Splunk® Supported Add-ons

Splunk Add-on for AWS

Download manual as PDF

Download topic as PDF

Release notes for the Splunk Add-on for AWS

Version 5.0.0 of the Splunk Add-on for Amazon Web Services was released on December 19, 2019.

Compatibility

Version 5.0.0 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0 and later
CIM 4.3 and later
Supported OS for data collection Platform independent
Vendor products Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS.

Version 5.0.0 of the Splunk Add-on for AWS is a Python 3 release and is only compatible with Splunk platform versions 8.0.0 and later. To use version 5.0.0 or later of this add-on, upgrade your Splunk platform deployment to version 8.0.0 or later. For users of Splunk platforms 6.x.x and Splunk 7.x.x, the Splunk Add-on for Amazon Web Services version 4.6.1 is supported. Do not upgrade to Splunk Add-on for AWS 5.0.0 on these versions of the Splunk platform.

New features

Version 5.0.0 of the Splunk Add-on for AWS version contains the following new and changed features:

  • Support for Python3
  • Python2 is no longer supported, starting in version 5.0.0 of the Splunk Add-on for AWS.

Fixed issues

Version 5.0.0 of the Splunk Add-on for Amazon Web Services fixes the following issues.


Known issues

Version 5.0.0 of the Splunk Add-on for Amazon Web Services has the following known issues.

  • The Splunk Add-on for AWS version 5.x.x is incompatible with Splunk Enterprise versions 7.x.x and earlier.


Third-party software attributions

Version 5.0.0 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.

Last modified on 03 February, 2020
PREVIOUS
Source types for the Splunk Add-on for AWS 		  NEXT
Release history for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Comments

Hi Shawn,
Thanks for providing feedback on this issue. I have forwarded your suggestion, as well as your workaround to our engineering team for review for future releases.

Mglauser splunk, Splunker
October 4, 2018

AWS now provides an option for VPCFlow Logs to go to S3. I have modified the props and tranforms configuration to ingest SQS S3 and ignore the header and created sourcetype modeled after the existing aws:cloudwatch:vpcflow to create a sourcetype aws:s3:vpcflow input and it works as intended. This may be beneficial to include by default on the next release for those larger enterprise customers who may centralize VPCFlows from multiple accounts into a centralized AWS logging account.
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-s3.html

ShawnWarner7
October 3, 2018

Is there any plan to add support for elbv2 API ? i.e. Application Load Balancers. It would be awesome if the description input would include it along with other stuff.

Kud360
November 2, 2016

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters