Release history for the Splunk Add-on for Microsoft Cloud Services

The latest version of the Splunk Add-on for Microsoft Cloud Services is version 5.1.0. See Release notes for the Splunk Add-on for Microsoft Cloud Service for the release notes of this latest version.

Version 5.0.0

Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services was released on March 21, 2023.

Compatibility

Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:

Splunk platform versions	8.1.x, 8.2.x, 9.0.x
CIM version	5.0.2
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services.

New Features

Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

The following enhancements were made on the Eventhub Input. See Input Parameters for more details:
1. Resolved the memory leak issue for the input.
2. Introduced load balancing support across multiple instances. See Horizontal Scaling Across Multiple Splunk Environment section in the Eventhub input manual. See Horizontal Scaling for more information.
3. Introduced debug loggers to the input execution. See Input Parameters for more details.
Enhancements were made on the Storage Blob Input. The Storage Blob checkpoint will be migrated from the File checkpoint mechanism to the KV Store mechanism.
If inputs are interrupted during the checkpoint migration in the first interval after upgrading the add-on to Version 5.0.0, it may lead to data duplication.
1. The checkpoint mechanism was migrated to the Splunk KV Store.
2. Introduced Horizontal Scaling that would allow parallel data ingestion via multiple inputs on a common KV Store architecture. See Horizontal Scaling for more information.
3. Introduced a new field called Prefix to optimize the execution time of the input.
4. Introduced an Advanced Tab in the Configuration Tab to control the File Based Checkpoint deletion for Storage Blob. See Configure Advanced settings in Splunk Add-on for Microsoft Cloud Services for more information.

Provided CIM 5.0.2 support for the following:

Sourcetype	Category
azure:monitor:aad	AzureActiveDirectory
azure:monitor:activity	Administrative

See the following table for the CIM fields removed for 5.0.0:

Source-type	operationName	Fields removed	Reason for removed fields
`azure:monitor:aad`	Add a deletion-marked app role assignment grant to user as part of link removal	object	The event is not mapped to any Datamodel
`azure:monitor:aad`	Add blocked user	object_id	There is no ID for the target user present in the raw event.
`azure:monitor:aad`	Clear block on user	object_id	There is no ID for the target user present in the raw event.
`azure:monitor:aad`	POST Tenant.RemoveBlockedUser, POST Tenant.CreateBlockedUser, Update StsRefreshTokenValidFrom Timestamp, Process role update request, User started security info registration	object	The event is not mapped to any datamodel.
`azure:monitor:aad`	Sign-in activity, Validate user authentication, Risky user, User Risk Detection	object	The object field is not part of the datamodels mapped to the events.
`['azure:monitor:aad']`	Start applying group based license to users	object	The event is not mapped to any datamodel.

See the following table for a list of CIM fields modified for 5.0.0:

Source-type	CIM Field	operationName	Comment
`['azure:monitor:aad']`	object	Access review ended, Add app role assignment grant to user, Add blocked user, Add conditional access policy, Add label, Add owner to group, Add owner to service principal, Add role definition, Add role from template, Add user, Clear block on user, Consent to application, Create access package catalog, Create business flow, Create connected organization, Delete access package catalog, Delete application, Delete business flow, Delete conditional access policy, Delete group, Delete policy, Delete role definition, Delete user, Disable account, Enable account, Finish applying group based license to users, Get resource properties of a tenant, Get tenant details, Hard Delete application, Hard Delete group, Hard Delete user, Hard delete service principal, Initialize tenant, POST Tenant.CreateTenant, Remove app role assignment from user, Remove eligible member from role in PIM completed (permanent), Remove eligible member from role in PIM completed (timebound), Remove member from role, Remove member from role in PIM completed (permanent), Remove member from role in PIM completed (timebound), Remove member from role in PIM requested (permanent), Remove member from role in PIM requested (timebound), Remove owner from application, Remove owner from group, Remove service principal, Restore application, Set Company Information, Set directory feature on tenant, Set group license, Set user manager, Update access package catalog, Update application, Update authorization policy, Update business flow, Update conditional access policy, User registered all required security info, User registered security info	The `object` field is changed, the extraction is now more accurate, i.e. having more specific values, e.g. the object was the generic Azure AD, and now it has more specific and meaningful value.
`['azure:monitor:aad']`	object_attrs	Add app role assignment grant to user, Add label, Add owner to group, Add owner to service principal, Add role from template, Add user, Create connected organization, Delete user, Disable account, Enable account, Hard Delete user, Hard delete service principal, POST Tenant.CreateTenant, Remove app role assignment from user, Remove eligible member from role in PIM completed (permanent), Remove eligible member from role in PIM completed (timebound), Remove member from role, Remove member from role in PIM completed (permanent), Remove member from role in PIM completed (timebound), Remove member from role in PIM requested (permanent), Remove member from role in PIM requested (timebound), Remove owner from application, Remove owner from group, Remove service principal, Update access package catalog, Update business flow, Verify domain	The `object_attrs` field got now more meaningful (and sometime more concise) value than before.
`['azure:monitor:aad']`	user	Add blocked user, Clear block on user, Disable account, Enable account, Hard Delete user, Remove eligible member from role in PIM completed (permanent), Remove eligible member from role in PIM completed (timebound), Remove member from role in PIM completed (permanent), Remove member from role in PIM completed (timebound), Remove member from role in PIM requested (permanent), Remove member from role in PIM requested (timebound), Set user manager, User registered all required security info, User registered security info	The `user` field value is now corrected and extracted properly reflecting the CIM definitions of this field in the Change Datamodel (All_changes and Account_management Datasets).

Fixed issues

Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Date resolved	Issue number	Description
2023-03-20	ADDON-46473	Resource memory leak issue for Splunk Add-on for Microsoft Cloud Services storage blob input
2023-03-20	ADDON-58868, ADDON-58800	Make Eventhub Input Sourcetype Editable
2022-11-18	ADDON-53651	UI pages get errored out due to leading/trailing spaces in the account name
2022-10-06	ADDON-47585, ADDON-43503	OS memory leak while using eventhub input

Known issues

Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2021-08-19	ADDON-40841	MacOS not supported for MSCS add-on Workaround: None. Splunk add-on for Microsoft CloudServices is not supported on all MacOS versions.

Third-party software attributions

Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services

Version 4.5.2

Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services was released on February 15, 2023.

Compatibility

Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:

Splunk platform versions	8.1.x, 8.2.x, 9.0.x
CIM version	5.0.1
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services.

New features

Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Security related issue have been fixed, No new features added.

Fixed issues

Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Known issues

Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2022-12-02	ADDON-58868, ADDON-58800	Make Eventhub Input Sourcetype Editable

Third-party software attributions

Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services

Version 4.5.1

Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services was released in November 15, 2022.

Compatibility

Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:

Splunk platform versions	8.1.x, 8.2.x, 9.0.0
CIM version	5.0.1
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services.

Fixed issues

Note: Eventhub input does not support "Transport Type" as "AMQP" in Splunk Cloud.

Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Fixed event parsing issue in Event Hub input.
Fixed event hub data collection issue with transport type AMQP.

Known issues

Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2022-07-12	ADDON-53651	UI pages get errored out due to leading/trailing spaces in the account name

Third-party software attributions

Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.5.0

Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services was released on July 31, 2022.

Compatibility

Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:

Splunk platform versions	8.0.x, 8.1.x, 8.2.x, 9.0.0
CIM version	5.0.1
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services.

New Features

Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Provided CIM support for Azure Data Share events
Updated Azure Audit API, Azure Storage Blob, and Storage Table client SDK to the latest version

Note: A high-level overview of differences between Audit API version 2015-04-01 and the old 2014-04-01 version:

The key name was changed for the following fields of the audit events, but the value remains the same:
- eventSource → category
- resourceUri → resourceId

The following fields were added in response to the latest Audit API version::
- "resourceType":{"value": "<value>", "localizedValue": "<localizedValue>"}
- "tenantId": "<tenant_id>"

Fixed issues

Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Date resolved	Issue number	Description
2022-07-27	ADDON-54080	Data collection is not working on NOAH(Victoria) Search Head Cluster
2022-07-01	ADDON-41943	Sorting of Input type column in inputs page isn't working
2022-06-27	ADDON-51220	MSCS Add-on (v4.1.5) not parsing JSON-formatted log file correctly
2022-06-17	ADDON-52317	Error reading Azure Storage Table input: TypeError: Object of type bytes is not JSON serializable

Known issues

Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2022-11-09	ADDON-57951, ADDON-57941, ADDON-58113	Event hub input having parsing issues with custom json events
2022-07-05	ADDON-53541	Getting Unexpected behavior with Event-hub input
2021-08-19	ADDON-40841	MacOS not supported for MSCS add-on Workaround: None. Splunk add-on for Microsoft CloudServices is not supported on all MacOS versions.

Third-party software attributions

Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services

Version 4.3.3

Version 4.3.3 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

The Microsoft Azure Event Hubs input in the previous version of the Splunk Add-on for Microsoft Cloud Services had an additional level of nesting for ingested events that had a records key. The additional nesting has been removed to provide a simpler and faster query experience. Previous versions of the Splunk Add-on for Microsoft Cloud Services:
```
{
"body": 
   {
      "records": {
         "field1": value1
       }
   }
}
```
Current version of the Splunk Add-on for Microsoft Cloud Services:
```
{
"body":
   "field1": value1
}
```
Bug fixes.
Fixed a memory leak issue that was affecting the performance of the Event Hub input.

In this release, the existing lookups are updated for the Self Service App Install (SSAI) upgrade. Lookups do not update with the latest values automatically. To fix this issue, upgrade the Splunk Add-on for Microsoft Cloud Services, then manually update the lookup files using the latest version of this add-on.

Fixed issues

Version 4.3.3 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Date filed	Issue number	Description
2020-12-30	ADDON-32256	Splunk Add-on for Microsoft Cloud Services Python memory leak when upgrading from 4.0.1 to 4.1.0

Known issues

Version 4.3.3 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2022-07-12	ADDON-53651	UI pages get errored out due to leading/trailing spaces in the account name
2022-07-05	ADDON-53541	Getting Unexpected behavior with Event-hub input
2022-05-30	ADDON-52317	Error reading Azure Storage Table input: TypeError: Object of type bytes is not JSON serializable
2022-03-22	ADDON-49498	MSCService fails to connect when proxy password contains backslashes
2022-01-04	ADDON-46473	Resource memory leak issue for Splunk Add-on for Microsoft Cloud Services storage blob input
2021-08-19	ADDON-40841	MacOS not supported for MSCS add-on Workaround: None. Splunk add-on for Microsoft CloudServices is not supported on all MacOS versions.

Version 4.2.0

Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services was released on September 13, 2021.

Compatibility

Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	8.0.x, 8.1.x, 8.2.x
CIM version	4.20
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

New Features

Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

UI component upgrades for compatibility with future versions of the Splunk software (jQuery upgrade).
Bug fixes.
Common Information Model (CIM) Release Notes:
- Compatibility with CIM version 4.20.
- The following CIM mapping enhancements:
  - Added support for Alert and Change data models in the mscs:azure:audit sourcetype.
  - Added support for Inventory_Network data model in the mscs:azure:networkInterfaceCard sourcetype.
  - Fixed existing field mapping issue for image_name and severity fields in mscs:resource:virtualMachine and mscs:azure:security:recommendation sourcetypes respectively.
  - The following mscs:azure:audit sourcetype enhancements:
    - Added an extra field event_description to retain the existing description values from the event and updated the description field values as per the Alert CIM data model recommendations.
    - Added new lookup mscs_audit_change_cim_fields_with_status_code.csv for populating CIM fields.
  - Updated the values in the lookup mscs_security_alert_object_category.csv for the mscs:azure:security:alert sourcetype.

In this release, the existing lookups are updated for the Self Service App Install (SSAI) upgrade. Lookups do not update with the latest values automatically. To fix this issue, upgrade the Splunk Add-on for Microsoft Cloud Services, then manually update the lookup files using the latest version of this add-on.

Fixed issues

Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Known issues

Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2021-09-09	ADDON-41943	Sorting of Input type column in inputs page isn't working
2020-12-30	ADDON-32256	Splunk Add-on for Microsoft Cloud Services Python memory leak when upgrading from 4.0.1 to 4.1.0

Third-party software attributions

Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.1.5

Fixed issues

Version 4.1.5 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Date resolved	Issue number	Description
2021-09-07	ADDON-37913, ADDON-34388	Duplicate Events when reading Azure Blob Storage 4.1.0 and up (including latest 4.1.1)
2021-08-26	ADDON-37408	issue with Blob Storage inputs

Known issues

Version 4.1.5 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2022-05-02	ADDON-51220	MSCS Add-on (v4.1.5) not parsing JSON-formatted log file correctly
2020-12-30	ADDON-32256	Splunk Add-on for Microsoft Cloud Services Python memory leak when upgrading from 4.0.1 to 4.1.0

Third-party software attributions

Version 4.1.5 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.1.4

Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services was released on July 28, 2021.

Compatibility

Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	8.0.x
CIM version	4.18
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

New Features

Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Bug fixes

Fixed issues

Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Date resolved	Issue number	Description
2021-07-26	ADDON-37898	Splunk Add-on for Microsoft Cloud Services, latest upgrade, unable to find the "record" key
2021-07-22	ADDON-37866	Splunk_TA_microsoft-cloudservices-4.1.2 is missing logs
2021-07-12	ADDON-37300	Handle InvalidRange Error in blob storage input
2021-06-30	ADDON-37359	MSCS documentation incorrect/unclear for the required Azure permissions
2021-06-30	ADDON-36176	Splunk Add-on for Microsoft Cloud Services upgrade from 4.1.1 to 4.1.2 and now hitting _http_error_handler raise ex azure.common.AzureHttpError: The condition specified using HTTP conditional header(s) is not met.

Known issues

Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2021-08-19	ADDON-40841	MacOS not supported for MSCS add-on Workaround: None. Splunk add-on for Microsoft CloudServices is not supported on all MacOS versions.
2021-07-20	ADDON-39557	Storage Account Configuration Page and Input Page is not loading on MacOS and getting Splunk error
2021-05-25	ADDON-37408	issue with Blob Storage inputs
2020-12-30	ADDON-32256	Splunk Add-on for Microsoft Cloud Services Python memory leak when upgrading from 4.0.1 to 4.1.0

Third-party software attributions

Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.1.3

Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services was released on May 14, 2021.

Compatibility

Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	8.0.x
CIM version	4.15
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

New Features

Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

When event hub data is ingested by the Splunk software, different events are generated in the Splunk platform for each record.
Each record from event hub data is now split into separate Splunk events.
Fixed an event hub input bug where event hub data isn't ingested due to the following client secret error:

AADSTS7000215: Invalid client secret is provided.

The upper limit for max_batch_size is increased to be 10000.

Fixed issues

Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Date resolved	Issue number	Description
2021-05-04	ADDON-33920	EventHub events processing with Microsoft Cloud Services 4.1.0 issues
2021-04-29	ADDON-36235	Splunk Add-on for Microsoft Cloud Services Eventhub input failing on v 4.1.2 with Invalid Client Exception

Known issues

Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2021-06-07	ADDON-37898	Splunk Add-on for Microsoft Cloud Services, latest upgrade, unable to find the "record" key
2021-06-03	ADDON-37866	Splunk_TA_microsoft-cloudservices-4.1.2 is missing logs
2021-05-25	ADDON-37408	issue with Blob Storage inputs
2021-05-24	ADDON-37359	MSCS documentation incorrect/unclear for the required Azure permissions
2021-05-20	ADDON-37300	Handle InvalidRange Error in blob storage input
2020-12-30	ADDON-32256	Splunk Add-on for Microsoft Cloud Services Python memory leak when upgrading from 4.0.1 to 4.1.0

Third-party software attributions

Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.1.2

Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services was released on April 20, 2021.

Compatibility

Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	8.0.x
CIM version	4.15
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

New Features

Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Changes to the Blob Storage input to address a data duplication issue with Append Blobs.

Fixed issues

Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:

Date filed	Issue number	Description
2020-09-21	ADDON-34660	Splunk Add-on for Microsoft Cloud Services Storage Input users need to be able to ingest delta changes to an Append blob

Known issues

Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services introduced a blob storage duplication solution that conflicts with the event hub input, leading to the following error:

AADSTS7000215: Invalid client secret is provided.

If you do not need the blob storage duplication fix, the best practice is to continue using version 4.1.1 of this add-on instead of upgrading to version 4.1.2.

Date filed	Issue number	Description
2021-06-08	ADDON-37913, ADDON-34388	Duplicate Events when reading Azure Blob Storage 4.1.0 and up (including latest 4.1.1) Workaround: n/a
2021-04-27	ADDON-36235	Splunk Add-on for Microsoft Cloud Services Eventhub input failing on v 4.1.2 with Invalid Client Exception
2021-04-26	ADDON-36176	Splunk Add-on for Microsoft Cloud Services upgrade from 4.1.1 to 4.1.2 and now hitting _http_error_handler raise ex azure.common.AzureHttpError: The condition specified using HTTP conditional header(s) is not met.
2021-02-16	ADDON-33920	EventHub events processing with Microsoft Cloud Services 4.1.0 issues
2020-12-30	ADDON-32256	Splunk Add-on for Microsoft Cloud Services Python memory leak when upgrading from 4.0.1 to 4.1.0

Third-party software attributions

Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.1.1

Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services was released on February 12, 2021.

Compatibility

Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	8.0.x
CIM version	4.15
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

New Features

Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

The 4.1.0 release of MSCS included a new SDK and libraries to support EventHubs. Due to some underlying Splunk Python behavior some customers who had other Microsoft TAs installed noted that the GUI configuration was failing for MSCS, This release solves this library clash issue.
Improvements to proxy configuration enforcing an integer value.
Fix for an exception UnicodeDecodeError that some customers where seeing for the Event Hubs Modular Input

Fixed issues

Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:

Date resolved	Issue number	Description
2021-02-09	ADDON-32446	Configuration on Azure App Account won't load on Inputs Data Manager version 8.1.2008

Known issues

Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2021-03-05	ADDON-34660	Splunk Add-on for Microsoft Cloud Services Storage Input users need to be able to ingest delta changes to an Append blob
2021-02-26	ADDON-34388, ADDON-37913	Duplicate Events when reading Azure Blob Storage 4.1.0 and up (including latest 4.1.1) Workaround: n/a
2021-02-16	ADDON-33920	EventHub events processing with Microsoft Cloud Services 4.1.0 issues
2021-01-07	ADDON-32682	Microsoft Cloud service app collected duplicated events
2020-12-30	ADDON-32256	Splunk Add-on for Microsoft Cloud Services Python memory leak when upgrading from 4.0.1 to 4.1.0

Third-party software attributions

Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.1.0

Is is a best practice to use either version 4.1.1 and later or versions 4.0.2 and earlier of this add-on.

Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services was released on January 9, 2020.

Compatibility

Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	8.0.x
CIM version	4.15
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services cannot be installed on the same Splunk platform instance as one that has the Microsoft Azure Add-on for Splunk installed.

New Features

Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Support for the Microsoft Azure Event Hubs input type.

Fixed issues

Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:

Known issues

Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Third-party software attributions

Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.0.2

Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services was released on August 31, 2020.

Compatibility

Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	8.0.x
CIM version	4.15
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

New Features

Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Improved support for the Splunk Enterprise Security Assets & Identities Framework interface.
Additional storage blob input capability and security compatibility.
Federal Information Processing Standard (FIPS) compliance.
Additional Python3 library support.

For more information on migrating your deployment to a Python 3 deployment, see Upgrade using the Python 3 runtime and dual-compatible Python syntax in custom scripts in the Splunk Enterprise Installation manual.

Fixed issues

Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:

Known issues

Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

The Splunk Add-on for Microsoft Cloud Services version 4.0.2 is incompatible with Splunk Enterprise versions 7.x.x and earlier.

Third-party software attributions

Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.0.1

Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services was released on August 31, 2020.

Compatibility

Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM version	4.12
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

Upgrade

The following migration guide is supported for upgrading from version 3.0.0 to version 4.0.0 or later. Upgrading from any version older than 3.0.0 requires a fresh installation of version 3.0.0.

A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.

Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
Install the Splunk Add-on for Microsoft Cloud Services version 3.1.0 and up from the Splunk Web UI (make sure Upgrade App checkbox is selected).
Restart the Splunk platform.
Navigate to the input page of the Splunk Add-on for Microsoft Cloud Service. Alerts will appear, indicating incomplete account authorization.
Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
Complete the authorization of your account by adding your account secret key/account token.
Repeat above steps for all inputs which have alert sign against them.
Enable each desired input to start data collection.

In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf and splunk_ta_o365_server_setting.conf. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf. The default log level is INFO.

Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft 0ffice 365.

New Features

Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Default support for Python 3

For more information on migrating your deployment to a Python 3 deployment, see Choose your Splunk Enterprise upgrade path for the Python 3 migration in the Splunk Enterprise Installation manual.

Fixed issues

Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:

Known issues

Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2020-09-17	ADDON-29404	Excessive blob errors in logs saying 'The range specified is invalid for the current size of the resource'
2019-09-09	ADDON-23159	Event breaks when encountered "time" attribute in json format blob file
2019-08-22	ADDON-22968	Azure BLOB Input intermittently stopping
2019-02-27	ADDON-21430	Enable/Disable functionality not working when Input name contains special characters.

Third-party software attributions

Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 4.0.0

Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services was released on October 21, 2019.

Compatibility

Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM version	4.12
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

Upgrade

The following migration guide is supported for upgrading from version 3.0.0 to version 4.0.0. Upgrading from any version older than 3.0.0 requires a fresh installation of version 3.0.0.

A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.

Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
Install the Splunk Add-on for Microsoft Cloud Services version 3.1.0 from the Splunk Web UI (make sure Upgrade App checkbox is selected).
Restart the Splunk platform.
Navigate to the input page of the Splunk Add-on for Microsoft Cloud Service. Alerts will appear, indicating incomplete account authorization.
Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
Complete the authorization of your account by adding your account secret key/account token.
Repeat above steps for all inputs which have alert sign against them.
Enable each desired input to start data collection.

In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf and splunk_ta_o365_server_setting.conf. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf. The default log level is INFO.

Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft 0ffice 365.

New Features

Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Support for Python 3

For more information on migrating your deployment to a Python 3 deployment, see Choose your Splunk Enterprise upgrade path for the Python 3 migration in the Splunk Enterprise Installation manual.

Fixed issues

Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:

Date resolved	Issue number	Description
2019-10-06	ADDON-21694	Duplicate events from mscs storage table data

Known issues

Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2019-09-09	ADDON-23159	Event breaks when encountered "time" attribute in json format blob file
2019-08-22	ADDON-22968	Azure BLOB Input intermittently stopping
2019-02-27	ADDON-21430	Enable/Disable functionality not working when Input name contains special characters.

Third-party software attributions

Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 3.1.0

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services was released on April 8, 2019.

Compatibility

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	6.6,x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM version	4.12
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

Upgrade

The following migration guide is supported for upgrading from version 3.0.0 to version 3.1.0. Upgrading from any version older than 3.0.0 requires a fresh installation of version 3.0.0.

A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.

Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
Install the Splunk Add-on for Microsoft Cloud Services version 3.1.0 from the Splunk Web UI (make sure Upgrade App checkbox is selected).
Restart the Splunk platform.
Navigate to the input page of the Splunk Add-on for Microsoft Cloud Service. Alerts will appear, indicating incomplete account authorization.
Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
Complete the authorization of your account by adding your account secret key/account token.
Repeat above steps for all inputs which have alert sign against them.
Enable each desired input to start data collection.

In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf and splunk_ta_o365_server_setting.conf. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf. The default log level is INFO.

Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft 0ffice 365 module. See the Splunk Add-on for Microsoft 0ffice 365.

New Features

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

Credential validation of Account Name and Account secret key on Account configuration page.

Fixed issues

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:

Date resolved	Issue number	Description
2019-02-08	ADDON-20248	Getting ERROR "No handlers could be found for logger" in splunkd.log file after installation of MSCS Add-On

Known issues

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2019-09-09	ADDON-23159	Event breaks when encountered "time" attribute in json format blob file
2019-08-22	ADDON-22968	Azure BLOB Input intermittently stopping
2019-02-27	ADDON-21430	Enable/Disable functionality not working when Input name contains special characters.

Third-party software attributions

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 3.0.0

Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	6.6,x, 7.0.x, 7.1.x, 7.2.x
CIM version	4.12
Supported OS for data collection	Platform independent
Vendor Products	Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

Upgrade

A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.

Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft Office 365.

In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf and splunk_ta_o365_server_setting.conf. In version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf. The default log level is INFO.

After you install version 3.0.0, you must clear the cache on the host of your Splunk platform instance or force refresh the input and configuration page the first time you use Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.

New Features

Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new feature:

Support for XML and JSON field extractions via the mscs:storage:blob:xml and mscs:storage:blob:json sourcetypes.

Fixed issues

Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:

Date resolved	Issue number	Description
2018-12-03	ADDON-16917, ADDON-20020	Add-on doesn't respect proxy settings for Azure inputs and cannot ingest Azure data
2018-01-19	ADDON-15540	Not Receiving MSCS data

Known issues

Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed	Issue number	Description
2019-04-05	ADDON-21694	Duplicate events from mscs storage table data
2019-03-13	ADDON-21516	Unable to authenticate against the Proxy using a service account
2018-11-13	ADDON-20248	Getting ERROR "No handlers could be found for logger" in splunkd.log file after installation of MSCS Add-On
2018-08-21	ADDON-19162	Forwarder restart leads to WAD ingestion breaking
2017-02-06	ADDON-13476	Error happens during upgrade Workaround: Disable the add-on before upgrading, and re-enable it after the upgrade is complete.

Third-party software attributions

Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 2.1.0

Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	6.5.x, 6.6,x, 7.0.x, 7.1.x, 7.2.x
CIM	4.11
Platforms	Platform independent
Vendor Products	Microsoft Office 365, Azure Active Directory, Sharepoint Online, Exchange Online, Azure Storage Table, Azure Storage Blob, Azure Audit, and Azure Resource Group.

New Features

Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Service has the following new features and enhancements.

Support for Office365 Government Cloud
Support for Azure Government Cloud
Support for the Audit General class of Office365 events

Fixed issues

Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues.

Date resolved	Issue number	Description
2017-09-05	ADDON-15008, ADDON-11154	Wrong account number shows in Azure App account page
2017-08-31	ADDON-13410, ADDON-14132	Unable to get information from default metric azure tables that are using the name convention $Metrics
2017-03-06	ADDON-11505	Table is not unique per account/region

Known issues

Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues.

Date filed	Issue number	Description
2019-04-05	ADDON-21694	Duplicate events from mscs storage table data
2018-11-13	ADDON-20248	Getting ERROR "No handlers could be found for logger" in splunkd.log file after installation of MSCS Add-On
2018-08-21	ADDON-19162	Forwarder restart leads to WAD ingestion breaking
2018-01-31	ADDON-16917, ADDON-20020	Add-on doesn't respect proxy settings for Azure inputs and cannot ingest Azure data
2018-01-09	ADDON-16542	UI Error on Inputs Tab for Audit.General data
2017-08-15	ADDON-15540	Not Receiving MSCS data
2017-05-24	ADDON-14876	Proxy type Sock4/Sock5 is not supported in Resouce/Audit channel

Third-party software attributions

Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 2.0.3

Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	6.4 and later
CIM	4.4 and later
Platforms	Platform independent
Vendor Products	Microsoft Office 365, Azure Active Directory, Sharepoint Online, Exchange Online, Azure Storage Table, Azure Storage Blob, Azure Audit, and Azure Resource Group.

New Features

Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Service has the following new features and enhancements.

Enhanced stability and performance in data collection through the O365 Management APIs
Updates to pagination handling for the O365 Management Activity APIs
Added proxy support for Audit and Resource data inputs
Optimized performance for the Diagnostics and websitesapplogs tables

Fixed issues

Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Service fixes the following issues.

Date resolved	Issue number	Description
2017-06-09	ADDON-14908	Error message in internal log for O365 Sharepoint
2017-06-06	ADDON-14248	Splunk_TA_microsoft-cloudservices contains long path names which exceed Windows 260 path length limit

Known issues

Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues.

Date filed	Issue number	Description
2017-08-15	ADDON-15540	Not Receiving MSCS data
2017-07-20	ADDON-15343	Event with same Id may be fetched several times for O365 Azure AD Audit due to O365 management API behaviour
2017-06-23	ADDON-15129	Possible data duplication after disable/enable O365 data input during data collection
2017-06-07	ADDON-15008, ADDON-11154	Wrong account number shows in Azure App account page
2017-05-24	ADDON-14876	Proxy type Sock4/Sock5 is not supported in Resouce/Audit channel
2017-05-11	ADDON-14748	The start_time cannot be deleted for Audit input
2017-02-06	ADDON-13476	Error happens during upgrade Workaround: Disable the add-on before upgrading, and re-enable it after the upgrade is complete.
2016-11-21	ADDON-12262	Local files generated immediately after install the TA
2016-10-06	ADDON-11505	Table is not unique per account/region
2016-09-22	ADDON-11423	Data cannot be collected if blob name contains special characters
2016-09-18	ADDON-11316, ADDON-8280	Add-on throws "Failed to load endpoint", "Refresh token failed", "Failed to init ServerInfo", "Failed to send rest request" errors during restart after initial installation
2016-09-04	ADDON-11164	Proxy type and DNS Resolution configuration does not work for storage
2016-08-22	ADDON-10984	Fails to get VM meta data in classic category

Third-party software attributions

Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 2.0.2

Version 2.0.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	6.4 and 6.5
CIM	4.4 or later
Platforms	Platform independent
Vendor Products	Microsoft Office 365, Azure Active Directory, Sharepoint Online, Exchange Online, Azure Storage Table, Azure Storage Blob, Azure Audit, and Azure Resource Group.

Fixed issues

Version 2.0.2 of the Splunk Add-on for Microsoft Cloud Service fixes the following issues.

Publication Date	Issue number	Description
2017/02/20	ADDON-12556	Cannot use proxy without Authentication in Storage channel.
2017/02/20	ADDON-12665	The length of the checkpoint file name exceeds the limitation of the operating system.
2017/02/20	ADDON-12666	Cannot parse SAS token which is not start with '?'.

Known issues

Version 2.0.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues.

Date	Issue number	Description
2017/06/02	ADDON-14969	Truncated Key/value pairs in Splunk Add-on for Microsoft Cloud Services.
2017/02/07	ADDON-13487	The proxy value you configured in this add-on cannot be used for the Azure resource and Azure audit input channel. Workaround: Configure the proxy on the local system for Azure resource and Azure audit input channel.
2017/02/06	ADDON-13476	Error occurs during upgrading Splunk add-on for Microsoft cloud service on Windows platform. Workaround: If you want to upgrade this add-on on Windows platform, disable the add-on first, then enable it after upgrading.

For the known issues in the previous release, see release history of the Splunk add-on for Microsoft cloud service.

Third-party software attributions

Version 2.0.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 2.0.1

Version 2.0.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the same software, CIM versions and platforms as Version 2.0.2.

Fixed issues

Version 2.0.1 of the Splunk Add-on for Microsoft Cloud Service fixes the following issues.

Resolved Date	Issue number	Description
2016/10/14	ADDON-10454	Only the first 30 inputs (in the alphabet order) of Azure Storage Table (including Virtual Machine Metrics) can work. Only the first 30 Azure Storage Blob inputs (in the alphabet order) can work.

Known issues

Version 2.0.1 of the Splunk Add-on for Microsoft Cloud Services contains the following known issues.

Date	Issue number	Description
2016-10-13	ADDON-11638	This add-on does not check the input name stanza at the frontend.
2016-10-12	ADDON-11609	This add-on fails to configure the certificate in the latest Firefox browser.
2016-09-24	ADDON-11423	This add-on can only get data when blob name in Microsoft Cloud Service only contains ASCII code. It cannot get data if the blob name contains multibyte character set, such as Latin characters, Japanese characters.
2016-09-20	ADDON-11419	If the names of the Azure storage blob inputs under the same account are the same except the case, such as INPUTS and inputs, the checkpoint conflicts to each other on Windows platform. This issue also exists in other modular inputs.
2016-09-20	ADDON-11409	The changes in the `inputs.conf` won't take effect until restarting Splunk platform.
2016-09-20	ADDON-11400	If you set the log level to ERROR for Azure Audit and Azure Blob input, there are still some INFO level logs recorded in the log file.
2016-09-19	ADDON-11349	The error message `error_message=The range specified is invalid for the current size of the resource` exists in the log file if the blob input has been collected and revised later to a smaller size. The error message can be ignored.
2016-09-19	ADDON-11316	There will be some errors, such as Failed to load endpoint, Refresh token failed, Failed to init ServerInfo or Failed to send rest request in the log file when you restart Splunk platform. But it does not effect data collection.
2016-09-15	ADDON-11298	There will be some data loss if the Splunk platform restart or shutdown accidently. Workaround: If you need to restart Splunk platform, you have to disable the inputs beforehand to prevent the data loss.
2016-09-09	ADDON-11178	You can only add the Office365 account via Splunk web, you can not add it using the configuration file.
2016-09-05	ADDON-11164	The Proxy Type and DNS Resolution settings do not work for Azure Storage Table and Azure Storage Blob input.
2016-08-23	ADDON-10984	This add-on cannot get Virtual Machine (classic) metadata.
2016/03/30	ADDON-8505	Splunk searches sometimes display duplicate events. This is a known issue with the Microsoft Office 365 Management API.
2016/03/30	ADDON-8504	Splunk searches sometimes display events out of order. This is a known issue with the Microsoft Office 365 Management API.
2016/03/29	ADDON-8432	Stanza "o365_certificate_setting" in splunk_ta_ms_o365_server_ucc_system_setting.conf.spec has incorrect default values.
2016/03/29	ADDON-8424	Certificate status messages "* but invalid" should not appear until a longer time has passed.
2016/03/08	ADDON-8221	If you configure an X.509 certificate and private key and upload the keyCredentials JSON for any integration account configured in the add-on, you also need to be uploaded it for all other accounts configured in the add-on, or any accounts not using the certificate cannot collect data.
2016/01/31	ADDON-7653	Management log reports rest request error during Splunk platform stop/restart immediately after a configuration change. This error can be ignored.
2016/01/26	ADDON-7597	Input will stop when the proxy_url exists but is invalid as a proxy. Workaround: Change your proxy URL to a valid proxy value.

Third-party software attributions

Version 2.0.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the same software, CIM versions and platforms as Version 2.0.1.

New features

Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features.

Date	Issue number	Description
2016/09/20	ADDON-10883	Mapping to `Cloud` of ITSI data model.
2016/09/20	ADDON-10728	Add modular input for Azure Storage Blob data.
2016/09/20	ADDON-10727	Add modular input for Azure Storage Table data.
2016/09/20	ADDON-10129	Add modular input for Azure Audit data.
2016/09/20	ADDON-10696	Add modular input for Azure Resource data.
2016/09/20	ADDON-10222	Add modular input for Azure Virtual Machine Metrics data.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Service fixes the following issues.

Resolved Date	Issue number	Description
2016-09-05	ADDON-11033	If there is space in the name of inputs or account, this add-on will fail to ingest data.
2016-07-19	ADDON-9329	This add-on does not work if you install the add-on under `/etc/apps/SPLUNK_HOME/ect/apps` folder
2016-08-30	ADDON-8735	If the global proxy is enabled in `splunk-launch.conf`, the add-on cannot display the Account or Proxy tab under Configuration.

Known issues

Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following known issues.

Date	Issue number	Description
2016-09-27	ADDON-10454	Only the first 30 inputs (in the alphabet order) of Azure Storage Table (including Virtual Machine Metrics) can work. Only the first 30 Azure Storage Blob inputs (in the alphabet order) can work. Workaround: You can reduce the number of inputs by using wildcard or regex expression in the Blob list.
2016-09-24	ADDON-11423	This add-on can only get data when blob name in Microsoft Cloud Service only contains ASCII code. It cannot get data if the blob name contains multibyte character set, such as Latin characters, Japanese characters.
2016-09-20	ADDON-11419	If the names of the Azure storage blob inputs under the same account are the same except the case, such as INPUTS and inputs, the checkpoint conflicts to each other on Windows platform. This issue also exists in other modular inputs.
2016-09-20	ADDON-11409	The changes in the `inputs.conf` won't take effect until restarting Splunk platform.
2016-09-20	ADDON-11400	If you set the log level to ERROR for Azure Audit and Azure Blob input, there are still some INFO level logs recorded in the log file.
2016-09-19	ADDON-11349	The error message `error_message=The range specified is invalid for the current size of the resource` exists in the log file if the blob input has been collected and revised later to a smaller size. The error message can be ignored.
2016-09-19	ADDON-11316	There will be some errors, such as Failed to load endpoint, Refresh token failed, Failed to init ServerInfo or Failed to send rest request in the log file when you restart Splunk platform. But it does not effect data collection.
2016-09-15	ADDON-11298	There will be some data loss if the Splunk platform restart or shutdown accidently. Workaround: If you need to restart Splunk platform, you have to disable the inputs beforehand to prevent the data loss.
2016-09-09	ADDON-11178	You can only add the Office365 account via Splunk web, you can not add it using the configuration file.
2016-09-05	ADDON-11164	The Proxy Type and DNS Resolution settings do not work for Azure Storage Table and Azure Storage Blob input.
2016-08-23	ADDON-10984	This add-on cannot get Virtual Machine (classic) metadata.
2016/03/30	ADDON-8505	Splunk searches sometimes display duplicate events. This is a known issue with the Microsoft Office 365 Management API.
2016/03/30	ADDON-8504	Splunk searches sometimes display events out of order. This is a known issue with the Microsoft Office 365 Management API.
2016/03/29	ADDON-8432	Stanza "o365_certificate_setting" in splunk_ta_ms_o365_server_ucc_system_setting.conf.spec has incorrect default values.
2016/03/29	ADDON-8424	Certificate status messages "* but invalid" should not appear until a longer time has passed.
2016/03/08	ADDON-8221	If you configure an X.509 certificate and private key and upload the keyCredentials JSON for any integration account configured in the add-on, you also need to be uploaded it for all other accounts configured in the add-on, or any accounts not using the certificate cannot collect data.
2016/01/31	ADDON-7653	Management log reports rest request error during Splunk platform stop/restart immediately after a configuration change. This error can be ignored.
2016/01/26	ADDON-7597	Input will stop when the proxy_url exists but is invalid as a proxy. Workaround: Change your proxy URL to a valid proxy value.

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services was released on April 1, 2016. Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions	6.3.X or later
CIM	4.4 or later
Platforms	Platform independent
Vendor Products	Microsoft Office 365, Azure Active Directory, Sharepoint Online, Exchange Online, and other cloud services.

New features

Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features.

Date	Issue number	Description
2016/03/10	ADDON-3941	Create a new add-on for Microsoft cloud services.

Known issues

Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following known issues.

Date	Issue number	Description
2016/03/30	ADDON-8505	Splunk searches sometimes display duplicate events. This is a known issue with the Microsoft Office 365 Management API.
2016/03/30	ADDON-8504	Splunk searches sometimes display events out of order. This is a known issue with the Microsoft Office 365 Management API.
2016/03/29	ADDON-8432	Stanza "o365_certificate_setting" in splunk_ta_ms_o365_server_ucc_system_setting.conf.spec has incorrect default values.
2016/03/29	ADDON-8424	Certificate status messages "* but invalid" should not appear until a longer time has passed.
2016/03/15	ADDON-8280	Add-on throws "Failed to send rest request" errors during restart after initial installation unless the user waits for about one minute after installing the add-on and before restarting the Splunk platform. Workaround: Restart the Splunk platform a second time.
2016/03/08	ADDON-8221	If you configure an X.509 certificate and private key and upload the keyCredentials JSON for any integration account configured in the add-on, you also need to be upload it for all other accounts configured in the add-on, or any accounts not using the certificate cannot collect data.
2016/01/31	ADDON-7653	Management log reports rest request error during Splunk platform stop/restart immediately after a configuration change. This error can be ignored.
2016/01/26	ADDON-7597	Input will stop when the proxy_url exists but is invalid as a proxy. Workaround: Change your proxy URL to a valid proxy value.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

Splunk Add-on for Microsoft Cloud Services

Related Answers

Release history for the Splunk Add-on for Microsoft Cloud Services

Version 5.0.0

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.5.2

Compatibility

New features

Fixed issues

Known issues

Third-party software attributions

Version 4.5.1

Compatibility

Fixed issues

Known issues

Third-party software attributions

Version 4.5.0

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.3.3

Fixed issues

Known issues

Version 4.2.0

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.1.5

Fixed issues

Known issues

Third-party software attributions

Version 4.1.4

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.1.3

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.1.2

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.1.1

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.1.0

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.0.2

Compatibility

New Features

Fixed issues

Known issues

Third-party software attributions

Version 4.0.1

Compatibility

Upgrade

New Features

Fixed issues