Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to filter alert from AWS Cloud watch and send it to splunk?

swethaJ
New Member
‎03-10-2016 02:34 AM

We have many applications in our environment. All those logs are monitored by cloud watch. Is there any way that alerts data can be sent from AWS Cloud watch to Splunk?

Tags (1)
0 Karma
Reply

swethaJ
New Member
‎03-15-2016 12:31 AM

Thank you for your response.
We have SNOW version older version which Splunk doesn't support for integrating. For this reason, we integrated cloud watch with SNOW to perform alert actions.
Now, can we send only performance data and other logs from cloud watch to Splunk ? rather than sending alert, which as you told not required.

0 Karma
Reply

pgreer_splunk
Splunk Employee
Splunk Employee
‎03-10-2016 09:33 AM

Here's a start on documentation on the Splunk Add On for AWS:

http://docs.splunk.com/Documentation/AddOns/latest/AWS/ConfigureInputs

Specific to CloudWatch: http://docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatch

To have the add-on installed in your cloud instance, you'll need to open a ticket with Splunk Support.

0 Karma
Reply

pgreer_splunk
Splunk Employee
Splunk Employee
‎03-10-2016 09:42 AM

Apologies, meant to state as well that sending an alert to Splunk and having it action on it could be possible by sending data (via a script, or file, or TCP/UDP flow) to Splunk, then having an alert in Splunk action on the (AWS Cloudwatch alert) data being sent it. But I needed to ask, what is the underlying business/technical reason you would wish to have an alert from AWS Cloudwatch be actioned on by Splunk? Splunk could instead simply ingest the data from AWS Cloudwatch and perform the alerting for you itself.

0 Karma
Reply

swethaJ
New Member
‎03-15-2016 12:39 AM

Thank you for your response.
We have SNOW older version, which couldn't be integrated with Splunk. and so done it with cloud watch to create alarms.
Now can performance data and other log data be sent to Splunk from cloud watch? with out any alert information?

0 Karma
Reply
Get Updates on the Splunk Community!

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Top