We have many applications in our environment. All those logs are monitored by cloud watch. Is there any way that alerts data can be sent from AWS Cloud watch to Splunk?
Thank you for your response.
We have SNOW version older version which Splunk doesn't support for integrating. For this reason, we integrated cloud watch with SNOW to perform alert actions.
Now, can we send only performance data and other logs from cloud watch to Splunk ? rather than sending alert, which as you told not required.
Here's a start on documentation on the Splunk Add On for AWS:
http://docs.splunk.com/Documentation/AddOns/latest/AWS/ConfigureInputs
Specific to CloudWatch: http://docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatch
To have the add-on installed in your cloud instance, you'll need to open a ticket with Splunk Support.
Apologies, meant to state as well that sending an alert to Splunk and having it action on it could be possible by sending data (via a script, or file, or TCP/UDP flow) to Splunk, then having an alert in Splunk action on the (AWS Cloudwatch alert) data being sent it. But I needed to ask, what is the underlying business/technical reason you would wish to have an alert from AWS Cloudwatch be actioned on by Splunk? Splunk could instead simply ingest the data from AWS Cloudwatch and perform the alerting for you itself.
Thank you for your response.
We have SNOW older version, which couldn't be integrated with Splunk. and so done it with cloud watch to create alarms.
Now can performance data and other log data be sent to Splunk from cloud watch? with out any alert information?