Splunk® Supported Add-ons

Splunk Add-on for Microsoft SQL Server

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Microsoft SQL Server

Latest release

The latest version of the Splunk Add-on for Microsoft SQL Server is version 2.0.0. See Release notes for the Splunk Add-on for Microsoft SQL Server for the release notes of this latest version.

Version 1.4.0

Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server was released on August 2, 2018.

About this release

Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 8.0
Splunk DB Connect 2.4.1, 3.1.3
CIM 4.11
Platforms Windows for local data collection on MS SQL Server, platform independent otherwise
Vendor Products Microsoft SQL Server 2008 R2 Enterprise, Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2014 Enterprise, Microsoft SQL Server 2016 Enterprise

New Features

  • Support for Microsoft SQL Server 2016
  • Compatibility with Splunk Enterprise 7+

Known issues

Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.

If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-10-22 ADDON-30436 'Additional_Information' field is not getting extracted properly for the 'mssql:audit' sourcetype
2020-09-18 ADDON-29421 Removed incorrect field mapping of serial_num in sourcetype = mssql:transaction:dm_tran_locks
2014-12-18 ADDON-2753, ADDON-8229 Error in opening perfmon with regex object (SQLServer|MSSQL*) from data inputs UI

Third-party software attributions

Version 1.4.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.


Version 1.3.0

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.4 and later
Splunk DB Connect 2.4.1, 3.1.3 (versions 1.x and 3.0 are not supported)
CIM 4.1 and later
Platforms Windows for local data collection on MS SQL Server, platform independent otherwise
Vendor Products Microsoft SQL Server versions 2008 R2 Enterprise, 2012 Enterprise, and 2014 Enterprise

Upgrade guide

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server includes a new default\sqlserver_dbx2.conf file. If you are using DB Connect v2 and want to use this add-on with Splunk IT Service Intelligence, follow the directions in Configure DB Connect v2 inputs for the Splunk Add-on for Microsoft SQL Server to override your existing inputs with the new ones provided in this version of the default\sqlserver_dbx2.conf template file. If you are using the configuration files, use the default\sqlserver_dbx2.conf as a template to update your splunk_app_db_connect\local\inputs.conf. If you are using the DB Connect GUI, refer to default\sqlserver_dbx2.conf for the source types and query statements.

DB Connect v1 is not supported for collecting data with this add-on for use in Splunk IT Service Intelligence. If you want to use this add-on with Splunk IT Service Intelligence, upgrade to DB Connect v2.

Features

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server provides added support for DB Connect 3.1, which significantly streamlines the configuration process of database inputs.

Fixed issues

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server has no fixed issues.

Known issues

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server has no known issues.

Third-party software attributions

Version 1.3.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server was released on April 1, 2016. Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.1 and later
CIM 4.1 and later
Platforms Windows for local data collection on MS SQL Server, platform independent otherwise
Vendor Products Microsoft SQL Server versions 2008 R2 Enterprise, 2012 Enterprise, and 2014 Enterprise

Upgrade guide

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server includes a new default\sqlserver_dbx2.conf file. If you are using DB Connect v2 and want to use this add-on with Splunk IT Service Intelligence, follow the directions in Configure DB Connect v2 inputs for the Splunk Add-on for Microsoft SQL Server to override your existing inputs with the new ones provided in this version of the default\sqlserver_dbx2.conf template file. If you are using the configuration files, use the default\sqlserver_dbx2.conf as a template to update your splunk_app_db_connect\local\inputs.conf. If you are using the DB Connect GUI, refer to default\sqlserver_dbx2.conf for the source types and query statements.

DB Connect v1 is not supported for collecting data with this add-on for use in Splunk IT Service Intelligence. If you want to use this add-on with Splunk IT Service Intelligence, upgrade to DB Connect v2.

Features

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has the following new features:

Date Issue number Description
2016-03-09 ADDON-7327 Support for the IT Service Intelligence Database module, including new source types, new lookup file, and new SQL queries for DB Connect v2.

Fixed issues

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has no fixed issues.

Known issues

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues:

Date filed Issue number Description
2016-03-30 ADDON-2764 Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result some fields have a value of '## NOT SUPPORTED TYPE ##'.
2015-01-08 ADDON-2764 Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events when using DB Connect v1. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
2015-02-04 ADDON-3131 Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL.
2014-12-18 ADDON-2753 Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.

Note that there is a known issue in DB Connect 3 to support a new installation of Splunk Add-on for Microsoft SQL Server. See release notes for DB Connect 3 for details.

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the same compatibility specifications as Version 1.2.0.

Features

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the following new features.

Date Issue number Description
2015-10-09 ADDON-2921 Support for Splunk DB Connect v2.
2015-10-09 ADDON-3734 Support for Microsoft SQL Server 2014.

Fixed issues

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server fixes the following issues.

Date fixed Issue number Description
2015-10-08 ADDON-5975 Stanzas have unnecessary wildcarding, contrary to best practices.
2015-10-08 ADDON-5978 Sourcetypes in eventtypes.conf should be capitalization-unified with real sourcetypes' names.
2015-09-23 ADDON-3270 Console startup errors when DB Connect is not present.

Known issues

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.

Date filed Issue number Description
2015-01-08 ADDON-2764 Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events when using DB Connect v1. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
2015-02-04 ADDON-3131 Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL.
2014-12-18 ADDON-2753 Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.1 and later
CIM 4.1 and later
Platforms Windows
Vendor Products Microsoft SQL Server versions 2008 R2 Enterprise and 2012 Enterprise

New features

Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server has the following new features.

Date Issue number Description
12/12/14 ADDON-211 CIM-compliant data collection of performance metrics and security events from Microsoft SQL Server using log files, audit trace files, and Splunk DB Connect.

Known issues

Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server has the following known issues.

Date Issue number Description
01/08/15 ADDON-2764 Incorrect line breaking and/or some fields for audit and trace log events are missing in indexed events. Workaround: edit dbx\local\inputs.conf to include SHOULD_LINEMERGE=true in the stanzas for the affected inputs.
02/04/15 ADDON-3131 Change to non-deprecated method for pulling trace log files from SQL Server because fn_trace_gettable is EOL.
12/18/14 ADDON-2753 Error in creating performance monitor inputs with regex objects (SQLServer|MSSQL[^:]*) from data inputs UI. Workaround: configure all performance monitoring inputs via the inputs.conf file.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Microsoft SQL Server does not incorporate any third-party components or libraries.

Last modified on 17 November, 2020
PREVIOUS
Release notes for the Splunk Add-on for Microsoft SQL Server
  NEXT
Hardware and software requirements for the Splunk Add-on for Microsoft SQL Server

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters