icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Multicloud Cost Management for Splunk
SHA256 checksum (multicloud-cost-management-for-splunk_130.tgz) f5f3ad393dc02ac8efaeb2ecb51f191b49945de9d133c7bba3e308f8a978d318 SHA256 checksum (multicloud-cost-management-for-splunk_121.tgz) 623f9ba3f2e2a0d782fe67906aed37c324dd2bbe4f5daec671f2d072e933f269 SHA256 checksum (multicloud-cost-management-for-splunk_111.tgz) fdfe95007d656e445d9a73c2a834a4b4ff217cff1f22d71b932737b98a64a776 SHA256 checksum (multicloud-cost-management-for-splunk_102.tgz) 7860e7de3abe7c69512ff18b381cf91fc7789131900732ca343f8a5606c736d4 SHA256 checksum (multicloud-cost-management-for-splunk_10.tgz) 896ef9e2a56b6dde85fe890385307245936a4eac4f766dc8d9edb7aada561622
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Multicloud Cost Management for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
The Multi-cloud Cost Management for Splunk App is designed to give insights into your spending across cloud services. It allows you to see which services are costing money unnecessarily in an attempt to make recommendations as where to make a reduction in spending throughout your Cloud Environments. The current cloud services that are supported are Amazon Web Services, Windows Azure, and Google Cloud.

This app provides a set of dashboards and saved searches to help to give insights into where savings could be found within your cross-cloud infrastructure without reducing the performance.

This app retrieves up to date costing from AWS, Azure and GCP using API calls to give accurate cost saving estimates based on recommendations regarding changes to your Cloud Infrastructure.

GBP and USD conversion is support across all cost estimations and summations. Conversion rates are onboarded hourly by default. Default values are also configurable. Fuctionality is also set to change the conversion rate on the fly.

General Spending Overview - Shows historic spending trending

VM Instances - Shows data regarding unused VM's and what component of this VM is costing money

VM Utilization - Shows system utilization statistics suggesting which VM's should be investigated for downsizing

Volumes - Summarizes data surrounding unattached volumes and the accumulated cost of these

Elastic IPs - Displays information regarding both unused and unattached public ip addresses that cost money through reservation charges

Cloud Billing v1.2.0
This cloud billing app is designed to give insights into your spending with cloud services. It allows you to see which services are costing money unnecessarily across AWS, Azure and Google Cloud environments.
It is important to note that this app will work for ANY combination of the previously mentioned Cloud Environments set up. ALL of them are optional. If you do not have all of these Cloud environments, only follow the instructions for the specific cloud environment(s) that you have.

1. Install the Splunk AWS TA from Splunkbase ensuring that the following sourcetypes are populated correctly and being sent to an appropriate index:

  1. Install and configure the following Azure TA's. Do not change the default sourcetypes utilised by these TA's.

    Splunk Add-on for Microsoft Cloud Services: https://splunkbase.splunk.com/app/3110/
    Microsoft Azure Billing and Usage Add-on for Splunk: https://splunkbase.splunk.com/app/4109/
    Microsoft Azure Billing Add-on for Splunk: https://splunkbase.splunk.com/app/4103/

Install and configure the Splunk Add-on for Google Cloud Platform from Splunkbase.

Configuration in GCP is imperative to get the TA working appropriately. Info on configuring a Service Account can be found here.
In order to populate this app fully, all three of the input types will need to be utilized. Billing Data, CPU data and asset inventory data are all required.

First configure your billing data. On your GCP project, create a service account and create a key. Give it access to read buckets. Create a bucket in Storage. Navigate to Billing->Billing Export. Click File Export. Set Bucket name to the one that you just created. Set a report prefix and format type (either will do). Then, in the GCP TA, configure the credentials for the service account that you created with read access to the bucket and set the report prefix.
Next configure your cpu data monitoring. Using a service account that has the correct read access, configure the Cloud monitoring input in the Google Cloud TA with the monitoring metric "compute.googleapis.com/instance/cpu/utilization"
Finally, we will set up the asset inventory data onboarding. Unfortunately, there is at present no default way to onboard this data, so we have to create a publish/subscription service to send the data to Splunk. Detailed information on how to do this can be found in the README of this app and below.

Due to the way that GCP stores and allows the publication of data with service accounts, this Process must be repeated in each Project that you want to be monitored in the Splunk Multicloud Billing App.

Create a service account eg asset-inventory-svc-account@operating-ally-123456.iam.gserviceaccount.com
Create a key
Give it access to : Cloud Asset Viewer, Cloud Asset Feeds Create, Cloud Asset Assets Export Resource, Storage Object Creator, Pub/Sub Publisher

Create a storage bucket
Name the bucket (e.g. gs://asset-inventory-bucket)
Set lifecycle on objects in bucket
Set age of object
Set action to delete

Create a Pub/Sub Topic
Topic Name contains the project id and topic id: e.g. project/operating-ally-123456/topics/asset-inventory-topic

Create a Pub/Sub Subscription
This will be the Link to Splunk

Create a streaming Dataflow -> storage to pubsub
Create a job from template
Name the Job
Choose the Dataflow Template - Text Files on Cloud Storage to Cloud Pub/Sub
Input Cloud Storage File(s) - name the storage bucket that you created earlier and specify a pattern for objects created (eg. gs://asset-inventory-bucket/asset-list-.json)
Choose the Ouput Pub/Sub Topic - name the pub sub topic you created earlier (eg. project/operating-ally-123456/topics/asset-inventory-topic)

Create a micro instance (make sure it is free tier to not ensue costs)

Associate Service Account to VM
take service account private key json and store on vm
Activate service account on vm
gcloud auth activate-service-account asset-inventory-svc-account@operating-ally-123456.iam.gserviceaccount.com --key-file=key.json

Write a bash script that creates buckets in the storage with asset inventory snapshot

$ cat get-asset-inventory.sh


datetime=$(date "+%F-%T")
for project in $(gcloud projects list --format="value(project_id)" --quiet)
gcloud asset export --content-type resource --project $project --output-path "gs://asset-inventory-bucket/asset-list-$project-$datetime.json"

Set up a cron job to run the script
crontab -e
0 *
* /directory/to/script/get-asset-inventory.sh
This example returns the asset inventory every hour

(OPTIONAL) Enable Monitoring Asset Changes - This means that any updates to your environment are picked up immediately. All assets are registered at an interval set by you in the crontab above.
gcloud asset feeds create asset-inventory-feed --project=operating-ally-123456 --content-type=resource --asset-types="compute.googleapis.com/Disk","compute.googleapis.com/Instance","compute.googleapis.com/Address",\
"compute.googleapis.com/RegionDisk" --pubsub-topic="project/operating-ally-123456/topics/asset-inventory-topic"

Configure Splunk GCP TA inputs to use the Cloud Pub/Sub Service monitoring the correct Subscription


Installation Instructions

Download the app from Splunkbase.
Either unpack the app in $SPLUNK_HOME/etc/app or install the app from file using the App Manager Page.
First, go to the Inputs of this app, and input the appropriate information to onboard Azure, Google Cloud or AWS prices.
Configure the macro aws_index to search the index/indexes where your AWS data is stored.
Configure the macro azure_index to search the index/indexes where your Azure data is stored.
Configure the macro gcp_index to search the index/indexes where your Google Cloud data is stored.
This can be found in Settings -> Advanced Search -> Macros

Contact Information
For any enquiries or requests for more customised billing, alerting and prediction please contact: apto_support@aptosolutions.co.uk

Release Notes

Version 1.3.0
May 19, 2020

Now compatible with Python 3 and Splunk version 8

Version 1.2.1
March 2, 2020

Allows aggregation of AWS, Azure AND Google Cloud Billing Data.

Version 1.1.1
Jan. 8, 2020

Now with the inclusion of data from Microsoft Azure Billing

Version 1.0.2
July 22, 2019

Minor Fixes - savedsearch ownership

Version 1.0
July 15, 2019

Initial release. First version for AWS only, Azure coming soon.


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.