前端监控
- 作者仓库星标 0
- 作者更新于 实时读取
- 作者仓库 skills-registry
- 领域
- 通用
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @tomevault-io · 未声明 license
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 需手动接入
- 是否需要外部 API Key
- 需要 · AWS
- 兼容的系统
- 未声明(默认跨平台)
- 底层运行要求
- 无特殊要求
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- Shell 执行
- 网络行为
- 允许外网请求
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: splunk-observability-aws-integration
description: >- Use when this capability is needed. Render-first skill that owns the entire AWSCloudWatch int…
category: 通用
runtime: 无特殊运行时
---
# splunk-observability-aws-integration 输出预览
## PART A: 任务判断
- 适用问题:通用任务拆解、检查和交付。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“Coverage Model / Safety Rules / Five-mode UX”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于通用任务拆解、检查和交付,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“Coverage Model / Safety Rules / Five-mode UX”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、执行终端命令、会按任务需要访问外部网络、需要准备 AWS API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件、执行终端命令;会按任务需要访问外部网络;需要准备 AWS API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文出现了 `/v2`、`/tmp` 这类斜杠命令;如果你的 Agent 支持命令触发,优先用命令开场,再补充目标和边界。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件、执行终端命令。
先用一个小任务确认它会围绕“Coverage Model / Safety Rules / Five-mode UX”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: splunk-observability-aws-integration
description: >- Use when this capability is needed. Render-first skill that owns the entire AWSCloudWatch int…
category: 通用
source: tomevault-io/skills-registry
---
# splunk-observability-aws-integration
## 什么时候使用
- 把通用方向的常用动作沉淀成 Agent 可调用的技能 适合处理通用任务拆解、检查、交付和复盘,核心价值是把输入、判断、执行、验证和交付边界固定下来,避免 Agent 泛泛回答。 把任务拆成可执行、可检查、可继续迭代的步骤;使用前要准备…
- 面向通用任务拆解、检查和交付,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「Coverage Model / Safety Rules / Five-mode UX」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件、执行终端命令;会按任务需要访问外部网络;需要准备 AWS API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "splunk-observability-aws-integration" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> Coverage Model / Safety Rules / Five-mode UX
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> 无特殊运行时 | 读取文件、写入/修改文件、执行终端命令 | 会按任务需要访问外部网络
安全层 -> 需要准备 AWS API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} Splunk Observability Cloud <-> AWS Integration
Render-first skill that owns the entire AWSCloudWatch integration object in
Splunk Observability Cloud. The skill is standalone reusable and does not
require any other Splunk Observability skill to run, but it hands off to other
skills for adjacent surfaces (logs, Lambda APM, dashboards, detectors, OTel
collectors).
The workflow is render-first by default. Live API changes only happen when the
user explicitly asks for --apply.
Coverage Model
Every rendered section gets an explicit coverage status in
coverage-report.json:
api_apply— a documented public REST API supports create / update / delete / validate (e.g.POST /v2/integration).api_validate— a documented public REST API supports read or validation only (e.g. preflightingec2:DescribeRegionspermission via the live integration's reported region list).deeplink— the skill renders a deterministic Splunk Observability Cloud UI link and validates referenced data where an API allows (e.g. the AWS guided-setup deeplink for AWS-managed Metric Streams).handoff— the skill renders deterministic operator steps for cross-skill workflows (e.g. logs path ->splunk-app-installforSplunk_TA_AWS).not_applicable— the section does not apply to the chosen target (e.g. Splunk-managed Metric Streams permissions whenconnection.modeispolling, or any AWS integration onrealm: us2-gcpbecause that realm is GCP-hosted and has no AWS STS region mapping).
Safety Rules
- Never ask for Splunk Observability tokens, AWS access keys, or AWS secret access keys in conversation.
- Never pass any secret on the command line or as an environment-variable prefix.
- Use
--token-filefor the Splunk Observability Cloud admin user API access token. Token files must bechmod 600. Override only with--allow-loose-token-perms(emits a WARN — use only for short-lived scratch tokens). - For
authentication.mode: security_token(GovCloud / China), use--aws-access-key-id-fileand--aws-secret-access-key-file. Both files must bechmod 600. - Reject direct secret flags:
--token,--access-token,--api-token,--o11y-token,--admin-token,--sf-token,--external-id,--aws-access-key-id,--aws-secret-access-key,--aws-secret-key,--password. - Prefer
SPLUNK_O11Y_REALMandSPLUNK_O11Y_TOKEN_FILEfrom the repocredentialsfile when present; these store only realms and token-file paths, never token values. - Strip every secret from
00-09-*.md,apply-plan.json,payloads/,current-state.json,state/apply-state.json, and any other rendered artifact on disk. The Splunk Observability admin token is referenced as${SPLUNK_O11Y_TOKEN_FILE}everywhere, never inlined. - The renderer FAILs render when the operator passes the deprecated
enableLogsSyncfield with a clear pointer to theSplunk_TA_AWShandoff. - The renderer FAILs render when
regions: [](the canonical schema rejects an empty list and Splunk highly discourages it because new AWS regions auto-onboard and inflate cost). bash skills/shared/scripts/write_secret_file.sh /tmp/splunk_o11y_tokenhelps the user create a token file without exposing the secret in shell history.
Five-mode UX
| Mode | Flag | Purpose |
|---|---|---|
| quickstart | --quickstart |
Single-shot: render + apply for the most common External-ID + Splunk-managed Metric Streams scenario. Always runs --discover first; pivots to --quickstart-from-live if an integration already exists. |
| render | --render (default) |
Produces the numbered plan tree under --output-dir. Never touches live state. |
| discover | --discover |
Read-only sweep that polls GET /v2/integration?type=AWSCloudWatch, writes current-state.json, and emits a drift-report.md against the rendered plan. |
| doctor | --doctor |
Runs the troubleshooting catalog and emits doctor-report.md with prioritized fixes and the exact setup.sh --apply command for each fix. |
| apply | --apply [SECTIONS] |
Applies the rendered plan; without arguments runs every section in dependency order; with --apply integration,iam,streams runs only the named sections. |
Plus quality-of-life flags:
--quickstart-from-live— turn the live integration into atemplate.observed.yamlthe operator can edit; never overwrites theirtemplate.example.--explain— print the apply plan in plain English, no API calls; for change-management approvals.--rollback <section>— render (do not auto-run) the reverse-engineered commands for steps that have a public reversible API.--list-namespaces— print the supported AWS service / namespace catalog (mirrorsreferences/namespaces-catalog.md).--list-recommended-stats— print the per-namespace per-metric stat catalog used bycollect_only_recommended_stats: true.--privatelink-domain {legacy,new}— picksignalfx.com(default; matches current Splunk-published PrivateLink doc) vsobservability.splunkcloud.comPrivateLink hostnames.--cfn-template-url URL— override the defaulthttps://o11y-public.s3.amazonaws.com/aws-cloudformation-templates/release/template_metric_streams_regional.yaml(or the StackSets equivalent whenmetric_streams.use_stack_sets: true).--accept-drift FIELD[,FIELD...]— needed for--applywhen discover shows the live integration differs from the rendered spec on a field with side effects (e.g. flippinguseMetricStreamsSync).
Primary Workflow
Collect non-secret values: realm, integration name, AWS account ID(s), IAM role name, regions, services list (or
all_built_in), connection mode (polling vs Splunk-managed Metric Streams vs AWS-managed Metric Streams), custom namespaces, multi-account toggle.Create or update a JSON / YAML spec from
template.example.Render and validate:
bash skills/splunk-observability-aws-integration/scripts/setup.sh \ --render \ --spec skills/splunk-observability-aws-integration/template.example \ --output-dir splunk-observability-aws-integration-renderedReview
splunk-observability-aws-integration-rendered/:README.md— TL;DR and ordered next-step commands.architecture.mmd— Mermaid topology of the rendered integration.00-prerequisites.mdthrough09-handoff.md— numbered per-section plans.coverage-report.json— per-section coverage status.apply-plan.json— apply ordering with idempotency keys (no secrets).payloads/— per-step request bodies for REST calls and CFN parameters.aws/— CloudFormation template stubs (regional or StackSets) and Terraform.tffiles for the AWS-side resources and the Splunk-side integration object.iam/— per-use-case IAM JSON (foundation, polling, streams, tag-sync, Cassandra-special-case, GovCloud security-token).scripts/— per-step apply scripts and cross-skill handoff drivers.support-tickets/— pre-filled tickets when Splunk Support is required.
Apply only when explicitly requested:
bash skills/splunk-observability-aws-integration/scripts/setup.sh \ --apply \ --spec skills/splunk-observability-aws-integration/template.example \ --realm us1 \ --token-file /tmp/splunk_o11y_admin_tokenTo run only a subset of sections:
bash skills/splunk-observability-aws-integration/scripts/setup.sh \ --apply integration,iam \ --spec my-aws-integration.yaml
Supported Sections
Specs use api_version: splunk-observability-aws-integration/v1 and can
include the following top-level blocks (full reference in
reference.md):
prerequisites— region/realm preflight, FedRAMP/GovCloud/GCP carve-out, IAM permission check stubs, CFN template URL HTTP HEAD probe.authentication—external_idorsecurity_tokenmode, AWS account ID, IAM role name, returned external ID.connection— polling vs Splunk-managed vs AWS-managed vs Terraform-only mode;pollRate,metadataPollRate,inactiveMetricsPollRate.regions— explicit AWS region list (cannot be empty).services—all_built_in/explicit/namespace_filtered/custom_only;collect_only_recommended_stats;metric_stats_to_syncs;namespace_sync_rules(for built-inAWS/*namespaces).custom_namespaces—simple_list(serializes tocustomCloudwatchNamespaces) ORsync_rules(serializes tocustomNamespaceSyncRules); they conflict.sync_custom_namespaces_onlytoggle.guards—enable_check_large_volume,ignore_all_status_metrics,sync_load_balancer_target_group_tags,enable_aws_usage.metric_streams—use_metric_streams_sync,managed_externally,named_token,cloudformation,cloudformation_template_url,use_stack_sets,terraform.private_link—enable,endpoint_types,service_name_overrides.terraform_provider—source(splunk-terraform/signalfx),version(~> 9.0default).multi_account—enabled,control_account_id,member_accounts,cfn_stacksets.handoffs—lambda_apm,logs_via_splunk_ta_aws,dashboards,detectors,otel_collector_for_ec2_eks.
Hand-offs to Other Skills
- AWS log ingestion ->
bash skills/splunk-app-install/scripts/install_app.sh --source splunkbase --app-id 1876(Splunk Add-on for AWS, Splunkbase 1876, min v8.1.1). Renderer preflights forSplunk_TA_amazon_security_lakeand emits an uninstall step before the v7+ upgrade. - Log Observer Connect to surface those logs in O11y ->
splunk-observability-cloud-integration-setup. - Native O11y dashboards for AWS namespaces ->
splunk-observability-dashboard-builder. - Detectors / AutoDetect alerting ->
splunk-observability-native-ops. - OTel collector on EC2 / EKS for richer host telemetry than
CWAgent->splunk-observability-otel-collector-setup. - Lambda APM via the Splunk OpenTelemetry Lambda layer (publisher
254067382080) ->splunk-observability-aws-lambda-apm-setup. Renderer emits a hand-off stub in09-handoff.md.
Out of Scope
- AWS log collection via the Splunk AWS log collector Lambda (handed off to
Splunk_TA_AWS; theenableLogsSyncAPI field is deprecated and rejected by the renderer). - Lambda APM instrumentation via the OpenTelemetry Lambda layer (handed off to
splunk-observability-aws-lambda-apm-setup). - Native O11y AWS dashboard / detector CRUD (handed off to
splunk-observability-dashboard-builderandsplunk-observability-native-ops). - AppDynamics for AWS workloads (separate AppDynamics SaaS workflow).
- Splunk Cloud Platform Data Manager AWS log onboarding (different product; Splunk Cloud Platform side, not Splunk Observability Cloud).
Validation
bash skills/splunk-observability-aws-integration/scripts/validate.sh \
--output-dir splunk-observability-aws-integration-rendered
Static checks: required-files, IAM JSON shape, secrets-leak scan across every
rendered file, CFN template URL HTTP HEAD probe (--live).
With --live: GET /v2/integration?type=AWSCloudWatch round-trip, drift
report against template.example.
See reference.md and the focused references under references/ for full
detail. The plan and corrections that produced this skill are recorded in
.cursor/plans/splunk_o11y_aws_integration_skill_*.plan.md.
Source: chambear2809/splunk-cisco-skills — distributed by TomeVault.
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核