Splunk® Supported Add-ons

Splunk Add-on for Unix and Linux

Release notes for the Splunk Add-on for Unix and Linux

Version 9.2.0 of the Splunk Add-on for Unix and Linux was released on July 12, 2024.

Compatibility

Version 9.2.0 of the Splunk Add-on for Unix and Linux is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 9.0.x, 9.1.x, 9.2.x
CIM 4.20.2
Supported OS for data collection All supported Unix operating systems. See Unix operating systems.
Vendor products All supported Unix operating systems. See Unix operating systems.

See the Scripted input reference for the Splunk Add-on for Unix and Linux page in the Reference chapter of this manual to learn more about scripted inputs and their operating system compatibility.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 9.2.0 of the Splunk Add-on for Unix and Linux has the following new features:

  • Support for macOS Ventura 13
  • Support for macOS Sonoma 14
  • Support for OEL 8
  • Support of IPv6 data collection
  • Support for non-english locales in rlog script
  • Restricted monitoring of temporary files in /etc/ and /var/adm/
  • Enhanced hardware script to fetch required data when dmesg is restricted
  • Added user, user_id, src_user_id field extraction as per new format in linux logs
  • Added explicit timestamp extraction for linux_audit sourcetype

Bug fixes

  • Fixed awk error for selinuxChecker script
  • Fixed inconsistent app field values for linux_secure sourcetype
  • Fixed regex error for update script
  • Fixed the issue with the output format while using non-english locales


Fixed issues

Version 9.2.0 of the Splunk Add-on for Unix and Linux has the following known issues. If no issues appear here, no issues have yet been reported:

Known issues

Version 9.2.0 of the Splunk Add-on for Unix and Linux has the following known issues. If no issues appear here, no issues have yet been reported:

Third-party software attributions

The Splunk Add-on for Unix and Linux does not use third-party software or libraries.

Last modified on 12 July, 2024
Source types for the Splunk Add-on for Unix and Linux   Release history for the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters