Live Demo: Get full visibility of your AWS environment with CloudQuery Sign up ❯
Sign up ❯

CloudQuery

Back to source plugin

Sync data from AWS to Splunk

CloudQuery is the simple, fast data integration platform that can fetch your data from AWS APIs and load it into Splunk
AWS
Splunk

Trusted by

https://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/fastly.7b4d858a.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/zendesk.7797fa4d.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/infosys.ff0299e0.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/auroralabs.a19bd93a.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/palo_alto_networks.408311f5.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/instructure.dcb4ccf2.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/ridgeline.93285988.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/fastly.7b4d858a.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/zendesk.7797fa4d.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/infosys.ff0299e0.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/auroralabs.a19bd93a.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/palo_alto_networks.408311f5.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/instructure.dcb4ccf2.svghttps://cdn.cloudquery.io/hub/lvaxmnijg/_next/static/media/ridgeline.93285988.svg

Get a personalized demo

Book a demo and see how quickly CloudQuery delivers new and ongoing insights on your multi-cloud environments.

Video thumbnail
Enterprise ReadyCustomize & ExtendEnterprise Ready
Enterprise Ready
Customize & Extend
Query Assets with SQL

Non-invasive account access for better security and efficiency.

Import data with CloudQuery SDKs and build your own plugins.

Query cloud assets and security with a simple SQL-based UI.

Step by step guide for how to export data from AWS to Splunk

MacOSWindowsLinux
Table of Contents

MacOS Setup

Step 1: Install CloudQuery

To install CloudQuery, run the following command in your terminal:

brew install cloudquery/tap/cloudquery

Step 2: Create a Configuration File

Next, run the following command to initialize a sync configuration file for AWS to Splunk:

cloudquery init --source=aws --destination=splunk

This will generate a config file named aws_to_splunk.yaml. Follow the instructions to fill out the necessary fields to authenticate against your own environment.

Step 3: Log in to CloudQuery CLI

Next, log in to the CloudQuery CLI. If you have't already, you can sign up for a free account as part of this step:

cloudquery login

Step 4: Run a Sync

cloudquery sync aws_to_splunk.yaml

This will start syncing data from the AWS API to your Splunk database! 🚀

See the CloudQuery documentation portal for more deployment guides, options and further tips.

FAQs

What is CloudQuery?
CloudQuery is an open-source tool that helps you extract, transform, and load cloud asset data from various sources into databases for security, compliance, and visibility.
Why does CloudQuery require login?
Logging in allows CloudQuery to authenticate your access to the CloudQuery Hub and monitor usage for billing purposes. Data synced with CloudQuery remains private to your environment and is not shared with our servers or any third parties.
What data does CloudQuery have access to?
CloudQuery accesses only the metadata and configurations of your cloud resources that you specify without touching sensitive data or workloads.
How is CloudQuery priced?
CloudQuery offers flexible pricing based on the number of cloud accounts and usage. Visit our pricing page for detailed plans.
Is there a free version of CloudQuery?
Yes, CloudQuery offers a free plan that includes basic features, perfect for smaller teams or personal use. More details can be found on our pricing page.
What permissions does the AWS integration require to run?
To sync your data to Splunk the CloudQuery AWS integration only requires read permissions. The integration will never need to make any changes to your AWS setup, and we recommend that you only grant read permissions.
How will my data be kept secure?
CloudQuery does not have access to any of the data you sync from AWS. We only collect only metadata about usage for billing purposes. The CloudQuery CLI will only have access to the data that you grant it permission to access. You will always be in control of the data that is being synced from AWS to Splunk and will have the ability to revoke permissions at any time.
Which write mode can I use in Splunk when syncing data from AWS?
At the moment, CloudQuery only supports append write mode, this means that it will not remove data from your Splunk destination and will create new indexes when needed.
How can I ensure that my sync from AWS does not exceed my Splunk API limits?
You can manage the rate at which data is synced from AWS to Splunk by using the batch_size, batch_size_bytes, and max_concurrent_requests integers. In general, you should keep the max_concurrent_requests integer as low as possible while aiming for a ratio of roughly 1,000 between batch_size and max_concurrent_requests, this will ensure that the response times from your Splunk instance remain reasonable.
What is the Splunk Destination integration for CloudQuery?
The Splunk Destination integration allows you to send cloud asset data collected by CloudQuery to Splunk for further analysis, enabling you to monitor, visualize, and query cloud infrastructure metrics in real-time.

Get Weekly Cloud Governance Insights

Product use cases

Resources

Legal

© 2025 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.