Sometimes "getting data in” (or GDI) can be just as complicated as managing the data itself. From the early days of Splunk, getting data in has been a critical aspect of delivering the right data for visibility, investigation, and action. As data locality proliferates, formats evolve, and volumes grow, customers need easy access to their data, in the right place, in the right shape, and at the right time. Splunk is eager to help you accelerate your transition to the cloud by simplifying, automating and streamlining these processes.

To enable this, we are excited to announce the preview of Data Manager for Splunk Cloud, allowing customers to easily access and take action on their growing cloud data sources. Enjoy a modern, simple, and scalable data onboarding experience with access today to AWS cloud data sources. Keep an eye out as we expand to include GCP and Azure data sources as our next step.

You can find the Data Manager on your Splunk Cloud home page on the left panel:

Data Manager for Splunk Cloud drastically reduces the time to set up cloud data sources from hours to minutes while providing a centralized data ingestion management, monitoring and troubleshooting experience. 

New capabilities of Data Manager include:

• Modern user interface for cloud data source onboarding
• Automation for AWS pre-requisites & configuration
• Baked-in AWS data ingestion best practices
• Centralized data onboarding management from a single pane of glass
• In-product, in-context docs
• AWS Data Sources supported: AWS GuardDuty, Security Hub, IAMAccessAnalyzer, IAMCredentialReport, Metadata and Cloud Trail, thereby enabling data onboarding from over a hundred AWS services

The new Data Manager (preview) takes data ingestion from cloud native sources to the next level. For its first iteration, we worked closely with AWS to bring you a simplified configuration to onboard data from AWS accounts - from a single account to hundreds of accounts - all with only a few clicks. 

All prerequisites and relevant AWS setup information is easily accessible and consumable through the Data Manager UI with in-context documentation. You can even choose to send data from each AWS service to a different Splunk index in one single data input configuration. We also auto-generate the AWS Cloudformation templates (CFTs) for you with clear steps to run them on your AWS CLI or console, providing transparency for you and your AWS admin to review the setup at any time. Once set up, your data input configuration is easy to monitor in one single Splunk pane of glass to help ensure your AWS data flow into Splunk is working smoothly.

Data Manager ships as a built-in application in Splunk Cloud and is available today in preview for Splunk Cloud Platform customers on the Victoria experience who choose AWS as their provider. This includes AWS regions: US East Virginia, US West Oregon, UK (London), Europe (Dublin, Frankfurt, Paris), Asia Pacific (Mumbai, Seoul, Singapore, Sydney, Tokyo), and Canada (Central). Subscribe to our Community Product News & Announcements board to get notified as we expand availability of this feature.

Try out this new capability today to help you get to the cloud faster while making your data work for you. Don’t forget to check out the Splunk Docs and watch the full .conf session on the future of data on-boarding at Splunk!!

Have feedback? Share your thoughts with us and other uses on the Splunk Community. 

---

This blog post was co-authored by Yogesh Sontakke, Product Management Lead for Data Manager for Splunk Cloud, and Anna Mensing, Platform Product Marketing.