Splunk® Supported Add-ons

Splunk Add-on for AWS

Download manual as PDF

Download topic as PDF

Release notes for the Splunk Add-on for AWS

Version 5.0.2 of the Splunk Add-on for Amazon Web Services was released on August 22, 2020.

Compatibility

Version 5.0.2 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0 and later
CIM 4.3 and later
Supported OS for data collection Platform independent
Vendor products Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS.

Versions 5.0.0 and above of the Splunk Add-on for AWS are Python 3 releases, and only compatible with Splunk platform versions 8.0.0 and later. To use version 5.0.0 or later of this add-on, upgrade your Splunk platform deployment to version 8.0.0 or later. For users of Splunk platforms 6.x.x and Splunk 7.x.x, the Splunk Add-on for Amazon Web Services version 4.6.1 is supported. Do not upgrade to Splunk Add-on for AWS 5.0.0 or above on these versions of the Splunk platform.

New features

Version 5.0.2 of the Splunk Add-on for AWS version contains the following new and changed features:

  • Increased Network Traffic CIM data model compatibility.
  • Increased Change CIM data model compatibility.
  • Improved support for the Splunk Enterprise Security Assets and Identities Framework Interface

Fixed issues

Version 5.0.2 of the Splunk Add-on for Amazon Web Services fixes the following issues.


Date resolved Issue number Description
2020-08-24 ADDON-26632 Update cloudfront_web and cloudfront_rtmp regex to account for ipv6 addresses
2020-08-24 ADDON-26878 Installing AWS TA on Enterprise Security SH breaks Suppression Auditing: stanzas For aws:resthandler:log and aws:util:log are too generic
2020-07-13 ADDON-22785 AWS calls increase when using aws:description
2020-07-13 ADDON-26599 Support for newer formatted cloudwatch ELB metrics, exception handling for logs which don't have all log field populated

Known issues

Version 5.0.2 of the Splunk Add-on for Amazon Web Services has the following known issues.

The Splunk Add-on for AWS version 5.x.x is incompatible with Splunk Enterprise versions 7.x.x and earlier.


Third-party software attributions

Version 5.0.2 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.

Last modified on 23 September, 2020
PREVIOUS
Saved searches for the Splunk Add-on for AWS
  NEXT
Release history for the Splunk Add-on for AWS

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters