Docs » Connect to your cloud service provider » Connect to AWS and send data to Splunk Observability Cloud

Connect to AWS and send data to Splunk Observability Cloud đź”—

Splunk Observability Cloud offers you several methods to connect and monitor Amazon Web Services (AWS), from a guided UI wizard to an extense API.

Before you start, see AWS authentication and supported regions, and check the list of AWS integrations available in Splunk Observability Cloud.

Read on to learn about data ingest options and available connection methods.

How to ingest AWS data in Splunk Observability Cloud¶

You have two ways to send AWS data to Splunk Observability Cloud:

Caution

CloudWatch Metric Streams supports filtering by namespace and metric name but doesn’t support filtering based on resource tags.

Poll data from AWS using CloudWatch APIs¶

You can poll data from AWS at specified intervals using CloudWatch APIs. Due to the CloudWatch metrics instability, for certain namespaces some metrics might be delayed a few minutes. See more in Configure API polling.

High data volume warning

After you create an AWS integration, if more than 100,000 metrics are retrieved from CloudWatch, Splunk Observability Cloud automatically deactivates the integration and sends you a warning email.

This check runs just once per integration. If you activate the integration afterwards, it will work correctly.

You can deactivate this check by setting the enableCheckLargeVolume field in the AWS integration to false using the API .

Tag filtering

If you filter data based on tags, your costs for Amazon CloudWatch and Splunk Infrastructure Monitoring might decrease.

Be careful when choosing tag names: Splunk Observability Cloud only allows alphanumeric characters, and the underscore and minus symbols. Unsupported characters include ., :, /, =, +, @, and spaces, which are replaced by the underscore character.

Use Metric Streams to forward data to Splunk Observability Cloud¶

Rather than polling for data, Metric Streams continually stream Amazon CloudWatch metrics to Splunk Observability Cloud. You can activate this option in the UI wizard, or through the API.

Although they’re more efficient than API polling, consider the constraints below.

Data collection interval and costs¶

In most cases, metrics are reported every minute. However, some services use a different cadence: For example, selected S3 metrics are reported on a daily basis. Check AWS documentation to verify how often your services’ metrics are reported.

Collecting Amazon CloudWatch metrics via the polling APIs at the default polling rate of 300 seconds (5 minutes) is generally cheaper than using Metric Streams. On the other hand, if you set polling intervals to one minute, generally you’ll see an increase in Amazon CloudWatch usage costs compared to Metric Streams.

Learn more at Amazon CloudWatch usage costs.

Connect with AWS¶

You can connect Splunk Observability Cloud to AWS in several ways. By default, Splunk Observability Cloud brings in data from all supported AWS services associated with your account. To limit the amount of data to import, see Specify and limit the data and metadata to import.

Caution

Splunk is not responsible for data availability, and it can take up to several minutes (or longer, depending on your configuration) from the time you connect until you start seeing valid data from your account.

Choose the connection method that best matches your needs:

Connection option

Why use this?

Guided setup in Splunk Observability Cloud

Guides you step-by-step to set up an AWS connection and default configuration in Splunk Observability Cloud. Guided setup includes links to Amazon CloudFormation templates that you can select to create needed AWS IAM roles.

Splunk Observability Cloud API

Requires knowledge of POST and PUT call syntax, but includes options and automation that are not part of the guided setup. Choose this method if you want to configure many integrations at once.

Splunk Terraform

Use this connection method if you already manage your infrastructure as code by deploying through Terraform.

If you can’t connect AWS to Splunk Observability Cloud, see Troubleshoot your AWS connection.

More options to connect with AWS

Observability Cloud also offers you the following options to connect to AWS:

Install the Splunk Distribution of OpenTelemetry Collector¶

To take advantage of the full benefits of the Splunk Observability Cloud platform, install the OpenTelemetry Collector, since it offers a higher degree of customization than the AWS integration.

You can track the degree of OpenTelemetry enablement in your AWS integrations by going to Data Management > AWS.

Amount of AWS entities with the Collector installed.

Select the OpenTelemetry Enabled button to see whether the Collector is installed on each AWS EC2 instance. This will help you identify the instances that still need to be instrumented. For instances that are successfully instrumented, you can see which version of the Collector is deployed.

Next steps¶