Release notes for the Splunk Add-on for AWS
Version 4.6.0 of the Splunk Add-on for Amazon Web Services was released on October 3, 2018.
Version 4.6.0 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:
|Splunk platform versions||6.5 and later|
|CIM||4.3 and later|
|Supported OS for data collection||Platform independent|
|Vendor products||Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS.|
Version 4.6.0 of the Splunk Add-on for AWS version contains the following new and changed features:
- CloudWatch Metrics input to enable discovery of new entities without Splunk restart
- Metrics store support (requires a Splunk forwarder version 7.2.0 or above.)
- Ability to detect configuration of SSL on management port
- Line/event breaking enforcement for ELB/S3 Access Logs
- Support for Splunk Enterprise 7.2.0
Version 4.6.0 of the Splunk Add-on for Amazon Web Services fixes the following issues.
|Date resolved||Issue number||Description|
|2018-08-27||ADDON-18031||Small page size causing LimitExceededException error during Kinesis ListStreams operations|
|2018-07-17||ADDON-18087, SII-1746||Invalid AWS credentials can be added and interacted with as valid AWS credentials|
|2018-06-27||ADDON-17277||Line/event breaking enforcement for ELB/S3 Access Logs|
Version 4.6.0 of the Splunk Add-on for Amazon Web Services has the following known issues.
|Date filed||Issue number||Description|
|2018-08-23||ADDON-19179||UI shows error message when a CloudWatch mod input has dimensions with different query_window_size|
|2018-08-16||ADDON-19138||Splunk 7.1 and below outputs 'Invalid key in stanza' warning on startup about INGEST_EVAL, METRIC-SCHEMA-MEASURES, and METRIC-SCHEMA-TRANSFORMS|
|2018-03-28||ADDON-17571||AWS TA and *nix TA lack spec files for eventgen.conf, which causes cluster bundle validation errors, and breaks Manage Indexes page in clustered Splunk Cloud|
Splunk Cloud customers who cannot create indexes on their own due to this bug should file a support case when they need new indexes created.
|2018-02-19||ADDON-17158||The style of multi-input text box is not correct|
|2018-02-19||ADDON-17157||The header view of customized page is inconsistent with the default NightLight style|
|2018-02-13||ADDON-17132||Create/edit input page layout is broken|
|2018-02-13||ADDON-17135||Placeholder tooltip is missing for dropdown|
|2018-01-05||ADDON-16518||When kinesis and cloudwatch inputs send large volumes of data over HEC, HEC can block the ingest pipeline, which breaks non-HEC inputs.|
Set use_hec=false in [global_settings] stanza of aws_kinesis.conf and/or aws_cloudwatch.conf
|2017-09-03||ADDON-15718||Duplicate cloudfront data in description when there are more than 1 regions|
|2017-08-22||ADDON-15603||Users can delete an account in use.|
|2017-03-29||ADDON-14287||After you replace an IAM role attached to an EC2 instance, the inputs that use the old IAM role stop collecting data.|
|2016-12-22||ADDON-12867, ADDON-11894||S3 input: large key numbers lead to excessively large checkpoint files|
To migrate to SQS based S3 or Incremental S3. Large number of files always leads to large size of checkpoint by the nature of Generic S3.
This will improve the checkpoint file size, however, as long as the Jira is not fixed, the checkpoint file size might still be not as little as expected.
Third-party software attributions
Version 4.6.0 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.
Source types for the Splunk Add-on for AWS
Release history for the Splunk Add-on for AWS
This documentation applies to the following versions of Splunk® Supported Add-ons: released