Use cases for the Splunk Add-on for AWS¶
Use the Splunk Add-on for AWS to collect data on Amazon Web Services. The Splunk Add-on for AWS offers pretested add-on inputs for four main use cases, but you can create an input manually for a miscellaneous Amazon Web Service. See Configure miscellaneous inputs for the Splunk Add-on for AWS.
See the following table for use cases and corresponding add-on collection methods:
Use case |
Add-on inputs |
|---|---|
Use the Splunk Add-on for AWS to calculate the cost of your Amazon Web Service usage over different lengths of time. |
|
Use the Splunk Add-on for AWS to push CloudTrail log data to the Splunk platform. CloudTrail allows you to audit your AWS account. |
|
Use the Splunk Add-on for AWS to push IT and performance data on your Amazon Web Service into the Splunk platform. |
|
Use the Splunk Add-on for AWS to push security data on your Amazon Web Service into the Splunk platform. |
|
Consider push-based versus pull-based data collection for the Splunk Add-on for AWS¶
The Splunk Add-on for Amazon Web Services supports both push-based and pull-based data collection for the following vendor products: Amazon Kinesis Firehose data, CloudWatch, VPC Flow Logs, Transit Gateway Flow Logs, AWS CloudTrail, GuardDuty, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Security Hub findings events.
See the following table to understand the data collection differences:
| Push Data | Pull Data |
|---|---|
| For high volume, streaming data. | For low volume, rarely changing data. |
| If high availability and scale are required for your deployment. | For normal availability and scale. |
| Sends data directly to indexers so you do not need to manage forwarders. | Unless your deployment is in Splunk Cloud, you must manage the forwarders. |