
Release notes for the Splunk Add-on for AWS
Version 5.0.3 of the Splunk Add-on for Amazon Web Services was released on October 8, 2020.
Compatibility
Version 5.0.3 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.0 and later |
CIM | 4.3 and later |
Supported OS for data collection | Platform independent |
Vendor products | Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS. |
Versions 5.0.0 and above of the Splunk Add-on for AWS are Python 3 releases, and only compatible with Splunk platform versions 8.0.0 and later. To use version 5.0.0 or later of this add-on, upgrade your Splunk platform deployment to version 8.0.0 or later. For users of Splunk platforms 6.x.x and Splunk 7.x.x, the Splunk Add-on for Amazon Web Services version 4.6.1 is supported. Do not upgrade to Splunk Add-on for AWS 5.0.0 or above on these versions of the Splunk platform.
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 5.0.3 of the Splunk Add-on for AWS version contains the following new and changed features:
- Bug fix with proxy behavior not working as expected.
- Bug fix with
no_proxy
taking effect with https. - SQS modular input for proxy configuration code fix (Microsoft Windows only)
Fixed issues
Version 5.0.3 of the Splunk Add-on for Amazon Web Services fixes the following issues.
Known issues
Version 5.0.3 of the Splunk Add-on for Amazon Web Services has the following known issues.
The Splunk Add-on for AWS version 5.x.x is incompatible with Splunk Enterprise versions 7.x.x and earlier.
Date filed | Issue number | Description |
---|---|---|
2019-11-20 | ADDON-24471 | Billing input causes double-ingest of CUR billing files when splunk restarts during ingest Workaround: Each set of duplicate events for a given CUR assembly will have a unique txid (which is a timestamp) set by the Billing input. Filter out events that don't have the largest value for txid in a given assembly. Example: | rex field=source "/(?<date_range>\d+-\d+)/(?<assemblyId>[^/]+)/" | eventstats max(txid) AS max_txid BY assemblyId | where txid == max_txid
|
Third-party software attributions
Version 5.0.3 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.
PREVIOUS Saved searches for the Splunk Add-on for AWS |
NEXT Release history for the Splunk Add-on for AWS |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!