Splunk® User Behavior Analytics

Release Notes

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Welcome to Splunk UBA 5.0.3

Splunk UBA 5.0.3 is a maintenance release. See About Splunk User Behavior Analytics and release types for more information about the different types of Splunk UBA releases.

If you are new to Splunk UBA, review all the steps in the Splunk UBA installation checklist before installing Splunk UBA.

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk UBA, read the following documentation before you get started:

Splunk UBA release 5.0.3 on Linux operating systems is available in a patch installation package with the version number 5.0.3.1.

What's new in 5.0.3

Splunk UBA 5.0.3 contains the following features and enhancements:

New feature or enhancement Description
Asset data ingestion The asset data ingestion queries are updated.
  • The assets ES query in asset_es_pull_query.txt is updated to use the latest Splunk ES macro and obtain assets data from Splunk ES.
  • The assets proxy query is updated to provide separate searches for both AD multiline and AD XML formats.

See Perform asset identification by using the Splunk Assets data source.

Splunk UBA Monitoring App The workflow for sending Splunk UBA logs to a custom index on Splunk Enterprise is simplified.

See Send Splunk UBA logs to a custom index on Splunk Enterprise.

Splunk UBA module indicators Two new indicators for monitoring the time difference among raw events processed by Splunk UBA are added in this release.


See View modules health in Administer Splunk User Behavior Analytics.

Improved interface for PII masking The user interface for PII masking is enhanced to clarify which fields are masked for users, accounts, and devices.


See Mask personally-identifiable information in Splunk UBA in Administer Splunk User Behavior Analytics,

Test mode with Kafka data ingestion Test mode support for Kafka data ingestion is provided in this release.


See Add data sources to Splunk UBA in test mode in Get Data into Splunk User Behavior Analytics.

Support for m5 AWS instances Install Splunk UBA on select m5 AWS server types.


See Supported AWS server instance types in Install and Upgrade Splunk User Behavior Analytics.

Support for RHEL and CentOS 7.8 This release provides support for RHEL and CentOS versions 7.8.


See Operating system requirements in Install and Upgrade Splunk User Behavior Analytics.

MaxMind database The MaxMind location database is updated for accurate mapping of IP addresses to geographic locations.
Last modified on 11 July, 2023
  Known Issues in Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters