Related Answers
Download topic as PDF
Release notes for the Splunk Add-on for AWS
Version 4.6.0 of the Splunk Add-on for Amazon Web Services was released on October 3, 2018.
Compatibility
Version 4.6.0 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 6.5 and later |
| CIM | 4.3 and later |
| Supported OS for data collection | Platform independent |
| Vendor products | Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS. |
New features
Version 4.6.0 of the Splunk Add-on for AWS version contains the following new and changed features:
- CloudWatch Metrics input to enable discovery of new entities without Splunk restart
- Metrics store support (requires a Splunk forwarder version 7.2.0 or above.)
- Ability to detect configuration of SSL on management port
- Line/event breaking enforcement for ELB/S3 Access Logs
- Support for Splunk Enterprise 7.2.0
Fixed issues
Version 4.6.0 of the Splunk Add-on for Amazon Web Services fixes the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2018-08-27 | ADDON-18031 | Small page size causing LimitExceededException error during Kinesis ListStreams operations |
| 2018-07-17 | ADDON-18087, SII-1746 | Invalid AWS credentials can be added and interacted with as valid AWS credentials |
| 2018-06-27 | ADDON-17277 | Line/event breaking enforcement for ELB/S3 Access Logs |
Known issues
Version 4.6.0 of the Splunk Add-on for Amazon Web Services has the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2018-08-23 | ADDON-19179 | UI shows error message when a CloudWatch mod input has dimensions with different query_window_size |
| 2018-08-16 | ADDON-19138 | Splunk 7.1 and below outputs 'Invalid key in stanza' warning on startup about INGEST_EVAL, METRIC-SCHEMA-MEASURES, and METRIC-SCHEMA-TRANSFORMS |
| 2018-03-28 | ADDON-17571 | AWS TA and *nix TA lack spec files for eventgen.conf, which causes cluster bundle validation errors, and breaks Manage Indexes page in clustered Splunk Cloud Workaround: Splunk Cloud customers who cannot create indexes on their own due to this bug should file a support case when they need new indexes created. |
| 2018-02-19 | ADDON-17158 | The style of multi-input text box is not correct |
| 2018-02-19 | ADDON-17157 | The header view of customized page is inconsistent with the default NightLight style |
| 2018-02-13 | ADDON-17132 | Create/edit input page layout is broken |
| 2018-02-13 | ADDON-17135 | Placeholder tooltip is missing for dropdown |
| 2018-01-05 | ADDON-16518 | When kinesis and cloudwatch inputs send large volumes of data over HEC, HEC can block the ingest pipeline, which breaks non-HEC inputs. Workaround: Set use_hec=false in [global_settings] stanza of aws_kinesis.conf and/or aws_cloudwatch.conf |
| 2017-09-03 | ADDON-15718 | Duplicate cloudfront data in description when there are more than 1 regions |
| 2017-08-22 | ADDON-15603 | Users can delete an account in use. |
| 2017-03-29 | ADDON-14287 | After you replace an IAM role attached to an EC2 instance, the inputs that use the old IAM role stop collecting data. |
| 2016-12-22 | ADDON-12867, ADDON-11894 | S3 input: large key numbers lead to excessively large checkpoint files Workaround: To migrate to SQS based S3 or Incremental S3. Large number of files always leads to large size of checkpoint by the nature of Generic S3. This will improve the checkpoint file size, however, as long as the Jira is not fixed, the checkpoint file size might still be not as little as expected. |
Third-party software attributions
Version 4.6.0 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.
|
PREVIOUS Source types for the Splunk Add-on for AWS |
NEXT Release history for the Splunk Add-on for AWS |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Comments
AWS now provides an option for VPCFlow Logs to go to S3. I have modified the props and tranforms configuration to ingest SQS S3 and ignore the header and created sourcetype modeled after the existing aws:cloudwatch:vpcflow to create a sourcetype aws:s3:vpcflow input and it works as intended. This may be beneficial to include by default on the next release for those larger enterprise customers who may centralize VPCFlows from multiple accounts into a centralized AWS logging account.
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-s3.html
Is there any plan to add support for elbv2 API ? i.e. Application Load Balancers. It would be awesome if the description input would include it along with other stuff.
Hi Shawn,
Thanks for providing feedback on this issue. I have forwarded your suggestion, as well as your workaround to our engineering team for review for future releases.