Splunk® Supported Add-ons

Splunk Add-on for Oracle Database

Download manual as PDF

Download topic as PDF

Release history of the Splunk Add-on for Oracle Database

Latest release

The latest version of the Splunk Add-on for Oracle Database is version 3.7.0. Please see Release notes for the Splunk Add-on for Oracle Database for the release notes of this latest version.

Version 3.6.0

Version 3.6.0 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.4.X and later
CIM 3.0 and later
Platforms Platform independent
Vendor Products Oracle Database Server 10g/11g/12c

New and changed features

Version 3.6.0 of the Splunk Add-on for Oracle Database introduces a new sourcetype oracle:audit:unified in support of the new Unified Auditing feature in Oracle 12c. The DB Connect input template file is updated with a new stanza to facilitate the creation of this new data input.

This version of Splunk Add-on for Oracle Database only supports DB Connect 2.x and 3.x. Support for DB Connect 1.x has been deprecated.

Fixed issues

Version 3.6.0 of the Splunk Add-on for Oracle Database fixed the following issues.


Date resolved Issue number Description
2017-05-04 ADDON-8888 Generates 30k warning messages per day regarding missing transforms

Known issues

Version 3.6.0 of the Splunk Add-on for Oracle Database contains the following known issues.


Date filed Issue number Description
2017-09-03 ADDON-15717 Queries referencing views does not support RAC
2017-05-24 ADDON-14887 Timezone override in props.conf is invalid in DBX v3
2017-05-16 ADDON-14795 Part of CLOB fields extracted in oracle:audit:unified via DBX V3 are missing from the UI

Third-party software attributions

Version 3.6.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.

Version 3.5.0

Version 3.5.0 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3.X and later
CIM 3.0 and later
Platforms Platform independent
Vendor Products Oracle Database Server 10g/11g/12c

Upgrade guide

Version 3.5.0 of the Splunk Add-on for Oracle Database is designed to be used with Splunk DB Connect v2. Splunk DB Connect v1 continues to be supported, but upgrading to DB Connect v2 is recommended. The new source types in this version can only be collected using DB Connect v2.

If you are a DB Connect v2 user and are upgrading the Splunk Add-on for Oracle Database from version 3.3.0 and earlier to 3.5.0 and want to start collecting the new performance events (for use with the Splunk IT Service Intelligence app or otherwise), copy the input stanzas for the new source types, oracle:connections, oracle:pool:connections, oracle:database:size, oracle:table, oracle:user, oracle:query, and the updated input stanzas for oracle:session, oracle:sysPerf, and oracle:instance, from dbx2.inputs.conf.template to your DB Connect v2 input.conf file and modify as necessary for your environment.

If you are a DB Connect v1 user and you want to upgrade the Splunk Add-on for Oracle Database from version 3.3.0 and earlier to 3.5.0 to begin collecting the new performance events available in this release or integrate your Oracle data with the IT Service Intelligence app, you must first upgrade to DB Connect v2.

If you are a DB Connect v1 user and you are upgrading the Splunk Add-on for Oracle Database from version 3.3.0 and earlier to 3.5.0 and want to continue to collect events for the source types you have already been collecting, you need to edit the transforms.conf file as described in the Set up the database connection section to make sure it contains the correct lines to work with DB Connect v1 since the transforms.conf file is designed to work with DB Connect v2 by default in this release.

New features

Version 3.5.0 of the Splunk Add-on for Oracle Database has the following new feature.

Resolved date Defect number Description
2016-06-16 ADDON-9983

Some field mappings and tags are updated to better support the Splunk IT Service Intelligence (ITSI) Database module.

Fixed issues

Version 3.5.0 of the Splunk Add-on for Oracle Database contains no fixed issues.

Known issues

Version 3.5.0 of the Splunk Add-on for Oracle Database contains the following known issues.

Date Defect number Description
04/07/15 ADDON-3599 Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result oracle:session fields SADDR, CREATEOR_ADDR, etc have a value of '## NOT SUPPORTED TYPE ##'.

Third-party software attributions

Version 3.5.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.

Version 3.4.0

Version 3.4.0 of the Splunk Add-on for Oracle Database was released on April 1, 2016. Version 3.4.0 of the Splunk Add-on for Oracle Database is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.0 or later
CIM 3.0 or later
Platforms Platform independent
Vendor Products Oracle Database Server 10g/11g/12c

Upgrade guide

Version 3.4.0 of the Splunk Add-on for Oracle Database is designed to be used with Splunk DB Connect v2. Splunk DB Connect v1 continues to be supported, but upgrading to DB Connect v2 is recommended. The new source types in this version can only be collected using DB Connect v2.

If you are a DB Connect v2 user and are upgrading the Splunk Add-on for Oracle Database from version 3.3.0 to 3.4.0 and want to start collecting the new performance events (for use with the Splunk IT Service Intelligence app or otherwise), copy the input stanzas for the new source types, oracle:connections, oracle:pool:connections, oracle:database:size, oracle:table, oracle:user, oracle:query, and the updated input stanzas for oracle:session, oracle:sysPerf, and oracle:instance, from dbx2.inputs.conf.template to your DB Connect v2 input.conf file and modify as necessary for your environment.

If you are a DB Connect v1 user and you want to upgrade the Splunk Add-on for Oracle Database from version 3.3.0 to 3.4.0 to begin collecting the new performance events available in this release or integrate your Oracle data with the IT Service Intelligence app, you must first upgrade to DB Connect v2.

If you are a DB Connect v1 user and you are upgrading the Splunk Add-on for Oracle Database from version 3.3.0 to 3.4.0 and want to continue to collect events for the source types you have already been collecting, you need to edit the transforms.conf file as described in the Set up the database connection section to make sure it contains the correct lines to work with DB Connect v1 since the transforms.conf file is designed to work with DB Connect v2 by default in this release.

New features

Version 3.4.0 of the Splunk Add-on for Oracle Database has the following new feature.

Resolved date Defect number Description
2016-01-08 ADDON-7314 Add new performance events with the following source types and add support for the Splunk IT Service Intelligence (ITSI) Database module for these source types: oracle:connections, oracle:pool:connections, oracle:database:size, oracle:table, oracle:user, oracle:query. Add support for the ITSI Database module to the following existing source types: oracle:session, oracle:sysPerf, oracle:instance.

Fixed issues

Version 3.4.0 of the Splunk Add-on for Oracle Database fixes the following issue.

Resolved date Defect number Description
2016-03-09 ADDON-7882 Performance issues due to lookup and field name collision. Rename Action field in lookup.
2016-03-11 ADDON-7584 default/transforms.conf has lines that only apply to DB Connect 1. Should work by default for DB Connect 2.
2016-03-01 ADDON-7827 Update identifier for ITSI Database module.
2016-03-09 ADDON-3603 'ORA-01861: literal does not match format string’ error occurs in oracle:sysPerf. This error is a benign side-effect of casting and comparing END_TIME as a rising column.

Known issues

Version 3.4.0 of the Splunk Add-on for Oracle Database has the following known issues.

Date Defect number Description
04/09/15 ADDON-3644 oracle:sysPerf will not index more data when v$sysmetric_history has more rows.
04/08/15 ADDON-3622 Splunk DB Connect v2 gathers performance metrics in KV format instead of CSV format, breaking backwards compatibility for performance gathering events. Workaround: comment out stanzas in transforms.conf that are specific to csv format.
04/07/15 ADDON-3599 Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result oracle:session fields SADDR, CREATEOR_ADDR, etc have a value of '## NOT SUPPORTED TYPE ##'.

Third-party software attributions

Version 3.4.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.

Version 3.3.0

Version 3.3.0 of the Splunk Add-on for Oracle Database has the same compatibility specifications as the latest version.

New features

Version 3.3.0 of the Splunk Add-on for Oracle Database had the following new feature.

Resolved date Issue number Description
03/12/15 ADDON-2920 Add support for Splunk DB Connect v.2.0.0.

Fixed issues

Version 3.3.0 of the Splunk Add-on for Oracle Database fixes the following issues.

Resolved date Defect number Description
03/08/15 ADDON-3620 For sourcetype=oracle:audit:text, src, src_user, and user fields are not extracted.
03/08/15 ADDON-3623 Action field is not CIM compliant.
03/07/15 ADDON-3601 EVENT field of oracle:session source type is not extracted correctly.
03/07/15 ADDON-3600 Field name with # suffix is not extracted correctly.
03/05/15 ADDON-2536 Count of incidents in the last 24 hours is wrong.
03/04/15 ADDON-3188 Console startup errors when DB Connect is not present.

Known issues

Version 3.3.0 of the Splunk Add-on for Oracle Database has the following known issues.

Date Defect number Description
04/12/15 DBX-1687/
ADDON-3602
Splunk DB Connect does not support CSV output and breaks backward compatibility with DB Connect version 1.X. Workaround: DB Connect v2.X users can comment out stanzas in transforms.conf that are intended to support v1.X CSV output to avoid errors in the extraction.
04/09/15 ADDON-3644 oracle:sysPerf will not index more data when v$sysmetric_history has more rows.
04/08/15 ADDON-3622 Splunk DB Connect v2 gathers performance metrics in KV format instead of CSV format, breaking backwards compatibility for performance gathering events. Workaround: comment out stanzas in transforms.conf that are specific to csv format.
04/07/15 ADDON-3599 Data type RAW (8 byte) not supported due to limitation of DB Connect v.2.0.0. As a result oracle:session fields SADDR, CREATEOR_ADDR, etc have a value of '## NOT SUPPORTED TYPE ##'.
04/07/15 ADDON-3603 'ORA-01861: literal does not match format string’ error occurs in oracle:sysPerf. This error is a benign side-effect of casting and comparing END_TIME as a rising column.

Third-party software attributions

Version 3.3.0 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.

Version 3.2.3

Version 3.2.3 of the Splunk Add-on for Oracle Database has the same compatibility specifications as the latest version.

Fixed issues

Version 3.2.3 of the Splunk Add-on for Oracle Database fixed the following issues.

Resolved date Defect number Description
01/13/15 ADDON-2923 Four field alias typos in props.conf.
01/13/15 ADDON-2918 Default props configuration causes app=oracle to be added to all events.
01/13/15 ADDON-2917 Default input configuration disables all inputs.

Known issues

Version 3.2.3 of the Splunk Add-on for Oracle Database had the following known issue.

Date Defect number Description
11/13/14 ADDON-2217 Default inputs values display in Splunk Web despite local configuration in DB connect. Workaround: After configuration, delete the default/inputs.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_oracle/default.

Third-party software attributions

Version 3.2.3 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.


Version 3.2.2

Version 3.2.2 of the Splunk Add-on for Oracle Database has the same compatibility specifications as the latest version.

Fixed issues

Version 3.2.2 of the Splunk Add-on for Oracle Database fixed the following issue.

Resolved date Defect number Description
12/08/14 ADDON-2532 Remove two unused .csv files from lookups folder.

Known issues

Version 3.2.2 of the Splunk Add-on for Oracle Database had the following known issue.

Date Defect number Description
11/13/14 ADDON-2217 Default inputs values display in Splunk Web despite local configuration in DB connect. Workaround: After configuration, delete the default/inputs.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_oracle/default.

Third-party software attributions

Version 3.2.2 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.

Version 3.2.1

This version of the add-on has the same compatibility specifications as the latest version.

New features

Version 3.2.1 of the Splunk Add-on for Oracle Database had the following new features:

Resolved date Issue number Description
10/30/14 ADDON-2237 Pre-built panels for Oracle Database
10/19/14 ADDON-1996 Create mapping to Common Information Model
10/14/14 ADDON-1993 Performance metrics scripting - v11g
10/14/14 ADDON-1994 Basic inventory event monitoring - v11g
10/14/14 ADDON-1992 Incident log monitoring - v11g
10/14/14 ADDON-1990 Audit log monitoring - v11G

Fixed issues

Version 3.2.1 of the Splunk Add-on for Oracle Database fixed the following issues:

Resolved date Defect number Description
10/29/14 ADDON-2216 SQL query for oracle 10g sourcetype=oracle:osPerf is incorect in dbx sample inputs.conf
10/21/14 ADDON-2205 For CIM, field "availability" is incorrectly assigned to Database_Instance instead of Instance_Stats
10/26/14 ADDON-2195 For Oracle 10g linux, there is no "CUMULATIVE" in os perf metrics, thus need to update the SQL for database input
10/26/14 ADDON-2192 For database and instance metrics, field "Vendor" is not extracted
10/28/14 ADDON-2191 Lookup table oracle_ora_codes.csv misses some ORACODEs, such as ORA-20013
10/21/14 ADDON-2180 For incident log, RELATED_TRACE_FILE is not extracted as expected
10/19/14 ADDON-2179 For alert text log on oracle 11g/12c linux, DB_UNIQUE_NAME is not extracted
10/19/14 ADDON-2178 For alert xml log, the format of some ORACODE do not match that of look up table, thus fail to get mapped to desired fields
10/19/14 ADDON-2177 For audit xml log, there are two lookups configured for field "action", which may cause conflict
10/19/14 ADDON-2176 For audit text log, some values of field "ACTION" are not a number, thus look up will miss these entries
10/17/14 ADDON-2168 For audit text log, DBID is not extracted since the stanza "DBID_text" does not exist in transforms.conf
10/17/14 ADDON-2164 For audit log, LOOKUP-app fails to extract field "app"
10/19/13 ADDON-1031 Error in anonymization code

Known issues

Version 3.2.1 of the Splunk Add-on for Oracle Database had the following known issues.

Date Defect number Description
11/13/14 ADDON-2217 Default inputs values display in Splunk Web despite local configuration in DB connect. Workaround: After configuration, delete the default/inputs.conf file from $SPLUNK_HOME/etc/apps/Splunk_TA_oracle/default.

Third-party software attributions

Version 3.2.1 of the Splunk Add-on for Oracle Database does not incorporate any third-party software or libraries.

Last modified on 04 September, 2017
PREVIOUS
Release notes for the Splunk Add-on for Oracle Database
  NEXT
Hardware and software requirements for the Splunk Add-on for Oracle Database

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters