Sync data from AWS to Splunk

CloudQuery is the simple, fast data integration platform that can fetch your data from AWS APIs and load it into Splunk

Trusted by

Self-hosted

Start locally, then deploy to a Virtual Machine, Kubernetes, or anywhere else. Full instructions on CLI setup are available in our documentation.

Step-by-step Instructions

Cloud-hosted

Start syncing in a few clicks. No need to deploy your own infrastructure.

Coming soon for AWS to Splunk

Fast and reliable

CloudQuery’s efficient design means our syncs are fast and a sync from AWS to Splunk can be completed in a fraction of the time compared to other tools.

Easy to use, easy to maintain

AWS syncing using CloudQuery is easy to set up and maintain thanks to its simple YAML configuration. Once synced, you can use normal SQL queries to work with your data.

A huge library of supported destinations

Splunk isn’t the only place we can sync your AWS data to. Whatever you need to do with your AWS data, CloudQuery can make it happen. We support a huge range of destinations, customizable transformations for ETL, and we regularly release new plugins.

Extensible and Open Source SDK

Write your own connectors in any language by utilizing the CloudQuery open source SDK powered by Apache Arrow. Get out-of-the-box scheduling, rate-limiting, transformation, documentation and much more.

Step by step guide for how to export data from AWS to Splunk

MacOS Windows Linux

MacOS Setup

Step 1: Install CloudQuery

To install CloudQuery, run the following command in your terminal:

brew install cloudquery/tap/cloudquery

Step 2: Create a Configuration File

Next, run the following command to initialize a sync configuration file for AWS to Splunk:

cloudquery init --source=aws --destination=splunk

This will generate a config file named aws_to_splunk.yaml. Follow the instructions to fill out the necessary fields to authenticate against your own environment.

Next, log in to the CloudQuery CLI. If you have't already, you can sign up for a free account as part of this step:

cloudquery login

Step 4: Run a Sync

cloudquery sync aws_to_splunk.yaml

This will start syncing data from the AWS API to your Splunk database! 🚀

See the CloudQuery documentation portal for more deployment guides, options and further tips.

FAQs

What is CloudQuery?

CloudQuery is an open-source tool that helps you extract, transform, and load cloud asset data from various sources into databases for security, compliance, and visibility.

Why does CloudQuery require login?

Logging in allows CloudQuery to authenticate your access to the CloudQuery Hub and monitor usage for billing purposes. Data synced with CloudQuery remains private to your environment and is not shared with our servers or any third parties.

What data does CloudQuery have access to?

CloudQuery accesses only the metadata and configurations of your cloud resources that you specify without touching sensitive data or workloads.

How is CloudQuery priced?

CloudQuery offers flexible pricing based on the number of cloud accounts and usage. Visit our pricing page for detailed plans.

Is there a free version of CloudQuery?

Yes, CloudQuery offers a free plan that includes basic features, perfect for smaller teams or personal use. More details can be found on our pricing page.

What permissions does the AWS integration require to run?

To sync your data to Splunk the CloudQuery AWS integration only requires read permissions. The integration will never need to make any changes to your AWS setup, and we recommend that you only grant read permissions.

How will my data be kept secure?

CloudQuery does not have access to any of the data you sync from AWS. We only collect only metadata about usage for billing purposes. The CloudQuery CLI will only have access to the data that you grant it permission to access. You will always be in control of the data that is being synced from AWS to Splunk and will have the ability to revoke permissions at any time.

How much does it cost to use CloudQuery to sync from AWS to Splunk?

Anyone can try CloudQuery completely free of charge for 14 days, regardless of how much data you move from AWS to Splunk. After your trial ends, you can continue to sync one million rows every month completely free of charge - any further syncs are charged based on a simple pay as you go pricing model per million rows. The more you sync, the less you pay per row.

Which write mode can I use in Splunk when syncing data from AWS?

At the moment, CloudQuery only supports append write mode, this means that it will not remove data from your Splunk destination and will create new indexes when needed.

How can I ensure that my sync from AWS does not exceed my Splunk API limits?

You can manage the rate at which data is synced from AWS to Splunk by using the batch_size, batch_size_bytes, and max_concurrent_requests integers. In general, you should keep the max_concurrent_requests integer as low as possible while aiming for a ratio of roughly 1,000 between batch_size and max_concurrent_requests, this will ensure that the response times from your Splunk instance remain reasonable.

What is the Splunk Destination integration for CloudQuery?

The Splunk Destination integration allows you to send cloud asset data collected by CloudQuery to Splunk for further analysis, enabling you to monitor, visualize, and query cloud infrastructure metrics in real-time.