Related Answers
Download topic as PDF
Release history for the Splunk Add-on for Juniper
The latest release of the Splunk Add-on for Juniper is version 1.6.0. See Release notes for the Splunk Add-on for Juniper for the release notes of this latest version.
Version 1.5.5
Version 1.5.5 of the Splunk Add-on for Juniper was released on December 15, 2020 and is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.3, 8.0, 8.1 |
| CIM | 4.18 |
| Platforms | Platform independent |
| Vendor Products | Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1. |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
- Added Splunk Connect for Syslog Support for new message tags.
- Added support for CIM version 4.18.
- Added Add-On support for EX4200 switches and MX80 routers.
- The following SNMP tags are supported under a new sourcetype
sourcetype=juniper:junos:snmp:SNMP_TRAP_LINK_UPSNMP_TRAP_LINK_DOWN
- The following event types are added:
juniper_junos_change_network
- Support for the following message tags have been added under sourcetype:
sourcetype=juniper:junos:firewall:PFE_FW_SYSLOG_ETH_IPESWD_STP_STATE_CHANGE_INFOESWD_DAI_FAILEDEVENT <UpDown>
See Source types for the Splunk Add-on for Juniper for more information.
Fixed issues
Version 1.5.5 of the Splunk Add-on for Juniper has the following fixed issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-12-23 | ADDON-31343 | Splunk Add-on for Juniper support for JunOS 15.1X49 and 18.3R1.9 |
Known issues
Version 1.5.5 of the Splunk Add-on for Juniper contains no known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2022-12-29 | ADDON-59372 | Junper SRX Logs Parsing for RT_FLOW_SESSION_CLOSE_LS |
| 2021-06-17 | ADDON-38543 | Juniper TA is not extracting fields for the juniper:junos:firewall sourcetype |
Third-party software attributions
Version 1.5.5 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.
Version 1.4.0
Version 1.4.0 of the Splunk Add-on for Juniper was released on June 16, 2020.
About this release
Version 1.4.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.2, 7.3, 8.0 |
| CIM | 4.15 |
| Platforms | Platform independent |
| Vendor Products | Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1. |
New Features
- Removed support of deprecated source types.
- Removed unsupported source types.
- Added support of
netscreen:firewallsource type. - The structured events for Firewall and IDP now fall under
juniper:junos:firewall:structuredandjuniper:junos:idp:structuredsourcetypes. The unstructured events for Firewall and IDP now fall underjuniper:junos:firewallandjuniper:junos:idpsourcetypes. - Analyzed and updated Splunk Connect for Syslog filter.
- Added support for
webfilter_url_permittedandwebfilter_url_blockedlogs.
Note the following changes:
- The CIM mapping won't work with structured data for
juniper:junos:firewallandjuniper:junos:idpsourcetypes when those source types were already indexed with Add-on v1.3.0. The CIM mapping will remain as it is for the unstructured data. - CIM data model mapping was removed from the
netscreen_restartevent type. - CIM data model maps for
juniper_junos_aamwandjuniper_junos_secinteleventtypes now follow the Intrusion Detection data model instead of the Malware data model.
- The following source types are no longer supported:
juniper:idpjuniper:nsm:idpjuniper:nsmjuniper:sslvpn
- The following event types are no longer supported:
netscreen_attackjuniper_idpjuniper_idp_attackjuniper_nsmjuniper_nsm_communicatejuniper_sslvpnjuniper_sslvpn_authenticationjuniper_sslvpn_authentication_defaultjuniper_sslvpn_startjuniper_sslvpn_endjuniper_sslvpn_connectedjuniper_sslvpn_network_trafficjuniper_junos_firewall_utm_networkjuniper_junos_firewall_utm_malware
Following event types have been added:
juniper_junos_firewall_utm_attackjuniper_junos_firewall_utm_web
Fixed issues
Version 1.4.0 of the Splunk Add-on for Juniper has no fixed issues.
Known issues
Version 1.4.0 of the Splunk Add-on for Juniper contains no known issues.
Version 1.3.0
Version 1.3.0 of the Splunk Add-on for Juniper was released on March 25, 2020.
About this release
Version 1.3.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.2.x, 7.3.x, 8.0 |
| CIM | 4.15 |
| Platforms | Platform independent |
| Vendor Products | Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1. |
New Features
The Splunk Add-on for Juniper has the following new features:
- Support for RT_UTM, RT_AAMW and RT_SECINTEL events for JunOS v20.1R1
- New field extractions to support Juniper JunOS 16.2+
- Support for Junos firewall and Junos IDP structured data
- Support for CIM 4.15.0
- For Junos OS, Splunk add-on for Juniper supports the following message tags:
- RT_FLOW_SESSION_CREATE
- RT_FLOW_SESSION_CLOSE
- RT_FLOW_SESSION_DENY
- RT_SCREEN_TCP
- RT_SCREEN_UDP
- RT_SCREEN_ICMP
- APPTRACK_SESSION_CREATE
- APPTRACK_SESSION_CLOSE
- APPTRACK_SESSION_VOL_UPDATE
- WEBFILTER_URL_PERMITTED
- WEBFILTER_URL_BLOCKED
- AV_VIRUS_DETECTED_MT
- CONTENT_FILTERING_BLOCKED_MT
- IDP_ATTACK_LOG_EVENT
- AAMW_ACTION_LOG
- AAMW_HOST_INFECTED_EVENT_LOG
- SECINTEL_ACTION_LOG
- The following source types are deprecated:
- netscreen:firewall
- juniper:idp
- juniper:nsm:idp
- juniper:nsm
- juniper:sslvpn
Fixed issues
Version 1.3.0 of the Splunk Add-on for Juniper has no fixed issues.
