Release notes for the Splunk Add-on for AWS
Version 5.0.3 of the Splunk Add-on for Amazon Web Services was released on October 8, 2020.
Version 5.0.3 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:
|Splunk platform versions||8.0 and later|
|CIM||4.3 and later|
|Supported OS for data collection||Platform independent|
|Vendor products||Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, Inspector, Kinesis, S3, VPC Flow Logs, Billing services, SQS, and SNS.|
Versions 5.0.0 and above of the Splunk Add-on for AWS are Python 3 releases, and only compatible with Splunk platform versions 8.0.0 and later. To use version 5.0.0 or later of this add-on, upgrade your Splunk platform deployment to version 8.0.0 or later. For users of Splunk platforms 6.x.x and Splunk 7.x.x, the Splunk Add-on for Amazon Web Services version 4.6.1 is supported. Do not upgrade to Splunk Add-on for AWS 5.0.0 or above on these versions of the Splunk platform.
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
Version 5.0.3 of the Splunk Add-on for AWS version contains the following new and changed features:
- Bug fix with proxy behavior not working as expected.
- Bug fix with
no_proxytaking effect with https.
- SQS modular input for proxy configuration code fix (Microsoft Windows only)
Version 5.0.3 of the Splunk Add-on for Amazon Web Services fixes the following issues.
Version 5.0.3 of the Splunk Add-on for Amazon Web Services has the following known issues.
The Splunk Add-on for AWS version 5.x.x is incompatible with Splunk Enterprise versions 7.x.x and earlier.
|Date filed||Issue number||Description|
|2019-11-20||ADDON-24471||Billing input causes double-ingest of CUR billing files when splunk restarts during ingest|
Each set of duplicate events for a given CUR assembly will have a unique txid (which is a timestamp) set by the Billing input.
Filter out events that don't have the largest value for txid in a given assembly.
| rex field=source "/(?<date_range>\d+-\d+)/(?<assemblyId>[^/]+)/" | eventstats max(txid) AS max_txid BY assemblyId | where txid == max_txid
Third-party software attributions
Version 5.0.3 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.
Saved searches for the Splunk Add-on for AWS
Release history for the Splunk Add-on for AWS
This documentation applies to the following versions of Splunk® Supported Add-ons: released