Splunk® Supported Add-ons

Splunk Add-on for Microsoft SQL Server

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Microsoft SQL Server

Latest release

The latest version of the Splunk Add-on for Microsoft SQL Server is version 3.0.0. See Release notes for the Splunk Add-on for Microsoft SQL Server for the release notes of this latest version.

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 7.2.x, 7.3.x, 8.0.x and 8.1.0
Splunk DB Connect 2.4.1, 3.1.3, 3.3.1 and 3.4.0
CIM 4.17
Platforms Windows for local data collection on MS SQL Server, platform independent otherwise
Vendor products Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2014 Enterprise, Microsoft SQL Server 2016 Enterprise, Microsoft SQL Server 2017 Enterprise, Microsoft SQL Server 2017 Standard, Microsoft SQL Server 2019 Enterprise, Microsoft SQL Server 2019 Standard.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

  • Support for Microsoft SQL Server Standard 2017 and Microsoft SQL Server Enterprise 2019.
  • Compatibility with Splunk DB Connect 3.3.1 and 3.4.0.
  • Added field extractions for the mssql:errorlog and mssql:agentlog sourcetypes.
  • Removed the search time extractions of the host and port field.
    • The value of the host will be the same as the host provided at the time of connection in Splunk DB Connect.
    • For the port field, updated the SQL queries so it will be populated at index-time in the event.
  • Common Information Model (CIM) enhancements:
    • Support for version 4.17.
    • Authentication data model mapping for the logon events in the mssql:errorlog sourcetype.
    • Databases data model mapping for the mssql:databases sourcetype.
    • Removed the serial_num field from the mssql:transaction:dm_tran_locks sourcetype.
    • Additional Splunk IT Service Intelligence (ITSI) database module field compatibility.

For information on upgrading to the newest version of this add-on, see the Upgrade the Splunk Add-on for Microsoft SQL Server topic in this manual.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Microsoft SQL Server has the following fixed issues.


Date resolved Issue number Description
2020-10-22 ADDON-30436 'Additional_Information' field is not getting extracted properly for the 'mssql:audit' sourcetype
2020-09-21 ADDON-29421 Removed incorrect field mapping of serial_num in sourcetype = mssql:transaction:dm_tran_locks

Known issues

Version 2.0.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.

If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2014-12-18 ADDON-2753, ADDON-8229 Error in opening perfmon with regex object (SQLServer|MSSQL*) from data inputs UI

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Version 1.4.0

Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server was released on August 2, 2018.

About this release

Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 8.0
Splunk DB Connect 2.4.1, 3.1.3
CIM 4.11
Platforms Windows for local data collection on MS SQL Server, platform independent otherwise
Vendor Products Microsoft SQL Server 2008 R2 Enterprise, Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2014 Enterprise, Microsoft SQL Server 2016 Enterprise

New Features

  • Support for Microsoft SQL Server 2016
  • Compatibility with Splunk Enterprise 7+

Known issues

Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.

If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-10-22 ADDON-30436 'Additional_Information' field is not getting extracted properly for the 'mssql:audit' sourcetype
2020-09-18 ADDON-29421 Removed incorrect field mapping of serial_num in sourcetype = mssql:transaction:dm_tran_locks
2014-12-18 ADDON-2753, ADDON-8229 Error in opening perfmon with regex object (SQLServer|MSSQL*) from data inputs UI

Third-party software attributions

Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.


Version 1.3.0

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.4 and later
Splunk DB Connect 2.4.1, 3.1.3 (versions 1.x and 3.0 are not supported)
CIM 4.1 and later
Platforms Windows for local data collection on MS SQL Server, platform independent otherwise
Vendor Products Microsoft SQL Server versions 2008 R2 Enterprise, 2012 Enterprise, and 2014 Enterprise

Upgrade guide

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server includes a new default\sqlserver_dbx2.conf file. If you are using DB Connect v2 and want to use this add-on with Splunk IT Service Intelligence, follow the directions in Configure DB Connect v2 inputs for the Splunk Add-on for Microsoft SQL Server to override your existing inputs with the new ones provided in this version of the default\sqlserver_dbx2.conf template file. If you are using the configuration files, use the default\sqlserver_dbx2.conf as a template to update your splunk_app_db_connect\local\inputs.conf. If you are using the DB Connect GUI, refer to default\sqlserver_dbx2.conf for the source types and query statements.

