Splunk® Supported Add-ons

Splunk Add-on for Microsoft SCOM

Download manual as PDF

Download topic as PDF

Release history for the Splunk Add-on for Microsoft SCOM

Latest Version

The latest version of the Splunk Add-on for Microsoft SCOM is version 2.3.0. See Release notes for the Splunk Add-on for Microsoft SCOM for the release notes of this latest version.

Version 2.2.0

Version 2.2.0 of the Splunk Add-on for Microsoft SCOM was released on June 21, 2018.

Compatibility

Version 2.2.0 of the Splunk Add-on for Microsoft SCOM is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.4
Platforms Windows
Vendor Products Microsoft System Center Operations Manager 2012 R2

Microsoft System Center Operations Manager 2016 R2

Upgrade guide

Version 2.2.0 of the Splunk Add-on for Microsoft SCOM is backwards compatible with version 2.1.0. All source types are the same and all inputs created using version 2.1.0 will continue to function.

New features

Version 2.2.0 of the Splunk Add-on for Microsoft SCOM has the following new features.

  • Support for Microsoft SCOM 2016
  • Improved date support for various locales. Date inputs and datetime parameters are properly indexed.

Fixed issues

Version 2.2.0 of the Splunk Add-on for Microsoft SCOM fixes the following issues.

Date resolved Issue number Description
2018-06-13 ADDON-18067 Data is not getting indexed into Splunk for Microsoft SCOM as 'request was aborted: Could not create SSL/TLS secure channel'
2018-05-10 ADDON-16305 The command Get-SCOMMonitoringObject' is an alias for ‘Get-SCOMClassInstance' and is called twice
2018-05-10 ADDON-8632 Splunk Add-on for Microsoft SCOM only does a one-time pull of data

Known issues

Version 2.2.0 of the Splunk Add-on for Microsoft SCOM contains the following known issues.

If no issues appear below, no issues have yet been reported.

Date filed Issue number Description
2019-05-26 ADDON-22050 "Description" field is getting override with a NULL value and not getting extracted for most of the source types
2019-05-01 ADDON-21913 Fieldalias behavior changed for SCOM "dest" field as mentioned in SPL-164505
2019-02-25 ADDON-21394 Performance issue on SCOM
2018-03-30 ADDON-17594 Event ingestion latency grows until the collection process ceases entirely
2016-08-17 ADDON-10936 DATA lost when SCOM spends a long time to sample it
2016-04-21 ADDON-8910, SPL-118489 interval does not support cron expression "0 0/5 * * * *"
2016-04-11 ADDON-8687 Request takes a long time to return
2015-04-23 ADDON-3876 500 error message upon failed input configuration is vague and unfriendly
2015-04-15 ADDON-3726 inputs will not be updated when the template is modified/deleted from UI

Third-party software attributions

Version 2.2.0 of the Splunk Add-on for Microsoft SCOM incorporates the following third-party components.

Version 2.1.0

Version 2.1.0 of the Splunk Add-on for Microsoft SCOM was released on September 21, 2016.

Compatibility

Splunk platform versions 6.3, 6.4, 6.5, 6.6
CIM 4.3, 4.4, 4.5
Platforms Windows
Vendor Products Microsoft System Center Operations Manager 2012 R2

Upgrade instructions

Version 2.1.0 of the Splunk Add-on for Microsoft SCOM is backwards compatible with version 2.0.0. All source types are the same and all inputs created using version 2.0.0 will continue to function.

Since Splunk platform version 6.3 and higher contains a native PowerShell modular input, if you upgrade the Splunk platform version from 6.2 or earlier to 6.3 or later, you need to delete the Powershell add-on which was installed to collect data.

New features

Version 2.1.0 of the Splunk Add-on for Microsoft SCOM has the following new features.

Date Issue number Description
2016-09-20 ADDON-9067 Mapping to ITSI OS data model.
2016-09-20 ADDON-9318 Support to collect performance metrics from monitors configured in Microsoft SCOM.
2016-09-20 ADDON-10405 Support to set the start date of data collection.
2016-09-20 ADDON-10983 Support to change the start time later than the time in the existing checkpoint file.

Known issues

Version 2.1.0 of the Splunk Add-on for Microsoft SCOM contains the following known issues.

Date Filed Issue number Description
2016-08-17 ADDON-10936 There will be some data loss if Microsoft SCOM takes more than 15 minutes to add the data in the database.
2016-04-25 ADDON-8910 /SPL-118489 If an input is created with an interval using a cron expression of 0 0/5 * * * *, no data is collected. Workaround: Change interval to 0 */5 * * * * to create a similar schedule.
2016-04-11 ADDON-8687 Requests take a long time to return on Windows.
2015-04-24 ADDON-3876 Error messages displayed in the UI are vague.
2015-04-15 ADDON-3726 Inputs are not updated when a template is modified or deleted. Workaround: When you need to modify or delete a collection template, delete any tasks that use that template and recreate the tasks with the modified or new set of templates.

Fixed issues

Version 2.1.0 of the Splunk Add-on for Microsoft SCOM has the following fixed issues.

Date Issue number Description
2016-09-07 ADDON-9694 The input and configuration page will be decrypted if you set the proxy in splunk-launcher.conf.
2015-09-09 ADDON-8740 Duplicate events are indexed when a short crontab interval is used. When Splunk first starts, it may invoke the PowerShell inputs twice. These two running instances may overlap and duplicated events may be indexed. Afterwards, the Powershell modular input will run in sequence and will not generate duplicated events.

Third-party software attributions

Version 2.1.0 of the Splunk Add-on for Microsoft SCOM incorporates the following third-party components.

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Microsoft SCOM is compatible with the following software, CIM versions and platforms.

Splunk platform versions 6.3 or later
CIM 4.1 or later
Platforms Windows
Vendor Products Microsoft System Center Operations Manager 2012 R2

New features

Date Issue number Description
2016-03-22 ADDON-8082 Add support for separate console and management servers so that Splunk admins can pull data from SCOM environments where the console server and SCOM management servers are on separate machines.
2016-03-22 ADDON-6772 Add support to collect data from nodes in a SCOM failover cluster.
2016-03-22 ADDON-6233 UI updates for a better configuration experience.
2016-03-22 ADDON-4290 Use Splunk platform 6.3 native PowerShell modular input rather than rely on the Splunk Add-on for Microsoft PowerShell.

Fixed Issues

Date Issue number Description
2016-03-22 ADDON-7050 Ingest timestamp problems. In Splunk Add-on for Microsoft SCOM 2.0.0, the time is stored in the checkpoint file as UTC time to resolve problems.
2016-03-23 ADDON-8397 UI cannot show when using base URL via reverse proxy.
2015-06-10 ADDON-4214 Check that objects exist before querying them.
2016-04-12 ADDON-8673 splunk_powershell.ps.log reports error "script exception:module OperationsManager not found".
2015-04-16 ADDON-3733 404 error logged in ta_util log each time a user creates a new template/task. Can be safely ignored.
2015-04-15 ADDON-3716 UI allows you to create a template with no metrics.

Known Issues

Date Filed Issue number Description
2016-04-25 ADDON-8910 /SPL-118489 If an input is created with an interval using a cron expression of 0 0/5 * * * *, no data is collected. Workaround: Change interval to 0 */5 * * * * to create a similar schedule.
2016-04-19 ADDON-8740 /SPL-118488 Duplicate events are indexed when a short crontab interval is used. When Splunk first starts, it may invoke the PowerShell inputs twice. These two running instances may overlap and duplicated events may be indexed. Afterwards, the Powershell modular input will run in sequence and will not generate duplicated events.
2016-04-11 ADDON-8687 Requests take a long time to return on Windows.
2015-04-24 ADDON-3876 Error messages displayed in the UI are vague.
2015-04-15 ADDON-3726 Inputs are not updated when a template is modified or deleted. Workaround: When you need to modify or delete a collection template, delete any tasks that use that template and recreate the tasks with the modified or new set of templates.

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Microsoft SCOM incorporates the following third-party components.

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Microsoft SCOM has the same compatibility specifications as version 2.0.0.

New features

Version 1.0.0 of the Splunk Add-on for Microsoft SCOM has the following new features.

Date Issue number Description
2015/04/16 ADDON-435 New Splunk-supported add-on.

Known issues

Version 1.0.0 of the Splunk Add-on for Microsoft SCOM has the following known issues.

Date Issue number Description
2015/04/24 ADDON-3876 Error messages displayed in the UI are vague.
2015/04/16 ADDON-3733 404 error logged in ta_util log each time a user creates a new template/task. Can be safely ignored.
2015/04/15 ADDON-3726 Inputs are not updated when a template is modified or deleted. Workaround: When you need to modify or delete a collection template, delete any tasks that use that template and recreate the tasks with the modified or new set of templates.
2015/04/15 ADDON-3716 UI allows you to create a template with no metrics.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Microsoft SCOM incorporates the following third-party components.

PREVIOUS
Release notes for the Splunk Add-on for Microsoft SCOM
  NEXT
Hardware and software requirements for the Splunk Add-on for Microsoft SCOM

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters