Splunk® Supported Add-ons

Splunk Add-on for Unix and Linux

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Upgrade the Splunk Add-on for Unix and Linux

Upgrade from version 8.7.0 to version 8.8.0

See the following steps to upgrade from version 8.7.0 to version 8.8.0 of the Splunk Add-on for Unix and Linux:

Limiting event types

Before add-on v8.8.0, a given event type covered a broader set of events. For example, the [failed_login] event type was defined as:

[failed_login] search = (NOT sourcetype=stash) "failed login" OR "FAILED LOGIN" OR "Authentication failure" OR "Failed to authenticate user" OR "authentication ERROR" OR "Failed password for".

Similar event type regexes have been filtered to match only the required data for the add-on.

It is possible that events which were previously matched by event types will no longer be matched after upgrading to v8.8.0.

To solve this, we have introduced a new event type named nix_ta_custom_eventtype. Update this event type to include required events.

To update the event type from Splunk web, see Update an event type in settings in the Splunk Cloud Platform manual.

For example, to add a custom sourcetype "xyz" to the add-on's event types, set the following value:

[nix_ta_custom_eventtype] search = sourcetype = "xyz"

Upgrade from version 8.6.0 to version 8.7.0

Upgrade from version 8.6.0 to version 8.7.0 of the Splunk Add-on for Unix and Linux is seamless. There are no additional steps required for this version upgrade. See Install the Splunk Add-on for Unix and Linux in this manual.

Use the installation steps in this manual to upgrade from versions 7.0 and above to the latest version of this add-on.

Before upgrading to the Splunk Add-on for Unix and Linux versions 8.1.0 and higher, verify that you have the bash shell installed on your system. If the bash shell is not installed, the lsof and package inputs will not work.

Last modified on 28 April, 2023
PREVIOUS
Install the Splunk Add-on for Unix and Linux
  NEXT
Enable data and scripted inputs for the Splunk Add-on for Unix and Linux

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters