All Apps and Add-ons
Highlighted

What are the Splunk apps and add-ons for AWS technologies, and what do I use them for?

Ultra Champion

Splunk can collect a lot of the Amazon Web Services (AWS) data. But I see many items on Splunkbase for AWS technologies. Is there a complete list of apps and when to use each?

0 Karma
Highlighted

Re: What are the Splunk apps and add-ons for AWS technologies, and what do I use them for?

Ultra Champion

The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.

Sure thing! We partnered with the experts to track down all AWS-related apps and add-ons built by Splunk. Here's a direct link to many of them!

The Splunk-created solutions fall into the following categories:

  • Add-ons for data collection and enrichment - Add-ons that collect and enrich AWS-related data. Use these add-ons with their companion apps, other Splunk solutions, or for ad-hoc searches.
  • Apps for data insights - Apps that focus on specific insights from AWS-related data. These apps are powered by one or more of the add-ons in the data collection and enrichment list.
  • Premium apps for data insight - Apps that provide valuable solutions tailored to specific use cases. These are paid solutions that require an additional license.

For more information about the technology an app or add-on targets, see its related documentation.

Add-ons for data collection and enrichment

These add-ons collect data from AWS platforms and have knowledge objects that provide insights into data from AWS platforms. Splunk administrators use these add-ons with their companion apps, other Splunk solutions, or with ad-hoc searches. Except where noted, the following add-ons are built and supported by Splunk:

  • Splunk Add-on for Amazon Web Services - This add-on has modular inputs to collect AWS data and common information model-compatible knowledge to use with other apps, such as the Splunk App for AWS, Splunk Enterprise Security and Splunk IT Service Intelligence.
  • Splunk Add-on for Amazon Kinesis Firehose - This add-on collects AWS CloudTrail, VPC Flow Logs, CloudWatch events, and raw or JSON data from Amazon Kinesis Firehose. It also contains knowledge objects for GuardDuty data via Amazon CloudWatch Events.
  • Amazon GuardDuty Add-on for Splunk - No longer supported by Splunk because the knowledge objects were moved into the Splunk Add-on for Amazon Kinesis Firehose. This add-on introduced knowledge objects for GuardDuty data using Amazon CloudWatch Events.
  • Splunk DB Connect - The best solution for working with databases in Splunk. This add-on has modular inputs to collect data to help Splunk admins quickly integrate structured data sources with Splunk. Splunk DB Connect supports many databases including AWS Aurora and AWS RedShift.

Trumpet is a prototype for AWS to Splunk automation. It's not a Splunk-supported solution but is available as an open source tool. Trumpet leverages AWS CloudFormation to set up the AWS infrastructure needed to push AWS CloudTrail, AWS Config, and AWS GuardDuty data to Splunk using HTTP Event Collector (HEC). Refer to the README.md within the GitHub project for details about using Trumpet.

Automating AWS Data Ingestion into Splunk with Project Trumpet

Apps for data insights

These apps provide specific insights into AWS-related data. They leverage many of the add-ons listed above to collect and enrich AWS-related data. Refer to their documentation for specific add-on dependencies. The following add-ons are built and supported by Splunk:

  • Splunk App for AWS - A rich set of pre-built dashboards and reports to analyze and visualize data from numerous AWS services. If you are not already a Splunk customer, check out the Splunk® Insights for AWS Cloud Monitoring, a standalone point solution that includes the Splunk App for AWS to see what's happening in AWS deployments and gives users end-to-end security, operational and cost-management insights.
  • Splunk App for Infrastructure - Supplements the Splunk for AWS app by unifying and correlating logs and metrics. This app provides a seamless experience for hybrid (cloud and on-premise) infrastructure monitoring and troubleshooting regardless of the operating system.

Premium Apps for data insights

Again, these are paid solutions that require an additional license. However, we've included then in this answer because they are effective and can enhance any deployment!

  • Splunk IT Service Intelligence - A monitoring and analytics solution powered by artificial intelligence for IT Operations (AIOps) that provides visibility into health and key performance indicators (KPIs) of critical IT and business services and their hybrid (cloud and on-premise) infrastructure, regardless of operating system.
  • Splunk Enterprise Security - The nerve center of the security ecosystem, Splunk Enterprise Security gives teams the insight to quickly detect and respond to internal and external attacks, simplify threat management to minimize risk from hybrid (cloud and on-premise) infrastructure, regardless of operating system.

Now that we have a list of AWS-related apps and add-ons, we'll work with our experts to collect best practices content. Follow this question to stay in-the-know!

View solution in original post

Highlighted

Re: What are the Splunk apps and add-ons for AWS technologies, and what do I use them for?

Splunk Employee
Splunk Employee

Added related video.

0 Karma