Splunk can collect a lot of the Amazon Web Services (AWS) data. But I see many items on Splunkbase for AWS technologies. Is there a complete list of apps and when to use each?
The Splunk-created solutions fall into the following categories:
For more information about the technology an app or add-on targets, see its related documentation.
These add-ons collect data from AWS platforms and have knowledge objects that provide insights into data from AWS platforms. Splunk administrators use these add-ons with their companion apps, other Splunk solutions, or with ad-hoc searches. Except where noted, the following add-ons are built and supported by Splunk:
Trumpet is a prototype for AWS to Splunk automation. It's not a Splunk-supported solution but is available as an open source tool. Trumpet leverages AWS CloudFormation to set up the AWS infrastructure needed to push AWS CloudTrail, AWS Config, and AWS GuardDuty data to Splunk using HTTP Event Collector (HEC). Refer to the
README.md within the GitHub project for details about using Trumpet.
These apps provide specific insights into AWS-related data. They leverage many of the add-ons listed above to collect and enrich AWS-related data. Refer to their documentation for specific add-on dependencies. The following add-ons are built and supported by Splunk:
Again, these are paid solutions that require an additional license. However, we've included then in this answer because they are effective and can enhance any deployment!
Now that we have a list of AWS-related apps and add-ons, we'll work with our experts to collect best practices content. Follow this question to stay in-the-know!