Upgrade the Splunk Add-on for Unix and Linux
Upgrade from version 8.7.0 to version 8.8.0
See the following steps to upgrade from version 8.7.0 to version 8.8.0 of the Splunk Add-on for Unix and Linux:
Limiting event types
Before add-on v8.8.0, a given event type covered a broader set of events. For example, the [failed_login] event type was defined as:
search = (NOT sourcetype=stash) "failed login" OR "FAILED LOGIN" OR "Authentication failure" OR "Failed to authenticate user" OR "authentication ERROR" OR "Failed password for".
Similar event type regexes have been filtered to match only the required data for the add-on.
It is possible that events which were previously matched by event types will no longer be matched after upgrading to v8.8.0.
To solve this, we have introduced a new event type named
nix_ta_custom_eventtype. Update this event type to include required events.
To update the event type from Splunk web, see Update an event type in settings in the Splunk Cloud Platform manual.
For example, to add a custom sourcetype "xyz" to the add-on's event types, set the following value:
[nix_ta_custom_eventtype] search = sourcetype = "xyz"
Upgrade from version 8.6.0 to version 8.7.0
Upgrade from version 8.6.0 to version 8.7.0 of the Splunk Add-on for Unix and Linux is seamless. There are no additional steps required for this version upgrade. See Install the Splunk Add-on for Unix and Linux in this manual.
Use the installation steps in this manual to upgrade from versions 7.0 and above to the latest version of this add-on.
Before upgrading to the Splunk Add-on for Unix and Linux versions 8.1.0 and higher, verify that you have the
bash shell installed on your system. If the
bash shell is not installed, the
package inputs will not work.
Install the Splunk Add-on for Unix and Linux
Enable data and scripted inputs for the Splunk Add-on for Unix and Linux
This documentation applies to the following versions of Splunk® Supported Add-ons: released