaces are replaced by the underscore character.
These characters are unsupported:
periods (
.
)colons (
:
)forward slashes (
/
)equal signs (
=
)plus signs (
+
)at symbols (
@
)
CloudWatch Metric Streams supports filtering by namespace and metric name but doesn’t support filtering based on resource tags.
Caution
Splunk is not responsible for data availability, and it can take up to several minutes or longer, depending on your configuration, from the time you connect until you start seeing valid data from your account.
By default, Splunk Observability Cloud brings in data from all supported AWS services associated with your account. See Supported integrations in Splunk Observability Cloud.
To limit the amount of data to import, see Specify and limit the data and metadata to import.
In most cases, metrics are reported every minute. However, some services use a different cadence. For example, selected S3 metrics are reported on a daily basis. Check the AWS documentation to verify how often your services’ metrics are reported.
Collecting Amazon CloudWatch metrics through the polling APIs at the default polling rate of 300 seconds (5 minutes) is usually cheaper than using Metric Streams. On the other hand, if you set polling intervals to 1 minute, generally you see an increase in Amazon CloudWatch usage costs compared to Metric Streams.
Learn more at Costs for AWS monitoring.
To take advantage of the full benefits of the Splunk Observability Cloud platform, install the Splunk Distribution of the OpenTelemetry Collector.
To track the degree of OpenTelemetry enablement in your AWS integrations:
From Splunk Observability Cloud, go to Data Management > AWS.
Select OpenTelemetry Enabled to see whether the OTel Collector is installed on each AWS EC2 instance. This helps you identify the instances that still need to be instrumented. For instances that are successfully instrumented, you can see which version of the OTel Collector is deployed.

Splunk Observability Cloud also offers secured connectivity with AWS. For more information, see Private Connectivity using AWS PrivateLink.
See Leverage data from integration with AWS ffor an overview of what you can do after you connect Splunk Observability Cloud to AWS.
Find instructions on how to import AWS metrics and metadata or AWS tag and log information using namespaces and filters at Monitor AWS services.
Refer to the AWS official documentation for a list of the available AWS metrics and other data, or read about the metadata Splunk Observability Cloud can provide at AWS CloudWatch metadata.
To collect traces and metrics of your AWS Lambda functions for Splunk APM, see Instrument AWS Lambda functions for Splunk Observability Cloud.