Release history for the Splunk Add-on for Microsoft SQL Server
The latest release for the Splunk Add-on for Microsoft SQL Server is version 3.1.0. See Release notes for the Splunk Add-on for Microsoft SQL Server.
3.0.0
Version 3.0.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.1.x and 8.2.x |
| Splunk DB Connect | 3.7.0 |
| CIM | 4.20 |
| Platforms | Windows for local data collection on MS SQL Server, platform independent otherwise |
| Vendor Products | Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2014 Enterprise, Microsoft SQL Server 2016 Enterprise, Microsoft SQL Server 2017 Enterprise, Microsoft SQL Server 2017 Standard, Microsoft SQL Server 2019 Enterprise, Microsoft SQL Server 2019 Standard |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
- Support for Microsoft SQL Server Standard 2019.
- Drop support for Splunk DB 2.x.x.
- Compatibility with Splunk DB 3.6.0 and later.
Common Information Model (CIM) enhancements:
- Added new field extractions for the
mssql:auditsourcetype. - Support for version 4.20.
For information on upgrading to the newest version of this add-on, see the Upgrade the Splunk Add-on for Microsoft SQL Server topic in this manual.
Known issues
Version 3.0.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.
If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 3.0.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.
Version 2.0.0
Version 2.0.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.2.x, 7.3.x, 8.0.x and 8.1.0 |
| Splunk DB Connect | 2.4.1, 3.1.3, 3.3.1 and 3.4.0 |
| CIM | 4.17 |
| Platforms | Windows for local data collection on MS SQL Server, platform independent otherwise |
| Vendor products | Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2014 Enterprise, Microsoft SQL Server 2016 Enterprise, Microsoft SQL Server 2017 Enterprise, Microsoft SQL Server 2017 Standard, Microsoft SQL Server 2019 Enterprise, Microsoft SQL Server 2019 Standard. |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
- Support for Microsoft SQL Server Standard 2017 and Microsoft SQL Server Enterprise 2019.
- Compatibility with Splunk DB Connect 3.3.1 and 3.4.0.
- Added field extractions for the
mssql:errorlogandmssql:agentlogsourcetypes. - Removed the search time extractions of the
hostandportfield.- The value of the host will be the same as the host provided at the time of connection in Splunk DB Connect.
- For the port field, updated the SQL queries so it will be populated at index-time in the event.
- Common Information Model (CIM) enhancements:
- Support for version 4.17.
- Authentication data model mapping for the logon events in the
mssql:errorlogsourcetype. - Databases data model mapping for the
mssql:databasessourcetype. - Removed the
serial_numfield from themssql:transaction:dm_tran_lockssourcetype. - Additional Splunk IT Service Intelligence (ITSI) database module field compatibility.
For information on upgrading to the newest version of this add-on, see the Upgrade the Splunk Add-on for Microsoft SQL Server topic in this manual.
Fixed issues
Version 2.0.0 of the Splunk Add-on for Microsoft SQL Server has the following fixed issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-10-22 | ADDON-30436 | 'Additional_Information' field is not getting extracted properly for the 'mssql:audit' sourcetype |
| 2020-09-21 | ADDON-29421 | Removed incorrect field mapping of serial_num in sourcetype = mssql:transaction:dm_tran_locks |
Known issues
Version 2.0.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.
If no issues appear below, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2014-12-18 | ADDON-2753, ADDON-8229 | Error in opening perfmon with regex object (SQLServer|MSSQL*) from data inputs UI |
Third-party software attributions
Version 2.0.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.
Version 1.4.0
Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server was released on August 2, 2018.
About this release
Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x, 8.0 |
| Splunk DB Connect | 2.4.1, 3.1.3 |
| CIM | 4.11 |
| Platforms | Windows for local data collection on MS SQL Server, platform independent otherwise |
| Vendor Products | Microsoft SQL Server 2008 R2 Enterprise, Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2014 Enterprise, Microsoft SQL Server 2016 Enterprise |
New Features
- Support for Microsoft SQL Server 2016
- Compatibility with Splunk Enterprise 7+
Known issues
Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.
If no issues appear below, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2020-10-22 | ADDON-30436 | 'Additional_Information' field is not getting extracted properly for the 'mssql:audit' sourcetype |
| 2020-09-18 | ADDON-29421 | Removed incorrect field mapping of serial_num in sourcetype = mssql:transaction:dm_tran_locks |
| 2014-12-18 | ADDON-2753, ADDON-8229 | Error in opening perfmon with regex object (SQLServer|MSSQL*) from data inputs UI |
Third-party software attributions
Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.
