This post will go over the many ways to ingest data from AWS to Splunk Cloud. This includes ingesting data from AWS Services, from workloads running in AWS, and data stored inside of AWS Services or generated by AWS Services. This post will cover all the available options, reccomendations based on your requirements. This post does assume a certain basic understanding of AWS Services, and for implementation this requires assistance from an AWS Admin that has proper permissions to deploy the solution.

Push Method Ingestion:

Pull Method Ingestion:

Splunk Data Manager:

[AWS Orgs Centralized Ingestion][aws-org-ingestion]:

Disclaimer

The information shared is for general informational purposes only. I do not provide any warranty and recommend readers to test the content thoroughly before implementing it. Use the information at your own discretion and risk.

: https://docs.splunk.com/Documentation/AddOns/released/AWS/Description

https://splunkbase.splunk.com/app/1876

https://docs.splunk.com/Documentation/AddOns/released/AWS/UseCases

https://www.splunk.com/en_us/blog/tips-and-tricks/power-data-ingestion-into-splunk-using-amazon-kinesis-data-firehose.html?301=/blog/2018/01/12/power-data-ingestion-into-splunk-using-amazon-kinesis-data-firehose.html

https://aws.amazon.com/blogs/mt/ingest-aws-config-data-into-splunk-with-ease/

https://www.splunk.com/en_us/blog/platform/stream-your-aws-services-metrics-to-splunk.html [aws-org-ingestion]: https://blog.anmtrn.com/2023/Centralized-Logging-and-Monitoring-in-AWS-Environments-Leveraging-AWS-Organizations-with-Splunk/