Skip to main content

Current AWS virtual private cloud infrastructure

You might want to retrieve basic information about your organization's virtual private cloud (VPC) infrastructure when doing the following:

Prerequisites 

In order to execute this procedure in your environment, you may need to first on-board the data, services, or apps shown in the following table.

 

Category

Name

Importance

Add-on

Splunk Add-on for Amazon Web Services

Required

App 

Splunk App for AWS

Recommended

 

Example

The purpose of this example is to show how this procedure works in a general environment. In your environment, you can optimize the search by specifying an index, a time range, or a different data source. 

As an administrator, you'd like to have a high level view of every Virtual Private Cloud (VPC) currently configured in AWS, as well as its current availability and Classless Inter-Domain Routing (CIDR) range. 

  1. Run the following search: 
source="*:vpcs" sourcetype="aws:description"
|dedup id sortby -_time
|table account_id region id cidr_block state
|sort +state

Search Explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Splunk Search

Explanation

source="*:vpcs" 

Search your VPC instances. 

sourcetype="aws:description"

Search only the description field.

|dedup id sortby -_time

Remove duplicate instances by ID and sort the remaining results with the most recent instances first. 

|table account_id region id cidr_block state

Display the results in a table with columns in the order shown.

|sort +state

Sort the results by state in ascending order.

 

Result

Sample results for this search are shown in the table below. It shows the number of unique VPCs associated with the account id, as well as the state, cidr_block, and the id of the eVPC itself. These are all fundamental attributes of a VPC. 

account_id

region

id

cidr_block

state

63605715280

ap-southeast-1

vpc-40c55125

10.95.0.0/16

available

63605715280

ap-southeast-1

vpc-311b8f54

10.0.0.0/16

available

63605715280

ap-southeast-1

vpc-d2d110ba

172.31.0.0/16

available

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.