Splunk® Supported Add-ons

Splunk Add-on for Linux

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Linux

Latest release

The latest version of the Splunk Add-on for Linux is version 2.1.0. See Release notes for the Splunk Add-on for Linux for the release notes of this latest version.

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Linux was released on February 8, 2022.

Compatibility

Version 2.0.0 of the Splunk Add-on for Linux is compatible with the following software, CIM versions, and platforms:

Splunk platform version 8.1.x, 8.2.x
CIM 4.20
Supported OS for data collection Linux
Vendor products Red Hat 7.8, Red Hat 8.5, CentOS 7, CentOS Stream 8.2015, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, SUSE 15 SP3, Debian 9, Debian 10.9, Debian 11.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

Upgrade

Follow the installation instructions to upgrade an existing installation of the Splunk Add-on for Linux. See Install the Splunk Add-on for Linux.

No data migration is required to upgrade the Splunk Add-on for Linux from version 1.1.1 to version 2.0.0.

New features

Version 2.0.0 of the Splunk Add-on for Linux has the following new features.

  • New CIM Mapping

Fixed issues

Version 2.0.0 of the Splunk Add-on for Linux has the following, if any, fixed issues. If no issues appear below, no issues have yet been reported:

Known issues

Version 2.0.0 of the Splunk Add-on for Linux contains the following known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Linux does not incorporate any third-party software or libraries.


Version 1.1.1

Version 1.1.1 of the Splunk Add-on for Linux was released on May 4, 2021.

Compatibility

Version 1.1.1 of the Splunk Add-on for Linux is compatible with the following software, CIM versions, and platforms:

Splunk platform version 7.3.x, 8.0.x, 8.1.x
CIM 4.11
Supported OS for data collection Linux
Vendor products Linux as supported by CollectD. See also Unix operating systems.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

Upgrade

Follow the installation instructions to upgrade an existing installation of the Splunk Add-on for Linux. See Install the Splunk Add-on for Linux.

No data migration is required to upgrade the Splunk Add-on for Linux from version 1.0.1 to version 1.1.1.

New features

Version 1.1.1 of the Splunk Add-on for Linux has the following new features.

  • Removed messages for "restart required" on the SH/SHC during new installations or upgrades.

Fixed issues

Version 1.1.1 of the Splunk Add-on for Linux has the following, if any, fixed issues. If no issues appear below, no issues have yet been reported:

Known issues

Version 1.1.1 of the Splunk Add-on for Linux contains the following known issues. If no issues appear below, no issues have yet been reported:

Third-party software attributions

Version 1.1.1 of the Splunk Add-on for Linux does not incorporate any third-party software or libraries.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Linux was released on April 20, 2018.

Compatibility

Version 1.1.0 of the Splunk Add-on for Linux is compatible with the following software, CIM versions, and platforms:

Splunk platform version 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0
CIM 4.11
Supported OS for data collection Linux
Vendor products Linux as supported by CollectD. See also Unix operating systems.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

Upgrade

Follow the installation instructions to upgrade an existing installation of the Splunk Add-on for Linux. See Install the Splunk Add-on for Linux.

No data migration is required to upgrade the Splunk Add-on for Linux from version 1.0.0 to version 1.1.0.

New features

Version 1.1.0 of the Splunk Add-on for Linux has the following new features.

  • CollectD metrics data
  • AuditD support

Fixed issues

Version 1.1.0 of the Splunk Add-on for Linux fixes the following issues:


Date resolved Issue number Description
2018-04-27 ADDON-12473 Linux events are tagged with an eventtype linux_scripted_input(tag=check and tag=report) when the Splunk Add-on for Linux and the Splunk Add-on for Unix and Linux are installed at the same time
2018-04-18 ADDON-12258 collecd_host is incorrectly extracted with prefix or postfix when they contain a dot
2018-04-03 ADDON-11995 collecd_host is incorrectly extracted when EscapeCharacter is set to '.'

Known issues

Version 1.1.0 of the Splunk Add-on for Linux contains the following known issues:


Date filed Issue number Description
2016-11-21 ADDON-12259 Fields are incorrectly extracted when SeparateInstances is set to true
2016-11-15 ADDON-12192 No restart messages shown when Add-on is installed with ITSI

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Linux does not incorporate any third-party software or libraries.

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Linux is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.4 and 6.5
ITSI ITSI Model for OS 2.4.0
Platforms Linux
Vendor Products RHEL/Centos 6.x, 7.2+, Ubuntu/ Debian 12.x, 16.04+, SUSE 12

New features

Version 1.0.0 of the Splunk Add-on for Linux provides ITSI normalization for Linux metric data gathered from CollectD.

Known issues

Version 1.0.0 of the Splunk Add-on for Linux contains the following known issues.

Date Filed Issue Number Description
2016-11-30 ADDON-12473 Splunk_TA_linux's events will get tagged with an eventtype linux_scripted_input(tag=check and tag=report) when both TA's are installed together.
2016-11-21 ADDON-12259 fields are wrongly extracted with option SeparateInstances.
2016-11-21 ADDON-12258 collectd_host is wrongly extracted with prefix or postfix when they contain dot characters.
2016-11-21 ADDON-12192 no restart message is shown when TA is installed with ITSI.
2016-11-21 ADDON-11995 collectd_host is wrongly extracted when EscapeCharacter is set to '.'

Workaround: To workaround ADDON-11995, ADDON-12258 and ADDON-12259, Splunk recommend you collect data in JSON format or follow the instructions on how to configure the write_graphite CollectD plugin in Configure Collectd to send data to Splunk.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Linux does not incorporate any third-party software or libraries.

Last modified on 25 July, 2022
PREVIOUS
Release notes for the Splunk Add-on for Linux 		  NEXT
Hardware and software requirements for the Splunk Add-on for Linux

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters