Download topic as PDF
Release history of the Splunk Add-on for Oracle Database
Latest release
The latest version of the Splunk Add-on for Oracle Database is version 4.1.0. Please see Release notes for the Splunk Add-on for Oracle Database for the release notes of this latest version.
Version 4.0.2
Version 4.0.2 of the Splunk Add-on for Oracle Database was released on July 12, 2021.
About this release
Version 4.0.2 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.0, 8.1, 8.2 |
| Splunk DB Connect | 3.5 |
| CIM | 4.20 |
| Platforms | Platform independent |
| Vendor Products | Oracle Database Server 11g/12.1/12.2/19c |
Splunk DB Connect version 2.x reached its End of Life on July 7, 2019
New features
Version 4.0.2 of the Splunk Add-on for Oracle Database does not include any new features.
Fixed issues
Version 4.0.2 of the Splunk Add-on for Oracle Database contains the following fixed issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-11-09 | ADDON-30461 | Splunk Add-on for Oracle Database 3.6.0 Issue with index time when events include timezone |
Known issues
Version 4.0.2 of the Splunk Add-on for Oracle Database contains the following known issues. If no issues appear below, no issues have yet been reported.
Third-party software attributions
Version 4.0.2 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
Version 4.0.1
Version 4.0.1 of the Splunk Add-on for Oracle Database was released on April 29, 2021.
About this release
Version 4.0.1 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.0, 8.1 |
| Splunk DB Connect | 3.4.2 |
| CIM | 4.19 |
| Platforms | Platform independent |
| Vendor Products | Oracle Database Server 11g/12.1/12.2/18c/19c |
Splunk DB Connect version 2.x reached its End of Life on July 7, 2019
New features
Version 4.0.1 of the Splunk Add-on for Oracle Database includes the following new features:
- Support for Oracle Database versions 12.2, 18c and 19c.
- Two new sourcetypes:
oracle:sqlMonitor, mapped to the Databases CIM Data Model.- Sample event:
SQL_ID="8fa50m2ggqmkh", SQL_EXEC_START="2021-02-04 3:50:53", SQL_EXEC_ID=16778066, KEY=25769804773, USERNAME="SYS", MACHINE="C3382290435", DATABASE_NAME="MORAL", ELAP_PER_EXEC="11389380.83", SQL_TEXT="SELECT * FROM ( SELECT CAST((event_timestamp at TIME zone 'UTC') AS TIMESTAMP) A_EVENT_TIMESTAMP_UTC,u.* FROM UNIFIED_AUDIT_TRAIL u) WHERE A_EVENT_TIMESTAMP_UTC > :1 ORDER BY A_EVENT_TIMESTAMP_UTC ASC", RECORDS_AFFECTED=2299, TABLES_HIT="ALL_UNIFIED_AUDIT_ACTIONS, AUD$UNIFIED, X$UNIFIED_AUDIT_TRAIL", INDEXES_HIT="I_STMT_AUDIT_OPTION_MAP, I_SYSTEM_PRIVILEGE_MAP, I_UNIFIED_AUDIT_ACTIONS", CPU_TIME="19790610", FETCHES="1", BUFFER_GETS="738282", DISK_READS="5963", DIRECT_WRITES="2276", APPLICATION_WAIT_TIME="82099", CONCURRENCY_WAIT_TIME="0", CLUSTER_WAIT_TIME="0", USER_IO_WAIT_TIME="17882604", PLSQL_EXEC_TIME="0", JAVA_EXEC_TIME="0", BANNER_FULL="Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.3.0.0.0"
- Sample event:
oracle:connections:poolStats, mapped to the Databases CIM Data Model.- Sample event:
HOST_NAME="ca8e7f53acb8", INSTANCE_NAME="MORAL", CONNECTION_POOL="SYS_DEFAULT_CONNECTION_POOL", STATUS="ACTIVE", MAXSIZE="40", NUM_REQUESTS="0", NUM_HITS="0", NUM_MISSES="0", NUM_WAITS="0", CON_ID="0"
- Sample event:
- Removed search time extractions of the host field. This affects the following sourcetypes:
oracle:instanceoracle:sessionoracle:sysPerforacle:connectionsoracle:pool:connectionsoracle:database:sizeoracle:tableoracle:useroracle:query
The value of the host field will be the same as the host field value provided at the time of your connection in Splunk DB Connect. For example, sourcetypes oracle:database or oracle:tablespace.
- Common Information Model (CIM) enhancements:
- Support for version 4.19.
- Data Model mapping was updated for the following sourcetypes:
oracle:instanceoracle:sessionoracle:tablespaceMetricsoracle:sysPerforacle:connectionsoracle:pool:connectionsoracle:tableoracle:database:sizeoracle:useroracle:audit:textoracle:audit:xml
Version 3.7.0
Version 3.7.0 of the Splunk Add-on for Oracle Database was released on Jun 25, 2017.
About this release
Version 3.7.0 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.4.X and later |
| Splunk DB Connect | 2.x, 3.1 (version 1.x and 3.0 are not supported) |
| CIM | 3.0 and later |
| Platforms | Platform independent |
| Vendor Products | Oracle Database Server 10g/11g/12c |
New and changed features
Version 3.7.0 of the Splunk Add-on for Oracle Database provides added support for DB Connect 3.1, which significantly streamlines the configuration process of database inputs.
Fixed issues
Version 3.7.0 of the Splunk Add-on for Oracle Database has no fixed issues.
Known issues
Version 3.7.0 of the Splunk Add-on for Oracle Database contains the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2021-02-05 | ADDON-33553 | active_pooled_connections for sourcetype oracle:pool:connections is always 0 |
| 2020-08-15 | ADDON-28810, ADDON-28812 | Invalid extraction for host |
| 2017-09-03 | ADDON-15717 | Queries referencing views does not support RAC |
| 2017-05-24 | ADDON-14887 | Timezone override in props.conf is invalid in DBX v3 |
| 2017-05-16 | ADDON-14795 | Part of CLOB fields extracted in oracle:audit:unified via DBX V3 are missing from the UI |
Third-party software attributions
Version 3.7.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
Version 3.6.0
Version 3.6.0 of the Splunk Add-on for Oracle Database was released on May 25, 2017.
Version 3.6.0 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.4.X and later |
| CIM | 3.0 and later |
| Platforms | Platform independent |
| Vendor Products | Oracle Database Server 10g/11g/12c |
New and changed features
Version 3.6.0 of the Splunk Add-on for Oracle Database introduces a new sourcetype oracle:audit:unified in support of the new Unified Auditing feature in Oracle 12c. The DB Connect input template file is updated with a new stanza to facilitate the creation of this new data input.
This version of Splunk Add-on for Oracle Database only supports DB Connect 2.x and 3.x. Support for DB Connect 1.x has been deprecated.
Fixed issues
Version 3.6.0 of the Splunk Add-on for Oracle Database fixed the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2017-05-04 | ADDON-8888 | Generates 30k warning messages per day regarding missing transforms |
Known issues
Version 3.6.0 of the Splunk Add-on for Oracle Database contains the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2020-10-22 | ADDON-30461 | Splunk Add-on for Oracle Database 3.6.0 Issue with index time when events include timezone |
| 2017-09-03 | ADDON-15717 | Queries referencing views does not support RAC |
| 2017-05-24 | ADDON-14887 | Timezone override in props.conf is invalid in DBX v3 |
| 2017-05-16 | ADDON-14795 | Part of CLOB fields extracted in oracle:audit:unified via DBX V3 are missing from the UI |
Third-party software attributions
Version 3.6.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
Version 3.5.0
Version 3.5.0 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.3.X and later |
| CIM | 3.0 and later |
| Platforms | Platform independent |
| Vendor Products | Oracle Database Server 10g/11g/12c |
Upgrade guide
Version 3.5.0 of the Splunk Add-on for Oracle Database is designed to be used with Splunk DB Connect v2. Splunk DB Connect v1 continues to be supported, but upgrading to DB Connect v2 is recommended. The new source types in this version can only be collected using DB Connect v2.
If you are a DB Connect v2 user and are upgrading the Splunk Add-on for Oracle Database from version 3.3.0 and earlier to 3.5.0 and want to start collecting the new performance events (for use with the Splunk IT Service Intelligence app or otherwise), copy the input stanzas for the new source types, oracle:connections, oracle:pool:connections, oracle:database:size, oracle:table, oracle:user, oracle:query, and the updated input stanzas for oracle:session, oracle:sysPerf, and oracle:instance, from dbx2.inputs.conf.template to your DB Connect v2 input.conf file and modify as necessary for your environment.
If you are a DB Connect v1 user and you want to upgrade the Splunk Add-on for Oracle Database from version 3.3.0 and earlier to 3.5.0 to begin collecting the new performance events available in this release or integrate your Oracle data with the IT Service Intelligence app, you must first upgrade to DB Connect v2.
If you are a DB Connect v1 user and you are upgrading the Splunk Add-on for Oracle Database from version 3.3.0 and earlier to 3.5.0 and want to continue to collect events for the source types you have already been collecting, you need to edit the transforms.conf file as described in the Set up the database connection section to make sure it contains the correct lines to work with DB Connect v1 since the transforms.conf file is designed to work with DB Connect v2 by default in this release.
New features
Version 3.5.0 of the Splunk Add-on for Oracle Database has the following new feature.
| Resolved date | Defect number | Description |
| 2016-06-16 | ADDON-9983 |
Some field mappings and tags are updated to better support the Splunk IT Service Intelligence (ITSI) Database module. |
Fixed issues
Version 3.5.0 of the Splunk Add-on for Oracle Database contains no fixed issues.
Known issues
Version 3.5.0 of the Splunk Add-on for Oracle Database contains the following known issues.
| Date | Defect number | Description |
| 04/07/15 | ADDON-3599 | Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result oracle:session fields SADDR, CREATEOR_ADDR, etc have a value of '## NOT SUPPORTED TYPE ##'. |
Third-party software attributions
Version 3.5.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
Version 3.4.0
Version 3.4.0 of the Splunk Add-on for Oracle Database was released on April 1, 2016. Version 3.4.0 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.0 or later |
| CIM | 3.0 or later |
| Platforms | Platform independent |
| Vendor Products | Oracle Database Server 10g/11g/12c |
Upgrade guide
Version 3.4.0 of the Splunk Add-on for Oracle Database is designed to be used with Splunk DB Connect v2. Splunk DB Connect v1 continues to be supported, but upgrading to DB Connect v2 is recommended. The new source types in this version can only be collected using DB Connect v2.
If you are a DB Connect v2 user and are upgrading the Splunk Add-on for Oracle Database from version 3.3.0 to 3.4.0 and want to start collecting the new performance events (for use with the Splunk IT Service Intelligence app or otherwise), copy the input stanzas for the new source types, oracle:connections, oracle:pool:connections, oracle:database:size, oracle:table, oracle:user, oracle:query, and the updated input stanzas for oracle:session, oracle:sysPerf, and oracle:instance, from dbx2.inputs.conf.template to your DB Connect v2 input.conf file and modify as necessary for your environment.
If you are a DB Connect v1 user and you want to upgrade the Splunk Add-on for Oracle Database from version 3.3.0 to 3.4.0 to begin collecting the new performance events available in this release or integrate your Oracle data with the IT Service Intelligence app, you must first upgrade to DB Connect v2.
If you are a DB Connect v1 user and you are upgrading the Splunk Add-on for Oracle Database from version 3.3.0 to 3.4.0 and want to continue to collect events for the source types you have already been collecting, you need to edit the transforms.conf file as described in the Set up the database connection section to make sure it contains the correct lines to work with DB Connect v1 since the transforms.conf file is designed to work with DB Connect v2 by default in this release.
New features
Version 3.4.0 of the Splunk Add-on for Oracle Database has the following new feature.
| Resolved date | Defect number | Description |
| 2016-01-08 | ADDON-7314 | Add new performance events with the following source types and add support for the Splunk IT Service Intelligence (ITSI) Database module for these source types: oracle:connections, oracle:pool:connections, oracle:database:size, oracle:table, oracle:user, oracle:query. Add support for the ITSI Database module to the following existing source types: oracle:session, oracle:sysPerf, oracle:instance.
|
Fixed issues
Version 3.4.0 of the Splunk Add-on for Oracle Database fixes the following issue.
| Resolved date | Defect number | Description |
| 2016-03-09 | ADDON-7882 | Performance issues due to lookup and field name collision. Rename Action field in lookup. |
| 2016-03-11 | ADDON-7584 | default/transforms.conf has lines that only apply to DB Connect 1. Should work by default for DB Connect 2. |
| 2016-03-01 | ADDON-7827 | Update identifier for ITSI Database module. |
| 2016-03-09 | ADDON-3603 | 'ORA-01861: literal does not match format string' error occurs in oracle:sysPerf. This error is a benign side-effect of casting and comparing END_TIME as a rising column. |
Known issues
Version 3.4.0 of the Splunk Add-on for Oracle Database has the following known issues.
| Date | Defect number | Description |
| 04/09/15 | ADDON-3644 | oracle:sysPerf will not index more data when v$sysmetric_history has more rows. |
| 04/08/15 | ADDON-3622 | Splunk DB Connect v2 gathers performance metrics in KV format instead of CSV format, breaking backwards compatibility for performance gathering events. Workaround: comment out stanzas in transforms.conf that are specific to csv format. |
| 04/07/15 | ADDON-3599 | Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result oracle:session fields SADDR, CREATEOR_ADDR, etc have a value of '## NOT SUPPORTED TYPE ##'. |
Third-party software attributions
Version 3.4.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
Version 3.3.0
Version 3.3.0 of the Splunk Add-on for Oracle Database has the same compatibility specifications as the latest version.
New features
Version 3.3.0 of the Splunk Add-on for Oracle Database had the following new feature.
| Resolved date | Issue number | Description |
| 03/12/15 | ADDON-2920 | Add support for Splunk DB Connect v.2.0.0. |
Fixed issues
Version 3.3.0 of the Splunk Add-on for Oracle Database fixes the following issues.
| Resolved date | Defect number | Description |
| 03/08/15 | ADDON-3620 | For sourcetype=oracle:audit:text, src, src_user, and user fields are not extracted. |
| 03/08/15 | ADDON-3623 | Action field is not CIM compliant. |
| 03/07/15 | ADDON-3601 | EVENT field of oracle:session source type is not extracted correctly. |
| 03/07/15 | ADDON-3600 | Field name with # suffix is not extracted correctly. |
| 03/05/15 | ADDON-2536 | Count of incidents in the last 24 hours is wrong. |
| 03/04/15 | ADDON-3188 | Console startup errors when DB Connect is not present. |
Known issues
Version 3.3.0 of the Splunk Add-on for Oracle Database has the following known issues.
| Date | Defect number | Description |
| 04/12/15 | DBX-1687/ ADDON-3602 |
Splunk DB Connect does not support CSV output and breaks backward compatibility with DB Connect version 1.X. Workaround: DB Connect v2.X users can comment out stanzas in transforms.conf that are intended to support v1.X CSV output to avoid errors in the extraction. |
| 04/09/15 | ADDON-3644 | oracle:sysPerf will not index more data when v$sysmetric_history has more rows. |
| 04/08/15 | ADDON-3622 | Splunk DB Connect v2 gathers performance metrics in KV format instead of CSV format, breaking backwards compatibility for performance gathering events. Workaround: comment out stanzas in transforms.conf that are specific to csv format. |
| 04/07/15 | ADDON-3599 | Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result oracle:session fields SADDR, CREATEOR_ADDR, etc have a value of '## NOT SUPPORTED TYPE ##'. |
| 04/07/15 | ADDON-3603 | 'ORA-01861: literal does not match format string' error occurs in oracle:sysPerf. This error is a benign side-effect of casting and comparing END_TIME as a rising column. |
Third-party software attributions
Version 3.3.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
Version 3.2.3
Version 3.2.3 of the Splunk Add-on for Oracle Database has the same compatibility specifications as the latest version.
Fixed issues
Version 3.2.3 of the Splunk Add-on for Oracle Database fixed the following issues.
| Resolved date | Defect number | Description |
| 01/13/15 | ADDON-2923 | Four field alias typos in props.conf. |
| 01/13/15 | ADDON-2918 | Default props configuration causes app=oracle to be added to all events. |
| 01/13/15 | ADDON-2917 | Default input configuration disables all inputs. |
Known issues
Version 3.2.3 of the Splunk Add-on for Oracle Database had the following known issue.
| Date | Defect number | Description |
| 11/13/14 | ADDON-2217 | Default inputs values display in Splunk Web despite local configuration in DB connect. Workaround: After configuration, delete the default/inputs.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_oracle/default.
|
Third-party software attributions
Version 3.2.3 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
Version 3.2.2
Version 3.2.2 of the Splunk Add-on for Oracle Database has the same compatibility specifications as the latest version.
Fixed issues
Version 3.2.2 of the Splunk Add-on for Oracle Database fixed the following issue.
| Resolved date | Defect number | Description |
| 12/08/14 | ADDON-2532 | Remove two unused .csv files from lookups folder. |
Known issues
Version 3.2.2 of the Splunk Add-on for Oracle Database had the following known issue.
| Date | Defect number | Description |
| 11/13/14 | ADDON-2217 | Default inputs values display in Splunk Web despite local configuration in DB connect. Workaround: After configuration, delete the default/inputs.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_oracle/default.
|
Third-party software attributions
Version 3.2.2 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
Version 3.2.1
This version of the add-on has the same compatibility specifications as the latest version.
New features
Version 3.2.1 of the Splunk Add-on for Oracle Database had the following new features:
| Resolved date | Issue number | Description |
| 10/30/14 | ADDON-2237 | Pre-built panels for Oracle Database |
| 10/19/14 | ADDON-1996 | Create mapping to Common Information Model |
| 10/14/14 | ADDON-1993 | Performance metrics scripting - v11g |
| 10/14/14 | ADDON-1994 | Basic inventory event monitoring - v11g |
| 10/14/14 | ADDON-1992 | Incident log monitoring - v11g |
| 10/14/14 | ADDON-1990 | Audit log monitoring - v11G |
Fixed issues
Version 3.2.1 of the Splunk Add-on for Oracle Database fixed the following issues:
| Resolved date | Defect number | Description |
| 10/29/14 | ADDON-2216 | SQL query for oracle 10g sourcetype=oracle:osPerf is incorect in dbx sample inputs.conf |
| 10/21/14 | ADDON-2205 | For CIM, field "availability" is incorrectly assigned to Database_Instance instead of Instance_Stats |
| 10/26/14 | ADDON-2195 | For Oracle 10g linux, there is no "CUMULATIVE" in os perf metrics, thus need to update the SQL for database input |
| 10/26/14 | ADDON-2192 | For database and instance metrics, field "Vendor" is not extracted |
| 10/28/14 | ADDON-2191 | Lookup table oracle_ora_codes.csv misses some ORACODEs, such as ORA-20013 |
| 10/21/14 | ADDON-2180 | For incident log, RELATED_TRACE_FILE is not extracted as expected |
| 10/19/14 | ADDON-2179 | For alert text log on oracle 11g/12c linux, DB_UNIQUE_NAME is not extracted |
| 10/19/14 | ADDON-2178 | For alert xml log, the format of some ORACODE do not match that of look up table, thus fail to get mapped to desired fields |
| 10/19/14 | ADDON-2177 | For audit xml log, there are two lookups configured for field "action", which may cause conflict |
| 10/19/14 | ADDON-2176 | For audit text log, some values of field "ACTION" are not a number, thus look up will miss these entries |
| 10/17/14 | ADDON-2168 | For audit text log, DBID is not extracted since the stanza "DBID_text" does not exist in transforms.conf |
| 10/17/14 | ADDON-2164 | For audit log, LOOKUP-app fails to extract field "app" |
| 10/19/13 | ADDON-1031 | Error in anonymization code |
Known issues
Version 3.2.1 of the Splunk Add-on for Oracle Database had the following known issues.
| Date | Defect number | Description |
| 11/13/14 | ADDON-2217 | Default inputs values display in Splunk Web despite local configuration in DB connect. Workaround: After configuration, delete the default/inputs.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_oracle/default.
|
Third-party software attributions
Version 3.2.1 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.
|
PREVIOUS Release notes for the Splunk Add-on for Oracle Database |
NEXT Hardware and software requirements for the Splunk Add-on for Oracle Database |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!