You might want to retrieve basic information about your organization's virtual private cloud (VPC) infrastructure when doing the following:
Prerequisites
In order to execute this procedure in your environment, the following data, services, or apps are required:
- AWS description data
- Splunk Add-on for Amazon Web Services
Example
As an administrator, you'd like to have a high level view of every Virtual Private Cloud (VPC) currently configured in AWS, as well as its current availability and Classless Inter-Domain Routing (CIDR) range.
NOTE: To optimize the search shown below, you should specify an index and a time range.
- Run the following search:
source="*:vpcs" sourcetype="aws:description"
|dedup id sortby -_time
|table account_id region id cidr_block state
|sort +state
Search explanation
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
Splunk Search |
Explanation |
source="*:vpcs" |
Search only your VPC instances and filter by description data. |
|dedup id sortby -_time |
Remove duplicate instances by ID and sort the remaining results with the most recent instances first. |
|table account_id region id cidr_block state |
Display the results in a table with columns in the order shown. |
|sort +state |
Sort the results by state in ascending order. |
Result
Sample results for this search are shown in the table below. It shows the number of unique VPCs associated with the account id, as well as the state, cidr_block, and the id of the eVPC itself. These are all fundamental attributes of a VPC.
account_id |
region |
id |
cidr_block |
state |
63605715280 |
ap-southeast-1 |
vpc-40c55125 |
10.95.0.0/16 |
available |
63605715280 |
ap-southeast-1 |
vpc-311b8f54 |
10.0.0.0/16 |
available |
63605715280 |
ap-southeast-1 |
vpc-d2d110ba |
172.31.0.0/16 |
available |
Comments
0 comments
Please sign in to leave a comment.