Release history for the Splunk Add-on for Windows
The latest version of the Splunk Add-on for Windows is version 8.9.0. See Release notes for the Splunk Add-on for Windows.
Version 8.8.0
Version 8.8.0 of the Splunk Add-on for Windows was released on August 3, 2023.
The Splunk Add-on for Windows DNS version 1.0.1 and the Splunk Add-on for Windows Active Directory version 1.0.0 are not supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and higher. The Splunk Add-on for Windows versions 6.0.0 and higher includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Compatibility
Version 8.8.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 4.15 and later |
| Platform | Windows |
| Vendor Products | Windows Server 2022, Windows 11, Windows Server 2019, Windows 8.1, Windows 10, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server |
New or changed features
Version 8.8.0 of the Splunk Add-on for Windows has the following new or changed features:
- Added a new data input to collect BIOS data from Windows hosts. See Collect BIOS data from the Windows Host Machine for more details on this data input and how to use it.
Fixed Issues
Version 8.8.0 of the Splunk Add-on for Windows fixes the following issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2023-07-17 | ADDON-61962 | Group_Name field extraction of windows security classic event for EventCode 4756 |
Known Issues
Version 8.8.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2022-07-21 | ADDON-54050 | Parsing does not work properly when a nested XML event is encoded. |
| 2018-09-06 | ADDON-19338 | Data duplication issue in WindowsUpdate.Log |
Version 8.7.0
Version 8.7.0 of the Splunk Add-on for Windows was released on April 21, 2023.
The Splunk Add-on for Windows DNS version 1.0.1 and the Splunk Add-on for Windows Active Directory version 1.0.0 are not supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and higher. The Splunk Add-on for Windows versions 6.0.0 and higher includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Compatibility
Version 8.7.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 4.15 and later |
| Platform | Windows |
| Vendor Products | Windows Server 2022, Windows 11, Windows Server 2019, Windows 8.1, Windows 10, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server |
New or changed features
Version 8.7.0 of the Splunk Add-on for Windows has the following new or changed features:
- Tagged Windows DNS logs collected in MSAD:NT6:DNS sourcetype with NetworkResolution:DNS data model and mapped the relevant CIM fields.
See CIM model and Field Mapping changes for MSAD:NT6:DNS for more details on the Event Code changes.
Fixed Issues
Version 8.7.0 of the Splunk Add-on for Windows fixes the following issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2023-05-03 | ADDON-61555 | src_nt_domain field extracting value from next line when "Security_ID" field is missing for source WinEventLog:Security |
Known Issues
Version 8.7.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:
Version 8.6.0
Version 8.6.0 of the Splunk Add-on for Windows was released on January 23, 2023.
The Splunk Add-on for Windows DNS version 1.0.1 and the Splunk Add-on for Windows Active Directory version 1.0.0 are not supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and higher. The Splunk Add-on for Windows versions 6.0.0 and higher includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Compatibility
Version 8.6.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 4.15 and later |
| Platform | Windows |
| Vendor Products | Windows Server 2022, Windows 11, Windows Server 2019, Windows 8.1, Windows 10, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server |
New or changed features
Version 8.6.0 of the Splunk Add-on for Windows has the following new or changed features:
- CIM enhancements for the following Event Codes: 4727, 4728, 4729, 4730, 4731, 4733, 4734, 4735, 4737, 4754, 4755, 4756, 4757, 4758, 4799, 4764. See Field Changes for more details on the Event Code changes.
(To review field extraction changes, please refer to Field Changes Section)
- For EventCodes: 4727, 4730, 4731, 4734, 4735, 4737, 4754, 4755, 4758, 4764 the user field has been removed as these events belong to object_category=group.
- Mapped the 4799 Event Code of the Windows Security to the Change:All_Changes data model.
Fixes
- Fixed the signature field extraction issue for source WinEventLog:System.
Notes:
- If the configured input has
evt_resolve_ad_obj = 1then the value forMember:Security_ID,Group:Security_ID,Subject:Security_IDwill be in enriched "DOMAIN\UserName" format. - If the configured input has
evt_resolve_ad_obj = 0then the value forMember:Security_ID,Group:Security_ID,Subject:Security_IDwill be in traditional Windows SID format, i.e. S-1-1234-etc
Field Changes
Source - WinEventLog:Security field mapping changes
| Source-type | EventCode | Fields added | Fields removed
|
|---|---|---|---|
['WinEventLog']
|
4727 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4728 | src_user_name, object_id, object, user_name, src | |
['WinEventLog']
|
4729 | src_user_name, object_id, object, user_name, src | |
['WinEventLog']
|
4730 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4731 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4733 | src_user_name, object_id, src | user |
['WinEventLog']
|
4734 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4735 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4737 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4754 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4755 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4756 | object_attrs, Group_Name, src_user_name, user_group, object_id, object, user_name, Group_Domain, src | |
['WinEventLog']
|
4757 | src_user_name, object_id, object, user_name, src | |
['WinEventLog']
|
4758 | src_user, src_user_name, object_id, object, src | user |
['WinEventLog']
|
4764 | src_user, src_user_name, object_id, object, src | user, object_attrs |
['WinEventLog']
|
4799 | object_category, result, change_type, subject, signature, object_id, object, user_name, src, name |
Source - XmlWinEventLog:Security field mapping changes
| Source-type | EventCode | Fields added | Fields removed |
|---|---|---|---|
['XmlWinEventLog']
|
4727 | src_user_name, src, object_id, object | user |
['XmlWinEventLog']
|
4728 | src_user_name, object_id, user_name, object_attrs, src, object | |
['XmlWinEventLog']
|
4729 | src_user_name, object_id, user_name, object_attrs, src, object | |
['XmlWinEventLog']
|
4730 | src_user_name, object_id, object_attrs, src, object | user |
['XmlWinEventLog']
|
4731 | src_user_name, src, object_id, object | user |
['XmlWinEventLog']
|
4733 | object_attrs, src_user_name, src, object_id | user |
['XmlWinEventLog']
|
4734 | src_user_name, object_id, object_attrs, src, object | user |
['XmlWinEventLog']
|
4735 | src_user_name, src, object_id, object | user |
['XmlWinEventLog']
|
4737 | src_user_name, src, object_id, object | user |
['XmlWinEventLog']
|
4754 | src_user_name, src, object_id, object | user |
['XmlWinEventLog']
|
4755 | src_user_name, src, object_id, object | user |
['XmlWinEventLog']
|
4756 | src_user_name, object_id, user_name, object_attrs, src, object | |
['XmlWinEventLog']
|
4757 | src_user_name, object_id, user_name, object_attrs, src, object | |
['XmlWinEventLog']
|
4758 | src_user_name, object_id, object_attrs, src, object | user |
['XmlWinEventLog']
|
4764 | src_user_name, src, object_id, object | user |
['XmlWinEventLog']
|
4799 | result, object_id, user_name, object_attrs, change_type, name, src, subject, object, signature, object_category |
Fixed Issues
Version 8.6.0 of the Splunk Add-on for Windows fixes the following issues:
Known Issues
Version 8.6.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:
Version 8.5.0
Version 8.5.0 of the Splunk Add-on for Windows was released on April 21, 2022.
The Splunk Add-on for Windows DNS version 1.0.1 and the Splunk Add-on for Windows Active Directory version 1.0.0 are not supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and higher. The Splunk Add-on for Windows versions 6.0.0 and higher includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Compatibility
Version 8.5.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 4.15 and later |
| Platform | Windows |
| Vendor Products | Windows Server 2022, Windows 11, Windows Server 2019, Windows 8.1, Windows 10, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server |
New or changed features
Version 8.5.0 of the Splunk Add-on for Windows has the following new or changed features:
- CIM enhancements for these Event Codes: 104, 1102, 4624, 4625, 4634, 4698, 4700, 4701, 4702, 4719, 720, 4732, 4740, 4800, 4801
(To review field extraction changes, please refer to Field Changes Section)
- Removed the incorrect
Endpoint:FilesystemCIM tags from the wineventlog_windows event type. - Removed the
fs_notificationevent type andfs_notificationsource type extractions as Splunk no longer supports this source type.
Fixes
- Fixed the user field extraction issue for Event Codes 4728, 4729, 4732 when the distinguished name (DN) contains "Lastname, Firstname".
Notes:
- If the
Member:Security_IDvalue uses the enriched "DOMAIN\UserName" format then the user field would be extracted as UserName. - If the
Member:Security_IDvalue uses the traditional Windows SID (S-1234-etc) format then the user field will be extracted from the first RDN section of the Member:Account Name string (which gets logged as an LDAP DN format). - If the
Member:Security_IDvalue uses the traditional Windows SID (S-1234-etc) format and the first RDN section ofMember:Account NameasCN=Lastname\,Firstname,OU=Users,DC=CONTOSO,DC=com,then it can be in thelastname,firstnameformat, in which case user field will not be extracted.
Field Changes
Source - WinEventLog:System field mapping changes
| Source-type | EventCode | Fields added | Fields removed |
|---|---|---|---|
['WinEventLog']
|
104 | object, user_name, object_category, action, result, status, change_type |
Source - XmlWinEventLog:System field mapping changes
| Source-type | EventCode | Fields added | Fields removed |
|---|---|---|---|
['WinEventLog']
|
104 | user, object, user_name, object_category, user_data_channel, action, result, status, change_type |
Source - WinEventLog:Security field mapping changes
| Source-type | EventCode | Fields added | Fields removed
|
|---|---|---|---|
['WinEventLog']
|
1102 | result, object, user_name | |
['WinEventLog']
|
4624 | authentication_method | |
['WinEventLog']
|
4625 | authentication_method | |
['WinEventLog']
|
4634 | object_id, change_type, object, user_name, object_category, object_attrs, result, src_user, src_user_name | |
['WinEventLog']
|
4698 | object, user_name, TaskContent, object_category, object_attrs, result, change_type | |
['WinEventLog']
|
4700 | object, user_name, TaskContent, object_category, object_attrs, result, change_type | |
['WinEventLog']
|
4701 | object, user_name, TaskContent, object_category, object_attrs, result, change_type | |
['WinEventLog']
|
4702 | object, user_name, TaskNewContent, object_category, object_attrs, result, change_type | |
['WinEventLog']
|
4719 | result, object, user_name | |
['WinEventLog']
|
4720 | src_user_name, object_id, object, user_name, object_attrs, New_Account_Account_Name, New_Account_Domain, New_Account_Security_ID | |
['WinEventLog']
|
4732 | src_user_name, object_id, Member_Security_ID, object, user_name, Member_Account_Name | |
['WinEventLog']
|
4740 | src_user_name, object_id, Account_Locked_Out_Security_ID, Account_Locked_Out_Name, object, user_name, object_attrs | |
['WinEventLog']
|
4800 | change_type, object, user_name, object_category, object_attrs, result, src_user, src_user_name | |
['WinEventLog']
|
4801 | change_type, object, user_name, object_category, object_attrs, result, src_user, src_user_name |
Source - XmlWinEventLog:Security field mapping changes
| Source-type | EventCode | Fields added | Fields removed |
|---|---|---|---|
['XmlWinEventLog']
|
1102 | result, object, user, user_name | |
['XmlWinEventLog']
|
4624 | authentication_method | |
['XmlWinEventLog']
|
4625 | authentication_method | |
['XmlWinEventLog']
|
4634 | object_id, change_type, object, user_name, object_category, object_attrs, result, src_user, src_user_name, src_nt_domain | |
['XmlWinEventLog']
|
4698 | user, object, user_name, object_category, object_attrs, result, change_type | |
['XmlWinEventLog']
|
4700 | user, object, user_name, object_category, object_attrs, result, change_type | |
['XmlWinEventLog']
|
4701 | user, object, user_name, object_category, object_attrs, result, change_type | |
['XmlWinEventLog']
|
4702 | user, object, user_name, object_category, object_attrs, result, change_type | |
['XmlWinEventLog']
|
4719 | result, object, user, user_name | |
['XmlWinEventLog']
|
4720 | src_user_name, object_id, object, user_name, object_attrs | |
['XmlWinEventLog']
|
4732 | src_user_name, object_id, object, user_name, object_attrs | |
['XmlWinEventLog']
|
4740 | src_user_name, object, user_name, object_attrs | |
['XmlWinEventLog']
|
4800 | change_type, object, user_name, object_category, object_attrs, result, src_user, src_user_name, src_nt_domain | |
['XmlWinEventLog']
|
4801 | change_type, object, user_name, object_category, object_attrs, result, src_user, src_user_name, src_nt_domain |
Fixed Issues
Version 8.5.0 of the Splunk Add-on for Windows fixes the following issues:
Known Issues
Version 8.5.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:
Version 8.4.0
Version 8.4.0 of the Splunk Add-on for Windows was released on February 1, 2022.
