Release notes for the Splunk Add-on for AWS
Version 5.0.1 of the Splunk Add-on for Amazon Web Services was released on May 13, 2020.
Version 5.0.1 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:
|Splunk platform versions||8.0 and later|
|CIM||4.3 and later|
|Supported OS for data collection||Platform independent|
|Vendor products||Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS.|
Versions 5.0.0 and above of the Splunk Add-on for AWS are Python 3 releases, and only compatible with Splunk platform versions 8.0.0 and later. To use version 5.0.0 or later of this add-on, upgrade your Splunk platform deployment to version 8.0.0 or later. For users of Splunk platforms 6.x.x and Splunk 7.x.x, the Splunk Add-on for Amazon Web Services version 4.6.1 is supported. Do not upgrade to Splunk Add-on for AWS 5.0.0 or above on these versions of the Splunk platform.
Version 5.0.1 of the Splunk Add-on for AWS version contains the following new and changed features:
- FIPS compliance release for Python 3
- Improved Support for the Authentication CIM Model.
Version 5.0.1 of the Splunk Add-on for Amazon Web Services fixes the following issues.
|Date resolved||Issue number||Description|
|2020-06-16||ADDON-25762||Generic AWS S3 inputs duplicating events after Splunk forwarder restart|
|2020-04-29||ADDON-24651||Improved ALB Access Logs parsing|
|2020-04-29||ADDON-21349, CMON-2382||Fix for S3 field extraction|
|2020-04-23||ADDON-21900||Input validation needed for AWS inputs to check for / (forward slash)|
|2020-04-23||ADDON-25454, ADDON-26096||Splunk Add-on for AWS repeatedly processing the same gzip file|
|2020-04-23||ADDON-25279||FIPS compliance release for Python 3|
|2020-04-23||ADDON-23358||Improvement to timestamp extraction for sourcetype aws:cloudwatchlogs:vpcflow|
|2020-04-23||ADDON-24325||AWS TA only ingesting up to 100 RDS instances.|
|2020-03-23||ADDON-13856, ADDON-13200||Add input name as part of Kinesis checkpoint file name|
|2020-03-11||ADDON-25546, ADDON-25289||Region support improved for AWS Description: adding ap-east-1, eu-north-1, eu-west-3 and me-south-1|
Version 5.0.1 of the Splunk Add-on for Amazon Web Services has the following known issues.
The Splunk Add-on for AWS version 5.x.x is incompatible with Splunk Enterprise versions 7.x.x and earlier.
|Date filed||Issue number||Description|
|2019-11-20||ADDON-24471||Billing input causes double-ingest of CUR billing files when splunk restarts during ingest|
Each set of duplicate events for a given CUR assembly will have a unique txid (which is a timestamp) set by the Billing input.
Filter out events that don't have the largest value for txid in a given assembly.
| rex field=source "/(?<date_range>\d+-\d+)/(?<assemblyId>[^/]+)/" | eventstats max(txid) AS max_txid BY assemblyId | where txid == max_txid
Third-party software attributions
Version 5.0.1 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.
Source types for the Splunk Add-on for AWS
Release history for the Splunk Add-on for AWS
This documentation applies to the following versions of Splunk® Supported Add-ons: released