Splunk App for AWS

To collect data from AWS install the Splunk App for AWS plugin.

The app currently can collect information from

  • AWS Config,
  • Config Rules,
  • CloudTrail,
  • Inspector,
  • CloudWatch,
  • CloudWatch Logs,
  • Billing,
  • S3,
  • Kinesis,
  • Metadata.

New data source

To set up a new data source, click the Set up button

Already set up data source

To add a new input to the data source, click the New Input button

To view the list of existing inputs, click the link in the section

To view the settings of an existing input, click the name of the input, to add a new input, click the Add Input button. There is no way to edit the settings of existing inputs, to make changes, create a new input. There is also no method to disable an existing input, to stop the data collection, delete the input in the Action column.

S3

To read and process files from S3, select the S3 data source.

To select the Source Type click the Source Type field. If the source type is in the list, select it.

To add a source type, not in the list, enter the name into the text box, and click the generated link under the text box.

To collect the data more frequently than the default 30-minute interval, click the Advanced Settings link and enter the interval in seconds.

 

Leave a Reply