This documentation does not apply to the most recent version of Splunk® Add-on for Windows.
For documentation on the most recent version, go to the latest release.
Release notes
This topic contains information on new features, known issues, and updates as we version the Splunk Add-on for Windows.
The latest version of the Splunk Add-on for Windows was released on Thursday, September 25, 2014.
What's new
Here's what's new in the latest version of the Splunk Add-on for Windows:
- Bug fixes.
- Improved interaction with the Splunk App for Enterprise Security.
- The add-on now normalizes timestamps to work with the Change_Analysis data model. (MSAPP-3074)
Current known issues
The Splunk Add-on for Windows has the following known issues:
- On Windows Server 2003 systems, the sourcetypes for
WinEventLogevents are in lower case, while others have mixed case (for example:WinEventLog:SecurityversusWinEventLog:security). This causes filters set up inprops.confto fail to match. To work around the issue, read this Splunk Answers post. (SPL-78726, MSAPP-2916)
Change log (what's been fixed)
- An issue where some panels displayed with mislabeled drop-downs was fixed. (MSAPP-3214)
- A problem with an incorrectly-configured blacklist filter in the Windows Security Event Log stanza has been fixed. (MSAPP-3151)
- The "All_Changes.Account Management" events now properly extract "account deleted" actions. (MSAPP-3055)
- The add-on no longer generates warnings about invalid values in stanzas on some versions of Splunk. (MSAPP-3053)
- Values defined within stanzas in some configuration files now have proper URI encodings. (MSAPP-3012)
Last modified on 25 September, 2014
| Source types and CIM data model info |
This documentation applies to the following versions of Splunk® Add-on for Windows: 4.7.2
Download manual
Feedback submitted, thanks!