In our last blog, "Meet the Data Manager for Splunk Cloud," we announced the preview of Data Manager for Splunk Cloud. Today we are excited to announce the General Availability of Data Manager for Splunk Cloud!
As a refresher, Data Manager provides a simple, modern and automated experience of getting data in (GDI) for Splunk Cloud administrators, and reduces the time it takes to configure data collection (from hours/days to minutes). This is accomplished through a modern, intuitive and quicker data ingestion experience. Data Manager also enables administrators and data owners to onboard even more refined, more secure, and less noisy data, allowing them to make the most of Splunk’s rich data analytics products.
Note that in order to get started you must be a Splunk Cloud Platform customer with AWS as your provider and be part of one of the AWS regions (US East Virginia, US West Oregon, UK (London), Europe (Dublin, Frankfurt, Paris), Asia Pacific (Singapore, Sydney, Tokyo), and Canada (Central).
Here’s a view of the landing page when you log in to Data Manager:
The landing page shows the status, actions, and timestamps of data input sources and their corresponding destinations.
Below is an overview of the capabilities you’ll be able to access with Data Manager in this GA release:
- Configure, monitor, troubleshoot and manage data onboarding from AWS
- Support for critical AWS data sources including AWS GuardDuty, AWS Security Hub, IAMAccessAnalyzer, IAMCredentialReport, AWS Metadata and AWS CloudTrail, thereby enabling customers to generate insights related to security posture of their AWS environment, critical alerts, auditing, threat detection, governance, and cross account access
- Ability to configure data sources from single or multiple AWS accounts with Data Manager for the Splunk Cloud
- Automation for AWS pre-requisites & configuration
- Edit and delete your AWS data inputs easily for Data Manager
- Centralized data onboarding and troubleshooting from a single pane of glass
- Ability to tag the AWS resources used for ingesting data into Splunk using the Data Manager
The screenshot below shows how you can manage data onboarding for AWS sources from a single pane of glass:
In addition to this functionality, the data collection features are upgraded with an intuitive UI, simplification/automation of pre-requisites (e.g. scripts to set up pre-reqs in the data source) and rich, prebuilt content and add-ons. However, you’ll still have the ability to define rules and save them as templates to reuse or share.
Finally, an improved, standardized landing page will allow users to more seamlessly manage GDI configurations, and conduct investigations like health checks and monitoring.
We hope you enjoy using Data Manager as much as our preview customers have, and we look forward to hearing your feedback in the Splunk Community! You can learn more about the functionality in our Data Manager documentation.
Be sure to subscribe to our Community Product News and Announcements board to get notifications about new releases to Data Manager for AWS, as well as General Availability timelines for GCP and Azure. You can also catch a deeper dive into this functionality at our annual conference, .conf22 — register now!