The Splunk Add-on for Windows DNS version 1.0.1 and the Splunk Add-on for Windows Active Directory version 1.0.0 are not supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and higher. The Splunk Add-on for Windows versions 6.0.0 and higher includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Compatibility
Version 8.4.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 4.15 and later |
| Platform | Windows |
| Vendor Products | Windows Server 2022, Windows 11, Windows Server 2019, Windows 8.1, Windows 10, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server |
New or changed features
Version 8.4.0 of the Splunk Add-on for Windows has the following new or changed features:
Features
- Enhanced "win_listening_ports.bat" input to get the process name associated with the listening port.
- Added 'storage_free', 'storage', 'storage_used', and 'storage_used_percent' field extractions for "PerfmonMk:LogicalDisk" sourcetype.
- Added 'user_type'=computer field extraction for the EventCodes 4741, 4742, and 4743.
- Added 'dest' and 'resource_type' field extractions for the "Script:TimesyncStatus" sourcetype.
- Introduced a new eventtype 'windows_security_change_account' (with tags: 'account', 'change' and CIM datamodel: Change:Account_Management) which will only apply to Windows Event Codes: 4703, 4704, 4705, 4722, 4723, 4724, 4725, 4726, 4738, 4767, and 4781 falling under source="WinEventLog:Security" OR source="XmlWinEventLog:Security". Also enhanced the CIM mappings for these Event Codes. (To review field extraction changes, please refer to "Field Changes" Section)
- Excluded Event Codes: 4703, 4704, 4705, 4722, 4723, 4724, 4725, 4726, 4738, 4767, 4781 from 'wineventlog_windows' eventtype to remove the incorrect Endpoint:Filesystem CIM tag.
- Added support of the latest DHCP event format and enhanced the CIM mapping of the "DhcpSrvLog" sourcetype.
| CIM Data Model | DHCP Event IDs before v8.4.0 | DHCP Event IDs after v8.4.0 |
|---|---|---|
['Network Sessions:DHCP']
|
All the DHCP events (sourcetype=DhcpSrvLog) | 10,11,12,13,14,15,16,17,18 |
['Network Sessions:Session_Start']
|
10,11,13 | 10,11 |
['Network Sessions:Session_End']
|
12,16,17 | 12,16,17,18 |
Notes:
- Removed the tags (dhcp network session) from 'DhcpSrvLog' eventtype and created new 'DhcpSrvLog_dhcp' eventtype which covers Event Codes mapped with NetworkSession:dhcp DM.
- The header for latest supported event format is [ ID,Date,Time,Description,IP Address,Host Name,MAC Address,User Name, TransactionID, QResult,Probationtime, CorrelationID,Dhcid,VendorClass(Hex),VendorClass(ASCII),UserClass(Hex),UserClass(ASCII),RelayAgentInformation,DnsRegError ]
Fixes
- Removed invalid 'object' field extraction (sourcetype AS object) from all security events. (Note: Existing users relying on the 'object' field can directly use the 'sourcetype' field.)
- Fixed the 'Name' field extraction issue for "WMI:LocalProcesses" sourcetype when Name contains the space character.
Field Changes
Source - WinEventLog:Security field mapping changes
| Source-type | EventCode | Fields added | Fields removed |
|---|---|---|---|
['WinEventLog']
|
4703 | change_type, Subject_Security_ID, Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, object_category, Target_Logon_ID, object_attrs, Target_Account_Name, user_name, user_group, Target_Account_Domain, result, object_id | |
['WinEventLog']
|
4704 | change_type, Subject_Security_ID, Subject_Account_Domain, src_user_name, Subject_Logon_ID, Subject_Account_Name, object_category, Target_Account_Name, object_attrs, user_name, user_group, result | |
['WinEventLog']
|
4705 | change_type, Subject_Security_ID, Subject_Account_Domain, src_user_name, Subject_Logon_ID, Subject_Account_Name, object_category, Target_Account_Name, object_attrs, user_name, user_group, result | |
['WinEventLog']
|
4722 | Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, Target_Account_Name, user_name, object_attrs, Target_Account_Domain, user_group, Subject_Security_ID, object_id | |
['WinEventLog']
|
4723 | Subject_Security_ID, Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, Target_Account_Name, user_name, Target_Account_Domain, user_group, result, object_id | |
['WinEventLog']
|
4724 | Subject_Security_ID, Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, Target_Account_Name, user_name, Target_Account_Domain, user_group, result, object_id | |
['WinEventLog']
|
4725 | Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, Target_Account_Name, user_name, object_attrs, Target_Account_Domain, user_group, Subject_Security_ID, object_id | |
['WinEventLog']
|
4726 | Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, Target_Account_Name, user_name, object_attrs, Target_Account_Domain, user_group, Subject_Security_ID, object_id | |
['WinEventLog']
|
4738 | Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, Target_Account_Name, user_name, object_attrs, Target_Account_Domain, user_group, Subject_Security_ID, object_id | |
['WinEventLog']
|
4767 | Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, Target_Account_Name, user_name, object_attrs, Target_Account_Domain, user_group, Subject_Security_ID, object_id | |
['WinEventLog']
|
4781 | Target_Old_Account_Name, src_user, Target_New_Account_Name, Subject_Account_Domain, src_user_name, Subject_Logon_ID, Target_Security_ID, Subject_Account_Name, user_name, Target_Account_Domain, Subject_Security_ID, object_id |
Source - XmlWinEventLog:Security field mapping changes
| Source-type | EventCode | Fields added | Fields removed |
|---|---|---|---|
['XmlWinEventLog']
|
4703 | result, user_name, object_attrs, object_category, object_id, src_user_name, change_type | |
['XmlWinEventLog']
|
4704 | result, object_attrs, object_id, object_category, src_user_name, change_type | |
['XmlWinEventLog']
|
4705 | result, object_attrs, object_id, object_category, src_user_name, change_type | |
['XmlWinEventLog']
|
4722 | user_name, object_attrs, src_user_name, object_id | |
['XmlWinEventLog']
|
4723 | result, user_name, src_user_name, object_id | |
['XmlWinEventLog']
|
4724 | result, user_name, src_user_name, object_id | |
['XmlWinEventLog']
|
4725 | user_name, object_attrs, src_user_name, object_id | |
['XmlWinEventLog']
|
4726 | user_name, object_attrs, src_user_name, object_id | |
['XmlWinEventLog']
|
4738 | user_name, object_attrs, src_user_name, object_id | |
['XmlWinEventLog']
|
4767 | user_name, object_attrs, src_user_name, object_id | |
['XmlWinEventLog']
|
4781 | user, user_name, src_user_name, object_id |
Fixed Issues
Version 8.4.0 of the Splunk Add-on for Windows fixes the following issues:
Known Issues
Version 8.4.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:
Version 8.3.0
Version 8.3.0 of the Splunk Add-on for Windows was released on December 8, 2021.
The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is lower than 5.0.0, you must follow the steps outlined in Upgrade the Splunk Add-on for Windows. Failure to do so can result in data loss.
The Splunk Add-on for Windows DNS version 1.0.1 and the Splunk Add-on for Windows Active Directory version 1.0.0 are not supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and higher. The Splunk Add-on for Windows versions 6.0.0 and higher includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Compatibility
Version 8.3.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 4.15 and later |
| Platform | Windows |
| Vendor Products | Windows Server 2022, Windows 11, Windows Server 2019, Windows 8.1, Windows 10, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server |
New or changed features
Version 8.3.0 of the Splunk Add-on for Windows has the following new or changed features:
Features
- Support for Windows Server 2022 and Windows 11
Fixed Issues
Version 8.3.0 of the Splunk Add-on for Windows fixes the following issues:
Known Issues
Version 8.3.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:
| Installation and configuration overview for the Splunk Add-on for Windows | Install the Splunk Add-on for Windows |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!