Important Update: With the next release of Splunk Add-on for Amazon Web Services (aws) v6.0.0, we are merging all the capabilities of the Splunk Add-on for Amazon Kinesis Firehose into the Splunk Add-on for AWS. This means with the Splunk add-on for AWS v6.0.0, customers will be able to use a single Add-on across all AWS data sources for ingesting AWS data into Splunk. If you are using the Splunk Add-on for Kinesis Firehose as well as the Add-on for AWS with your Splunk instance, then you must uninstall the Kinesis Firehose Add-on before upgrading the Add-on for AWS to version 6.0.0 to avoid any data duplicacy and discrepancy issues. We encourage all customers who have a use case for Kinesis Firehose to adopt the Splunk Add-on for AWS v6.0.0 as soon as it is available as the Splunk Add-on for Kinesis Firehose will be discontinued in the future.
__________________________________________________________________________________________________________

The Splunk Add-on for Amazon Kinesis Firehose allows a Splunk software administrator to collect AWS CloudTrail, VPC Flow Logs, CloudWatch events, and raw or JSON data from Amazon Kinesis Firehose. This add-on provides CIM-compatible knowledge for data collected via the HTTP event collector. After the Splunk platform indexes the events, you can analyze the data directly or using other Splunk apps, such as the Splunk App for AWS and Splunk Enterprise Security. If you want to collect data from other AWS sources, see Splunk Add-on for Amazon Web Services.

*** The Splunk Add-on for Amazon Kinesis Firehose is not compatible with the AWS GuardDuty Add-on