Release notes for the Splunk Add-on for Unix and Linux

Version 9.2.0 of the Splunk Add-on for Unix and Linux was released on July 12, 2024.

Compatibility

Version 9.2.0 of the Splunk Add-on for Unix and Linux is compatible with the following software, CIM versions, and platforms:

See the Scripted input reference for the Splunk Add-on for Unix and Linux page in the Reference chapter of this manual to learn more about scripted inputs and their operating system compatibility.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 9.2.0 of the Splunk Add-on for Unix and Linux has the following new features:

• Support for macOS Ventura 13
• Support for macOS Sonoma 14
• Support for OEL 8
• Support of IPv6 data collection
• Support for non-english locales in rlog script
• Restricted monitoring of temporary files in /etc/ and /var/adm/
• Enhanced hardware script to fetch required data when dmesg is restricted
• Added user, user_id, src_user_id field extraction as per new format in linux logs
• Added explicit timestamp extraction for linux_audit sourcetype

Bug fixes

• Fixed awk error for selinuxChecker script
• Fixed inconsistent app field values for linux_secure sourcetype
• Fixed regex error for update script
• Fixed the issue with the output format while using non-english locales

Fixed issues

Version 9.2.0 of the Splunk Add-on for Unix and Linux has the following known issues. If no issues appear here, no issues have yet been reported:

Known issues

Version 9.2.0 of the Splunk Add-on for Unix and Linux has the following known issues. If no issues appear here, no issues have yet been reported:

Third-party software attributions

The Splunk Add-on for Unix and Linux does not use third-party software or libraries.