Version 1.3.0
Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 6.4 and later |
| Splunk DB Connect | 2.4.1, 3.1.3 (versions 1.x and 3.0 are not supported) |
| CIM | 4.1 and later |
| Platforms | Windows for local data collection on MS SQL Server, platform independent otherwise |
| Vendor Products | Microsoft SQL Server versions 2008 R2 Enterprise, 2012 Enterprise, and 2014 Enterprise |
Upgrade guide
Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server includes a new default\sqlserver_dbx2.conf file. If you are using DB Connect v2 and want to use this add-on with Splunk IT Service Intelligence, follow the directions in Configure DB Connect v2 inputs for the Splunk Add-on for Microsoft SQL Server to override your existing inputs with the new ones provided in this version of the default\sqlserver_dbx2.conf template file. If you are using the configuration files, use the default\sqlserver_dbx2.conf as a template to update your splunk_app_db_connect\local\inputs.conf. If you are using the DB Connect GUI, refer to default\sqlserver_dbx2.conf for the source types and query statements.
DB Connect v1 is not supported for collecting data with this add-on for use in Splunk IT Service Intelligence. If you want to use this add-on with Splunk IT Service Intelligence, upgrade to DB Connect v2.
Features
Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server provides added support for DB Connect 3.1, which significantly streamlines the configuration process of database inputs.
Fixed issues
Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server has no fixed issues.
Known issues
Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server has no known issues.
Third-party software attributions
Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.
Version 1.2.0
Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server was released on April 1, 2016. Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 6.1 and later |
| CIM | 4.1 and later |
| Platforms | Windows for local data collection on MS SQL Server, platform independent otherwise |
| Vendor Products | Microsoft SQL Server versions 2008 R2 Enterprise, 2012 Enterprise, and 2014 Enterprise |
Upgrade guide
Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server includes a new default\sqlserver_dbx2.conf file. If you are using DB Connect v2 and want to use this add-on with Splunk IT Service Intelligence, follow the directions in Configure DB Connect v2 inputs for the Splunk Add-on for Microsoft SQL Server to override your existing inputs with the new ones provided in this version of the default\sqlserver_dbx2.conf template file. If you are using the configuration files, use the default\sqlserver_dbx2.conf as a template to update your splunk_app_db_connect\local\inputs.conf. If you are using the DB Connect GUI, refer to default\sqlserver_dbx2.conf for the source types and query statements.
DB Connect v1 is not supported for collecting data with this add-on for use in Splunk IT Service Intelligence. If you want to use this add-on with Splunk IT Service Intelligence, upgrade to DB Connect v2.
Features
Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has the following new features:
| Date | Issue number | Description |
|---|---|---|
| 2016-03-09 | ADDON-7327 | Support for the IT Service Intelligence Database module, including new source types, new lookup file, and new SQL queries for DB Connect v2. |
Fixed issues
Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has no fixed issues.
Known issues
Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues:
| Date filed | Issue number | Description |
|---|---|---|
| 2016-03-30 | ADDON-2764 | Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result some fields have a value of '## NOT SUPPORTED TYPE ##'. |
| 2015-01-08 | ADDON-2764 | Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events when using DB Connect v1. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
|
| 2015-02-04 | ADDON-3131 | Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL. |
| 2014-12-18 | ADDON-2753 | Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.
|
Note that there is a known issue in DB Connect 3 to support a new installation of Splunk Add-on for Microsoft SQL Server. See release notes for DB Connect 3 for details.
Third-party software attributions
Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.
Version 1.1.0
Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the same compatibility specifications as Version 1.2.0.
Features
Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the following new features.
| Date | Issue number | Description |
|---|---|---|
| 2015-10-09 | ADDON-2921 | Support for Splunk DB Connect v2. |
| 2015-10-09 | ADDON-3734 | Support for Microsoft SQL Server 2014. |
Fixed issues
Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server fixes the following issues.
| Date fixed | Issue number | Description |
|---|---|---|
| 2015-10-08 | ADDON-5975 | Stanzas have unnecessary wildcarding, contrary to best practices. |
| 2015-10-08 | ADDON-5978 | Sourcetypes in eventtypes.conf should be capitalization-unified with real sourcetypes' names. |
| 2015-09-23 | ADDON-3270 | Console startup errors when DB Connect is not present. |
Known issues
Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2015-01-08 | ADDON-2764 | Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events when using DB Connect v1. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
|
| 2015-02-04 | ADDON-3131 | Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL. |
| 2014-12-18 | ADDON-2753 | Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.
|
Third-party software attributions
Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.
Version 1.0.0
Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.1 and later |
| CIM | 4.1 and later |
| Platforms | Windows |
| Vendor Products | Microsoft SQL Server versions 2008 R2 Enterprise and 2012 Enterprise |
New features
Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server has the following new features.
| Date | Issue number | Description |
|---|---|---|
| 12/12/14 | ADDON-211 | CIM-compliant data collection of performance metrics and security events from Microsoft SQL Server using log files, audit trace files, and Splunk DB Connect. |
Known issues
Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.
| Date | Issue number | Description |
|---|---|---|
| 01/08/15 | ADDON-2764 | Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
|
| 02/04/15 | ADDON-3131 | Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL. |
| 12/18/14 | ADDON-2753 | Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.
|
Third-party software attributions
Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.
| Release notes for the Splunk Add-on for Microsoft SQL Server | Hardware and software requirements for the Splunk Add-on for Microsoft SQL Server |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!