Introducing the new Splunk App for AWS

Today we’re excited to announce the release of a fully re-written and much expanded Splunk App for AWS. Get it here and gain immediate operational assurance and visibility for your AWS-hosted infrastructure.

What’s new with the app?

  •  Works with Splunk Add-on for Amazon Web Services
  • New dashboards and visualizations for AWS Cloudtrail
  • New alerts for AWS CloudTrail
  • New dashboards and visualizations for AWS Config
  • Billing Reports provided by Splunk Add-on for Amazon Web Services

AWS CloudTrail
AWS CloudTrail records user API activity and related events for your AWS account. Using the <Splunk Add-on for Amazon Web Services> you can retrieve details about the actions made by the caller, including the caller’s identity, the time of the call, the request and response parameters and more. The Splunk App for AWS uses these events to drive a set of dashoards that provide friendly visualizations and insights for various operational aspects such as security, networking, storage and user activity tracking.


AWS Config
AWS Config is a new service from AWS that delivers configuration change notifications of your AWS resources. The new Splunk App for AWS helps you get the visility you need on how your different AWS resources are related to each other and how their respective configurations (including states and relationships) have changed over time. Additionally, you can understand how these resources are currently configured, how they were configured in the past and determine whether or not a change to one resource affected other resources.

Using Config and CloudTrail in tandem you get a fully correlated picture of resource changes and user activity for your audit and security purposes. For example, you can use Foobar dashboards to detect that a certain ACL/Security Group allows web traffic through to your database servers while with CloudTrail you can identify the user who committed the change.

SplunkAWSApp - Config Overview -  Splunk 2014-11-05

SplunkAWSApp - Topology (experimental)   Splunk 2014-11-05

Billing Reports
The App also links to Billing reports provided by Splunk Add-on for Amazon Web Services. For information on how to enable billing and see associated reports please see here.

Get the new app here. The Documentation tab in the page contains information on how to install and configure the app. The app is community supported – if you have any questions or should you require any assistance please feel free to post on Splunk Answers. Enjoy it!

Dritan Bitincka

Posted by