DB Connect v1 is not supported for collecting data with this add-on for use in Splunk IT Service Intelligence. If you want to use this add-on with Splunk IT Service Intelligence, upgrade to DB Connect v2.

Features

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server provides added support for DB Connect 3.1, which significantly streamlines the configuration process of database inputs.

Fixed issues

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server has no fixed issues.

Known issues

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server has no known issues.

Third-party software attributions

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server was released on April 1, 2016. Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.1 and later
CIM 4.1 and later
Platforms Windows for local data collection on MS SQL Server, platform independent otherwise
Vendor Products Microsoft SQL Server versions 2008 R2 Enterprise, 2012 Enterprise, and 2014 Enterprise

Upgrade guide

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server includes a new default\sqlserver_dbx2.conf file. If you are using DB Connect v2 and want to use this add-on with Splunk IT Service Intelligence, follow the directions in Configure DB Connect v2 inputs for the Splunk Add-on for Microsoft SQL Server to override your existing inputs with the new ones provided in this version of the default\sqlserver_dbx2.conf template file. If you are using the configuration files, use the default\sqlserver_dbx2.conf as a template to update your splunk_app_db_connect\local\inputs.conf. If you are using the DB Connect GUI, refer to default\sqlserver_dbx2.conf for the source types and query statements.

DB Connect v1 is not supported for collecting data with this add-on for use in Splunk IT Service Intelligence. If you want to use this add-on with Splunk IT Service Intelligence, upgrade to DB Connect v2.

Features

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has the following new features:

Date Issue number Description
2016-03-09 ADDON-7327 Support for the IT Service Intelligence Database module, including new source types, new lookup file, and new SQL queries for DB Connect v2.

Fixed issues

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has no fixed issues.

Known issues

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues:

Date filed Issue number Description
2016-03-30 ADDON-2764 Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result some fields have a value of '## NOT SUPPORTED TYPE ##'.
2015-01-08 ADDON-2764 Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events when using DB Connect v1. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
2015-02-04 ADDON-3131 Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL.
2014-12-18 ADDON-2753 Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.

Note that there is a known issue in DB Connect 3 to support a new installation of Splunk Add-on for Microsoft SQL Server. See release notes for DB Connect 3 for details.

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the same compatibility specifications as Version 1.2.0.

Features

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the following new features.

Date Issue number Description
2015-10-09 ADDON-2921 Support for Splunk DB Connect v2.
2015-10-09 ADDON-3734 Support for Microsoft SQL Server 2014.

Fixed issues

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server fixes the following issues.

Date fixed Issue number Description
2015-10-08 ADDON-5975 Stanzas have unnecessary wildcarding, contrary to best practices.
2015-10-08 ADDON-5978 Sourcetypes in eventtypes.conf should be capitalization-unified with real sourcetypes' names.
2015-09-23 ADDON-3270 Console startup errors when DB Connect is not present.

Known issues

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.

Date filed Issue number Description
2015-01-08 ADDON-2764 Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events when using DB Connect v1. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
2015-02-04 ADDON-3131 Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL.
2014-12-18 ADDON-2753 Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.1 and later
CIM 4.1 and later
Platforms Windows
Vendor Products Microsoft SQL Server versions 2008 R2 Enterprise and 2012 Enterprise

New features

Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server has the following new features.

Date Issue number Description
12/12/14 ADDON-211 CIM-compliant data collection of performance metrics and security events from Microsoft SQL Server using log files, audit trace files, and Splunk DB Connect.

Known issues

Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.

Date Issue number Description
01/08/15 ADDON-2764 Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
02/04/15 ADDON-3131 Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL.
12/18/14 ADDON-2753 Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Last modified on 08 December, 2021
PREVIOUS
Release notes for the Splunk Add-on for Microsoft SQL Server 		  NEXT
Hardware and software requirements for the Splunk Add-on for Microsoft SQL Server

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters