- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- AWS Cloud Watch Metrics into Splunk Cloud
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have read multiple threads about getting data into Splunk but just about every one is for Splunk on-prem and not Cloud. Right now, I get most of my data in using multiple HEC's (Http Event Collector) as well as Kineis Firehose via an HEC as well.
I would like to start off with getting ELB Metrics into Splunk and am looking for feedback as to the best way to get that data into Splunk. Should it be using the AWS add-on via a Heavy Forwarder? Somehow get the data into a Cloud Watch Log group (Maybe a Lambda Function) then forward with Kinesis Firehose to an HEC?
Any feedback on users who have done this or what Splunk recommends is now the best way of doing this would be greatly appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would recommend HEC - Kinesis Firehose - I have implemented both .
As I understand it - the Heavy Forwader method with soon be deprecated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks For Shere This Blog !!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would recommend HEC - Kinesis Firehose - I have implemented both .
As I understand it - the Heavy Forwader method with soon be deprecated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ty for the answer. Apparently, Splunk still recommends doing it this way:
https://www.splunk.com/blog/2018/10/30/working-with-aws-cloudwatch-metrics.html
It is using a Heavy forwarder with the AWS Add-On and the 'Splunk Metrics Workspace' app.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See the follwing :
Blockquote
Splunk strongly recommends against using the CloudWatch Logs inputs to collect VPC Flow Logs data (source type: aws:cloudwatchlogs:vpcflow) since the input type will be deprecated in upcoming releases. Configure Kinesis inputs to collect VPC Flow Logs instead. The add-on includes index-time logic to perform the correct knowledge extraction for these events through the Kinesis input as well.
Blockquote
https://docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
