Splunk® Supported Add-ons

Splunk Add-on for AWS

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release notes for the Splunk Add-on for AWS

Version 5.0.3 of the Splunk Add-on for Amazon Web Services was released on October 8, 2020.

Compatibility

Version 5.0.3 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0 and later
CIM 4.3 and later
Supported OS for data collection Platform independent
Vendor products Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS.

Versions 5.0.0 and above of the Splunk Add-on for AWS are Python 3 releases, and only compatible with Splunk platform versions 8.0.0 and later. To use version 5.0.0 or later of this add-on, upgrade your Splunk platform deployment to version 8.0.0 or later. For users of Splunk platforms 6.x.x and Splunk 7.x.x, the Splunk Add-on for Amazon Web Services version 4.6.1 is supported. Do not upgrade to Splunk Add-on for AWS 5.0.0 or above on these versions of the Splunk platform.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.


New features

Version 5.0.3 of the Splunk Add-on for AWS version contains the following new and changed features:


  • Bug fix with proxy behavior not working as expected.
  • Bug fix with no_proxy taking effect with https.
  • SQS modular input for proxy configuration code fix (Microsoft Windows only)

Fixed issues

Version 5.0.3 of the Splunk Add-on for Amazon Web Services fixes the following issues.

Known issues

Version 5.0.3 of the Splunk Add-on for Amazon Web Services has the following known issues.

The Splunk Add-on for AWS version 5.x.x is incompatible with Splunk Enterprise versions 7.x.x and earlier.


Date filed Issue number Description
2019-11-20 ADDON-24471 Billing input causes double-ingest of CUR billing files when splunk restarts during ingest

Workaround:
Each set of duplicate events for a given CUR assembly will have a unique txid (which is a timestamp) set by the Billing input.

Filter out events that don't have the largest value for txid in a given assembly.

Example:

| rex field=source "/(?<date_range>\d+-\d+)/(?<assemblyId>[^/]+)/" 
| eventstats max(txid) AS max_txid BY assemblyId
| where txid == max_txid


Third-party software attributions

Version 5.0.3 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.

Last modified on 04 January, 2021
PREVIOUS
Saved searches for the Splunk Add-on for AWS
  NEXT
Release history for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters