-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Paul Reeves edited this page May 16, 2022
·
24 revisions
The Splunk AWS GDI Toolkit is a set of resources designed to organizations easily ingest data from AWS into Splunk to improve visibility, observability, and monitoring from AWS accounts. The toolkit consists of a series of CloudFormationt templates to enable service and get the data from those services into Splunk. These templates can also serve as a reference or starting point for organizations looking for use-cases that aren't exactly met by the Splunk AWS GDI Toolkit.
The goals of this toolkit are to:
- Augment the Splunk Cloud Data Manager with CloudFormation templates to enable pre-requisites for getting data in from single AWS accounts.
- Follow AWS best practices for getting data in from multiple AWS accounts utilizing AWS Organizations.
- Combine the best of Splunk Cloud Data Manager, Splunk Trumpet, and Grand Central.
PRs are open, and feel free to reach out to me over the Splunk Usergroups Slack if you have questions, comments, or concerns!
graph TD;
start([Start here])
usingOrg{Are you using AWS Organization and/or Landing Zones?}
costOrLtency{Do you want to minimize lowering cost or data latency?}
SCDM([Use Data Manager, referencing the CloudFormation Templates here for prerequisites])
sAWSGDITK([Use the CoudFormation Templates here])
start-->usingOrg
usingOrg-->|No|costOrLtency
costOrLtency-->|Minimize latency|SCDM
costOrLtency-->|Minimize cost|sAWSGDITK
usingOrg-->|Yes|sAWSGDITK