Related Answers
Download topic as PDF
Release history for Splunk Add-on for VMware
These features apply to Splunk Add-on for VMware version 4.0.6, the latest release of the Splunk Add-on for VMware. For compatibility information, see Installation and configuration overview for the Splunk Add-on for VMware in the Splunk Add-on for VMware manual.
| New feature or enhancement | Description |
|---|---|
| Compliance with Splunk advisory |
The application has been updated to match the changes in Splunk as described in https://advisory.splunk.com/advisories/SVD-2023-0606. Update the Splunk version based on the advisory to leverage these changes. |
Version 4.0.5
| New feature or enhancement | Description |
|---|---|
| Added support for encrypted SSL certificates and updated Axios library to v1.4.0 |
|
Version 4.0.4
These features apply to Splunk Add-on for VMware version 4.0.4. For compatibility information, see Installation and configuration overview for the Splunk Add-on for VMware in the Splunk Add-on.
| New feature or enhancement | Description |
|---|---|
| Some minor bug fixes | Updated key for syslog stanza |
| Added triggers stanza for custom configuration files | To avoid unnecessary restarts of the Splunk platform, updated app.conf file with a [triggers] stanza and a reload setting for custom configuration file
|
Version 4.0.3
These features apply to Splunk Add-on for VMware version 4.0.3. For compatibility information, see Installation and configuration overview for the Splunk Add-on for VMware in the Splunk Add-on.
Self-Service Installation Compatibility
The Splunk Add-on for VMware is now available for self-service installation in cloud environments. The following packages have been removed from the add-on package and published as individual Splunkbase add-ons to support self-service installation in cloud environments:
| Package | Splunkbase Add-on | Version |
|---|---|---|
| SA-VMWIndex | Splunk Add-on for VMware Indexes | 4.0.3 |
| TA-VMW-FieldExtractions | Splunk Add-on for VMware Extractions | 4.0.3 |
| Splunk_TA_esxilogs | Splunk Add-on for VMware ESXi Logs | 4.2.1 |
| Splunk_TA_vcenter | Splunk Add-on for vCenter Logs | 4.2.1 |
jQuery 3.5 Compatibility
The Splunk Add-on for VMware is now updated to use jQuery v3.5.0. The add-on uses jQuery v3.5 in the Splunk version 8.2 or later. This makes the add-on more secure by fixing known cross-site scripting (XSS) related vulnerabilities as well as vulnerabilities created by object prototype pollution.
Version 4.0.2
This version of the Splunk Add-on for VMware doesn't contain biased terms such as master, slave, blacklist, and whitelist have been replaced with appropriate non-biased terms. The occurrences of biased terms that are Splunk platform references or present in the third-party library have not been removed. The following table contains the parameters from the ta_vmware_collection.conf file present in the Splunk_TA_vmware package that has been renamed to remove biased language:
| Parameter name in Splunk Add-on for VMware version 4.0.1 | Parameter name in Splunk Add-on for VMware version 4.0.2 |
|---|---|
| managed_host_whitelist | managed_host_includelist |
| managed_host_blacklist | managed_host_excludelist |
| vm_metric_whitelist | vm_metric_allowlist |
| vm_metric_blacklist | vm_metric_denylist |
| host_metric_whitelist | host_metric_allowlist |
| host_metric_blacklist | host_metric_denylist |
| cluster_metric_whitelist | cluster_metric_allowlist |
| cluster_metric_blacklist | cluster_metric_denylist |
| rp_metric_whitelist | rp_metric_allowlist |
| rp_metric_blacklist | rp_metric_denylist |
| vm_instance_whitelist | vm_instance_allowlist |
| vm_instance_blacklist | vm_instance_denylist |
| host_instance_whitelist | host_instance_allowlist |
| host_instance_blacklist | host_instance_denylist |
| cluster_instance_whitelist | cluster_instance_allowlist |
| cluster_instance_blacklist | cluster_instance_denylist |
| rp_instance_whitelist | rp_instance_allowlist |
| rp_instance_blacklist | rp_instance_denylist |
| perf_entity_blacklist | perf_entity_denylist |
- In the vCenter configuration, you'll see inputs for "Host Includelist Regex" and "Host Excludelist Regex" instead of "Host Whitelist Regex" and "Host Blacklist Regex", to allow or block the performance data collection of certain hosts present in the vCenter server.
- In the Data Collection Preference, you'll see inputs for "Metric Allowlist" and "Metric Denylist" instead of "Metric Whitelist" and "Metric Blacklist", to allow or block the data collection of specific metrics.
Version 3.4.6
Version 3.4.6 of the Splunk Add-on for VMware includes a redesigned Collection Configuration page for the collection of Data Collection Node and Virtual Center data.
Version 3.4.0
Version 3.4.0 of the Splunk Add-on for VMware includes an updated Collection Configuration page for the collection of Data Collection Node and Virtual Center data.
The Collection Configuration page can now be used to set interval and expiration times for the performance parameters of the Splunk Add-on for VMware.
This information can also be adjusted using ta_vmware_collection.conf in $SPLUNK_HOME/etc/apps/TA_vmware/local/.
Upgrade from versions 3.3.1 and earlier
In the release 3.3.2, the SA-Utils component has been renamed to SA-VMNetAppUtils. It does not change the input and dashboard you configured in Splunk Add-on for VMware and Splunk App for VMware.
In the release 3.4.2, a new component, SA-VMWIndex has been added to the Splunk Add-on for VMware package. This component contains the indexes.conf which has the definitions of all the indexes [vmware-perf, vmware-inv, vmware-taskevent, vmware-vclog, vmware-esxilog]. The indexes.conf will be removed from all the components of VMware Add-on as these have been added to SA-VMWIndex.
In the release 3.4.3, a new component, TA-VMW-FieldExtractions has been added to the Splunk Add-on for VMware package. This component contains the search time knowledge objects. The search time knowledge objects have been removed from Splunk_TA_vmware.
See the upgrade section of the Splunk App for VMware manual for the detailed procedures.
Note:Splunk recommend you backup your existing deployment before upgrade.
See "Back up configuration information" in the Admin Manual and "Back up indexed data" in the Managing Indexers and Clusters Manual
Fixed Issues
| Date resolved | Issue number | Description |
|---|---|---|
| 2017-04-07 | VMW-4484 | Support of all ESXi logs format - Correct the sourcetype and field extraction regex (Splunk_TA_esxilogs) |
| 2017-03-30 | VMW-4428 | Splunk_TA_vcenter Add-on field extraction |
| 2017-03-17 | VMW-4320, NETAPP-809 | Certification Validation is disabled |
| 2017-03-03 | VMW-4437 | Splunk unable to connect to some vcenters - vcenters being marked as dead |
| 2017-02-28 | VMW-4501, NETAPP-800 | Deprecated supportSSLV3Only = <bool> still being used in the latest version of vmware |
| 2017-02-08 | VMW-4449 | Remove logging of Splunk session keys |
| 2017-02-06 | VMW-4380 | Splunk DCN making excessive DNS queries |
Known Issues
| Date filed | Issue number | Description |
|---|---|---|
| 2019-01-07 | VMW-4960 | vpxd.stats.maxQueryMetrics error prevents data collection from vCenters |
| 2018-08-27 | VMW-4907 | Licence Issue for Partner NFR |
| 2018-04-10 | VMW-4840 | Scrolling issue in Collection Configuration page |
| 2018-02-15 | VMW-4825, VMW-4795 | Security Scan Failure for port 8008 SA-Hydra for accepting aNULL Cipher Suite |
| 2017-12-11 | VMW-4794 | Performance fields are not extracted from vmware:perf:vflashModule sourcetype |
| 2017-08-18 | VMW-4658 | source=VMPerf:VirtualMachine event missing while one of the vCenters is unreachable |
| 2017-05-19 | VMW-4597 | Not getting "vmware:vclog:vws" sourcetype in vCenter v6.5. |
| 2017-05-19 | VMW-4598 | "opId" field is not getting extracted properly for few events from "vmware:vclog:vpxd" source type. |
|
PREVIOUS Release notes for Splunk Add-on for VMware |
NEXT Hardware and software requirements for the Splunk Add-on for VMware |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!