Splunk® Supported Add-ons

Splunk Add-on for Cisco ISE

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Release notes for the Splunk Add-on for Cisco ISE

Version 4.0.0 of the Splunk Add-on for Cisco ISE was released on July 10, 2020.

About this release

Version 4.0.0 of the Splunk Add-on for Cisco ISE is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.2, 7.3, 8.0
CIM 4.15
Platforms Platform independent
Vendor Products Cisco ISE version 2.0, 2.4, and 2.7

New features

Version 4.0.0 of the Splunk Add-on for Cisco ISE has the following new features.

  • Added the new event type cisco-ise-alert
  • Performance data model mapping has been removed for the cisco-ise-system-statistics event type.
  • The authentication data model mapping has been removed for the following event types:
    • cisco-ise-passed-authentication
    • cisco-ise-failed-authentication
    • cisco-ise-guest-authentication
    • cisco-ise-guest-authentication-failed
  • An authentication data model has been added for the cisco-ise-authentication event type.
  • Change data model mapping has been removed for cisco-ise-provision-succeeded event type.
  • Alert data model has been added for the cisco-ise-alert event type.
  • Auto KV mode has been replaced with custom REGEX for field extractions in order to support different data formats and fix the broken extractions. As a result, search queries may take longer than before.
  • Fixed broken field extractions.
  • Removed the setup page, pxGrid Workflow actions, and EPS workflow actions.
  • Index time of event has been changed to "Current".
  • Added support for Splunk Connect for Syslog.
  • Added support for CIM v4.15.
  • Update for support for Cisco ISE version 2.7.
  • Data Collection supports Syslog and Splunk Connect for Syslog.

Fixed issues

Version 4.0.0 of the Splunk Add-on for Cisco ISE contains the following fixed issues.

If no issues appear below, no issues have yet been reported:


Date resolved Issue number Description
2020-05-19 ADDON-25848 Cisco ISE: Splunk Cloud DATETIME_CONFIG problem

Known issues

Version 4.0.0 of the Splunk Add-on for Cisco ISE contains the following known issues.

If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 4.0.0 of the Splunk Add-on for Cisco ISE does not incorporate any third-party software or libraries.

Last modified on 20 July, 2020
PREVIOUS
Troubleshoot the Splunk Add-on for Cisco ISE 		  NEXT
Release history for the Splunk Add-on for Cisco ISE

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters