Splunk® App for AWS (Legacy)

Release Notes

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Known issues for the Splunk App for AWS

Date filed Issue number Description
2017-01-31 AWSAPP-1664 Detailed monthly billing data is inaccurate across different time zones.
2016-11-20 AWSAPP-1505 Billing Topology Billing Metrics Generator should use data model summary index rather than raw events
2016-09-08 AWSAPP-1205 Macros should be set at the app level, because they overwrite other lookups
2016-08-10 AWSAPP-1083 Monthly billing data takes a long time to load when the amount of data is huge
2016-08-01 AWSAPP-1064, AWSAPP-1487 The cloudtrail inputs UI manager reports errors in the context of the AWS App

Workaround:
Use the Splunk Add-on for AWS to set up the inputs.
2016-07-08 AWSAPP-1034 The macro update fails during the configure input process if the splunkd mgmt port is not 8089
2016-05-12 AWSAPP-934 The performance of the Topology dashboard degrades over time
2016-05-10 AWSAPP-921 When user-defined custom tags in AWS are identical to pre-defined filters in the Splunk App for AWS, the Group By filer produces duplicate values
2016-05-10 AWSAPP-916 No suggested value for Billing tags, user can only select "Tagkey is not empty" or input search expressions
2016-05-10 AWSAPP-924 Becuase the tags filter does not support display names, special characters are replaced with underscores (_), and names are truncated at 32 characters
2016-05-09 AWSAPP-913 When VPC flow logs data is configured through the add-on's Kinesis input, an incorrect warning message is displayed in the app dashboard that the input is not configured
2016-05-09 AWSAPP-912 Populating EC2 ID list should not block typing text in search box
2016-05-05 AWSAPP-891 App dashboard cannot find data in custom indexes specified via the add-on rather than the app

Workaround:
Manually add your custom indexes to the index macros in the app, as described in http://docs.splunk.com/Documentation/AWS/4.2.0/Installation/Macros
2016-05-03 AWSAPP-881 The total number of IAM users/groups/policies is not correct
2016-04-29 AWSAPP-872 Populating Interface ID from VPC Flow Log events takes too long
2016-04-29 AWSAPP-873 Proxy does not work if heavy forwarder and search head need to use different proxy settings

Workaround:
Configure your accounts and inputs using the Splunk Add-on for AWS and do not use the app's Configure tab.
2016-04-29 AWSAPP-874 The VPC Flow data model has too much potential impact on performance
2016-04-28 AWSAPP-860 Recommendation to delete a security group is recommended again even after it is deleted
2016-04-25 AWSAPP-821 Performance issue to load services in CloudWatch Create page
2016-01-13 AWSAPP-568 AWS lookups aren't populated when the add-on is on a separate instance than the app.
2015-12-08 AWSAPP-479 The calculation for reserved instance count is incorrect
2015-08-27 AWSAPP-365 Old checkpointer will be invalid if user delete input and add it back
2015-08-24 AWSAPP-353 Old data input with different custom settings are still merged together
2015-08-18 AWSAPP-302 VPC Flow Logs - Traffic Analysis dashboard shows weird charts for low-volume VPC flow data

For known issues relevant to accounts, input configuration, and knowledge management, see also Known issues for the Splunk Add-on for Amazon Web Services.

Last modified on 19 January, 2018
Fixed issues for the Splunk App for AWS   Credits for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters