Splunk® Supported Add-ons

Splunk Add-on for AWS

Download manual as PDF

Download topic as PDF

Release notes for the Splunk Add-on for AWS

Version 5.0.1 of the Splunk Add-on for Amazon Web Services was released on May 13, 2020.

Compatibility

Version 5.0.1 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0 and later
CIM 4.3 and later
Supported OS for data collection Platform independent
Vendor products Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS.

Versions 5.0.0 and above of the Splunk Add-on for AWS are Python 3 releases, and only compatible with Splunk platform versions 8.0.0 and later. To use version 5.0.0 or later of this add-on, upgrade your Splunk platform deployment to version 8.0.0 or later. For users of Splunk platforms 6.x.x and Splunk 7.x.x, the Splunk Add-on for Amazon Web Services version 4.6.1 is supported. Do not upgrade to Splunk Add-on for AWS 5.0.0 or above on these versions of the Splunk platform.

New features

Version 5.0.1 of the Splunk Add-on for AWS version contains the following new and changed features:

  • FIPS compliance release for Python 3
  • Improved Support for the Authentication CIM Model.

Fixed issues

Version 5.0.1 of the Splunk Add-on for Amazon Web Services fixes the following issues.

Date resolved Issue number Description
2020-06-16 ADDON-25762 Generic AWS S3 inputs duplicating events after Splunk forwarder restart
2020-04-29 ADDON-24651 Improved ALB Access Logs parsing
2020-04-29 ADDON-21349, CMON-2382 Fix for S3 field extraction
2020-04-23 ADDON-21900 Input validation needed for AWS inputs to check for / (forward slash)
2020-04-23 ADDON-25454, ADDON-26096 Splunk Add-on for AWS repeatedly processing the same gzip file
2020-04-23 ADDON-25279 FIPS compliance release for Python 3
2020-04-23 ADDON-23358 Improvement to timestamp extraction for sourcetype aws:cloudwatchlogs:vpcflow
2020-04-23 ADDON-24325 AWS TA only ingesting up to 100 RDS instances.
2020-03-23 ADDON-13856, ADDON-13200 Add input name as part of Kinesis checkpoint file name
2020-03-11 ADDON-25546, ADDON-25289 Region support improved for AWS Description: adding ap-east-1, eu-north-1, eu-west-3 and me-south-1

Known issues

Version 5.0.1 of the Splunk Add-on for Amazon Web Services has the following known issues.

The Splunk Add-on for AWS version 5.x.x is incompatible with Splunk Enterprise versions 7.x.x and earlier.

Date filed Issue number Description
2019-11-20 ADDON-24471 Billing input causes double-ingest of CUR billing files when splunk restarts during ingest

Workaround:
Each set of duplicate events for a given CUR assembly will have a unique txid (which is a timestamp) set by the Billing input.

Filter out events that don't have the largest value for txid in a given assembly.

Example:

| rex field=source "/(?<date_range>\d+-\d+)/(?<assemblyId>[^/]+)/" 
| eventstats max(txid) AS max_txid BY assemblyId
| where txid == max_txid


Third-party software attributions

Version 5.0.1 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.

Last modified on 21 July, 2020
PREVIOUS
Source types for the Splunk Add-on for AWS
  NEXT
Release history for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters