
Release notes for the Splunk Add-on for AWS
Version 6.3.1 of the Splunk Add-on for Amazon Web Services was released on January 23, 2022.
Version 6.0.0 of the Splunk Add-on for AWS includes a merge of all the capabilities of the Splunk Add-on for Amazon Kinesis Firehose. Configure the Splunk Add-on for AWS to ingest across all AWS data sources for ingesting AWS data into Splunk.
If you use both the Splunk Add-on for Amazon Kinesis Firehose as well as the Splunk Add-on for AWS on the same Splunk instance, then you must uninstall the Splunk Add-on for Amazon Kinesis Firehose after upgrading the Splunk Add-on for AWS to version 6.0.0 or later in order to avoid any data duplication and discrepancy issues.
Data that you previously onboarded through the Splunk Add-on for Amazon Kinesis Firehose will still be searchable, and your existing searches will be compatible with version 6.0.0 of the Splunk Add-on for AWS.
If you are not currently using the Splunk Add-on for Amazon Kinesis Firehose, but plan to use it in the future, then the best practice is to download and configure version 6.0.0 or later of the Splunk Add-on for AWS, instead of the Splunk Add-on for Amazon Kinesis Firehose.
Compatibility
Version 6.3.1 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
CIM | 4.20 and later |
Supported OS for data collection | Platform independent |
Vendor products | Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector Classic, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, Metadata, SQS, SNS, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Security Hub findings events |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 6.3.1 of the Splunk Add-on for AWS version contains the following new and changed features:
- Returned support for the AWS VPC default log format (v1-v2 fields only)
- Fix for generic S3 upgrade issue
If you use both the Splunk Add-on for Amazon Kinesis Firehose as well as the Splunk Add-on for AWS on the same Splunk instance, then you must uninstall the Splunk Add-on for Amazon Kinesis Firehose after upgrading the Splunk Add-on for AWS to version 6.0.0 or later in order to avoid any data duplication and discrepancy issues.
Data that you previously onboarded through the Splunk Add-on for Amazon Kinesis Firehose will still be searchable, and your existing searches will be compatible with version 6.0.0 of the Splunk Add-on for AWS.
If you are not currently using the Splunk Add-on for Amazon Kinesis Firehose, but plan to use it in the future, then the best practice is to download and configure version 6.0.0 or later of the Splunk Add-on for AWS, instead of the Splunk Add-on for Amazon Kinesis Firehose.
Fixed issues
Version 6.3.1 of the Splunk Add-on for Amazon Web Services fixes the following, if any, issues:
Date resolved | Issue number | Description |
---|---|---|
2023-01-18 | ADDON-59785 | Splunk Add-on for AWS - Working inputs break after upgrading to 6.3.0 |
2023-01-18 | ADDON-59825 | AWS v6.3.0 - support for vpcflowlogs v1-v2 log format is broken |
Known issues
Version 6.3.1 of the Splunk Add-on for Amazon Web Services has the following, if any, known issues.
Date filed | Issue number | Description |
---|---|---|
2022-06-16 | ADDON-52954 | AWS addon: Generic S3 input does not parse/index multiple files in tar without losing events |
2022-02-04 | ADDON-47713 | Sorting of table rows for Input Page is not working as expected |
Third-party software attributions
Version 6.3.1 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.
Third-party software attributions for the Splunk Add-on for Amazon Web Services
PREVIOUS Configure permissions for all inputs for the Splunk Add-on for AWS at once |
NEXT Release history for the Splunk Add-on for AWS |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!