Release notes for the Splunk Add-on for AWS¶
Version 7.8.0 of the Splunk Add-on for Amazon Web Services was released on November 26, 2024.
Billing (Legacy) input is deprecated in add-on version 7.6.0. Please configure Billing (Cost and Usage Report) inputs to collect billing data.
The file based checkpoint mechanism was migrated to the Splunk KV Store for below mentioned inputs in the specific versions. The inputs must be disabled whenever the Splunk software is restarted. Otherwise, it will result in data duplication against your already configured inputs. Input disablement is not applicable to the Kinesis inputs. Version 7.1.0
- Billing Cost and Usage Report
- CloudWatch Metrics
- Incremental S3
- Inspector
- InspectorV2
- Config Rules
- Cloudwatch Logs
- Kinesis
Version 7.0.0 of the Splunk Add-on for AWS includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. Configure the Splunk Add-on for AWS to ingest across all AWS data sources for ingesting AWS data into your Splunk platform deployment.
If you use both the Splunk Add-on for Amazon Security Lake as well as the Splunk Add-on for AWS on the same Splunk instance, then you must uninstall the Splunk Add-on for Amazon Security Lake before upgrading the Splunk Add-on for AWS to version 7.0.0 or later in order to avoid any data duplication and discrepancy issues.
Version 6.0.0 of the Splunk Add-on for AWS includes a merge of all the capabilities of the Splunk Add-on for Amazon Kinesis Firehose. Configure the Splunk Add-on for AWS to ingest across all AWS data sources for ingesting AWS data into your Splunk platform deployment.
If you use both the Splunk Add-on for Amazon Kinesis Firehose as well as the Splunk Add-on for AWS on the same Splunk instance, then you must uninstall the Splunk Add-on for Amazon Kinesis Firehose after upgrading the Splunk Add-on for AWS to version 6.0.0 or later in order to avoid any data duplication and discrepancy issues.
Data that you previously onboarded through the Splunk Add-on for Amazon Kinesis Firehose will still be searchable, and your existing searches will be compatible with version 6.0.0 of the Splunk Add-on for AWS.
If you are not currently using the Splunk Add-on for Amazon Kinesis Firehose, but plan to use it in the future, then the best practice is to download and configure version 6.0.0 or later of the Splunk Add-on for AWS, instead of the Splunk Add-on for Amazon Kinesis Firehose.
Compatibility¶
Version 7.8.0 of the Splunk Add-on for Amazon Web Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 9.1.x, 9.2.x, 9.3.x |
CIM | 5.1.1 and later |
Supported OS for data collection | Platform independent |
Vendor products | Amazon Web Services CloudTrail, CloudWatch, CloudWatch Logs, Config, Config Rules, EventBridge (CloudWatch API, S3 Event Notifications using EventBridge), Inspector Classic, Inspector, Kinesis, S3, VPC Flow Logs, Transit Gateway Flow Logs, Billing Cost and Usage Report, Metadata, SQS, SNS, AWS Identity and Access Management (IAM) Access Analyzer, AWS Security Hub findings, and Amazon Security Lake events |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features¶
Version 7.8.0 of the Splunk Add-on for AWS version contains the following new and changed features:
- Provided support for data collection of multiple CSV files inside ZIP compression in Generic S3 input.
- Provided support for input creation, listing, and deletion in CLI tool for all the inputs.
- Provided support for parsing Amazon S3 Event Notifications using Amazon EventBridge in SQS-Based S3 input.
- Provided support for single space delimited files data collection in SQS-Based S3 and Generic S3 inputs.
- Enhanced the data pulling logic in Inspector (v2) input. Findings with “Resolved” state will also be collected.
- For SQS-Based S3 input, enhanced the SNS signature validation and deprecated the
SNS message max age
parameter.
Fixed issues¶
Version 7.8.0 of the Splunk Add-on for Amazon Web Services fixes the following, if any, issues.
Known issues¶
Version 7.8.0 of the Splunk Add-on for Amazon Web Services has the following, if any, known issues.
Third-party software attributions¶
Version 7.8.0 of the Splunk Add-on for Amazon Web Services incorporates the following third-party libraries.
Third-party software attributions for the Splunk Add-on for Amazon Web Services