Known issues
Version 1.3.0 of the Splunk Add-on for Juniper contains no known issues.
Third-party software attributions
Version 1.3.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.
Version 1.2.0
Version 1.2.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0 |
| CIM | 4.13 |
| Platforms | Platform independent |
| Vendor Products | Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4-12.2, Junos OS 15.1x49-D80 for RT_FLOW_SESSION_CLOSE Event, vSRX |
New Features
The Splunk Add-on for Juniper has the following new feature:
- Support for vSRX data parsing
Fixed issues
Version 1.2.0 of the Splunk Add-on for Juniper has no fixed issues.
Known issues
Version 1.2.0 of the Splunk Add-on for Juniper contains no known issues.
Third-party software attributions
Version 1.2.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.
Version 1.1.0
Version 1.1.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.0 |
| CIM | 4.11 |
| Platforms | Platform independent |
| Vendor Products | Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4-12.2, Junos OS 15.1x49-D80 for RT_FLOW_SESSION_CLOSE Event |
New Features
The Splunk Add-on for Juniper has the following new feature:
- Support for logging changes in Junos Release 15.1x49-D80
Fixed issues
Version 1.1.0 of the Splunk Add-on for Juniper has the following fixed issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2018-07-24 | ADDON-17332, SPL-149386 | Incorrect search results when filtering by 'severity' due to misconfiguration in TA-juniper |
Known issues
Version 1.1.0 of the Splunk Add-on for Juniper contains the following known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 1.1.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.
Version 1.0.2
Version 1.0.2 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.4 or later |
| CIM | 4.2 or later |
| Platforms | Platform independent |
| Vendor Products | Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4+, Junos SRX (SRX 100, SRX110, SRX 210, SRX 220, SRX 240, SRX 550, SRX 650, SRX 3600, SRX 5400, SRX 5600, SRX 5800) |
Fixed issues
Version 1.0.2 of the Splunk Add-on for Juniper has the following fixed issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2017-05-15 | ADDON-14782 | Product security issue in development support files |
| 2016-03-09 | ADDON-8228 | Incorrect tag of netscreen_authentication and juniper_sslvpn_authentication eventtypes |
Known issues
Version 1.0.2 of the Splunk Add-on for Juniper contains the following known issues:
| Date filed | Issue number | Description |
|---|---|---|
| 2018-07-09 | ADDON-18669 | App Inspect Fail-3 : Unused capturing groups in transforms.conf |
| 2018-03-05 | ADDON-17332, SPL-149386 | Incorrect search results when filtering by 'severity' due to misconfiguration in TA-juniper |
| 2017-08-14 | ADDON-15528 | Juniper add-on does not list "SRX" in its lookup file. Workaround: add this line to the lookup:
juniper:srx:firewall,Juniper,SRX Firewall, |
| 2017-05-17 | ADDON-14810 | "dest" field for eventtype "netscreen_alert", "netscreen_authentication" is not extracted on the Linux platform |
| 2017-05-17 | ADDON-14811 | "dest_ip" field for eventtype "netscreen_alert" and "netscreen_authentication" is not extracted on the Windows and Linux platforms |
Third-party software attributions
Version 1.0.2 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.
Version 1.0.1
Version 1.0.1 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.2.2 or later |
| CIM | 4.2 or later |
| Platforms | Platform independent |
| Vendor Products | Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4+, Junos SRX (SRX 100, SRX110, SRX 210, SRX 220, SRX 240, SRX 550, SRX 650, SRX 3600, SRX 5400, SRX 5600, SRX 5800) |
Fixed issues
Version 1.0.1 of the Splunk Add-on for Juniper has the following fixed issues.
| Resolved Date | Issue number | Description |
| 2015-09-29 | ADDON-5766 | SSLVPN events are not tagged properly |
Known issues
Version 1.0.1 of the Splunk Add-on for Juniper contains no known issues.
Third-party software attributions
Version 1.0.1 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.
Version 1.0.0
Version 1.0.0 of the Splunk Add-on for Juniper has the same compatibility specifications as version 1.0.1.
New features
Version 1.0.0 of the Splunk Add-on for Juniper has the following new features.
| Date | Issue number | Description |
| 06/12/14 | ADDON-1548 | Update the Juniper add-on included with the Splunk App for Enterprise Security and make available as a standalone add-on on Splunkbase. |
Known issues
Version 1.0.0 of the Splunk Add-on for Juniper contains the following known issues.
| Date Reported | Issue number | Description |
| 2015-09-23 | ADDON-5766 | SSLVPN events are not tagged properly |
Third-party software attributions
Version 1.0.0 of the Splunk Add-on for Splunk Add-on for Juniper does not incorporate any third-party software or libraries.
|
PREVIOUS Release notes for the Splunk Add-on for Juniper |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!