Splunk Add-on for Amazon Web Services (AWS)
By Splunk LLC
The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.
If you use both the Splunk Add-on for Amazon Security Lake as well as the Splunk Add-on for AWS on the same Splunk instance, then you must uninstall the Splunk Add-on for Amazon Security Lake before upgrading the Splunk Add-on for AWS to version 7.0.0 or later in order to avoid any data duplication and discrepancy issues.
__________________________________________________________________________________________________________
Ingesting data from AWS to Splunk Cloud? Have you tried the new Splunk Data Manager yet? Data Manager makes AWS data ingestion simpler, more automated and centrally managed for you, while co-existing with AWS and/or Kinesis TAs. Read our blog post to learn more about Data Manager and it’s availability on your Splunk Cloud instance: https://splk.it/3e9F863
__________________________________________________________________________________________________________
The Splunk Add-on for Amazon Web Services allows a Splunk software administrator to collect:
* Configuration snapshots, configuration changes, and historical configuration data from the AWS Config service.
* Metadata for your AWS EC2 instances, reserved instances, and EBS snapshots.
* Compliance details, compliance summary, and evaluation status of your AWS Config Rules.
* Assessment Runs and Findings data from the Amazon Inspector service.
* Management and change events from the AWS CloudTrail service.
* VPC flow logs and other logs from the CloudWatch Logs service.
* Performance and billing metrics from the AWS CloudWatch service.
* Billing reports that you have configured in AWS.
* S3, CloudFront, and ELB access logs.
* Generic data from your S3 buckets.
* Generic data from your Kinesis streams.
* Generic data from SQS.
* Security events from Amazon Security Lake
This add-on provides modular inputs and CIM-compatible knowledge to use with other apps, such as the Splunk App for AWS, Splunk Enterprise Security and Splunk IT Service Intelligence.
Versions 5.0.0 and later of the Splunk Add-on for AWS is compatible only with Splunk Enterprise version 8.0.0 and above.