Splunk® App for Windows Infrastructure

Deploy and Use the Splunk App for Windows Infrastructure

Download manual as PDF

This documentation does not apply to the most recent version of MSApp. Click here for the latest version.
Download topic as PDF

Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk App for Windows Infrastructure.

The latest version of the Splunk App for Windows Infrastructure was released on Tuesday, December 15, 2015.

What's new

Here is what's new in the latest version of the Splunk App for Windows Infrastructure:

Publication date Defect number Description
2015-11-12 N/A Bug fixes.
2015-11-12 TAG-9715 The app now works with search head clusters.

Current known issues

The Splunk App for Windows Infrastructure has the following known issues:

Publication date Defect number Description
2016-2-29 TAG-10703 If you configure the Splunk Add-on for Windows to render Windows Event Log events in XML format, some dashboard panels in the app do not display properly.
N/A TAG-8544 The Host Inventory and Host Overview pages do not function in the app due to a missing configuration in the Splunk Add-on for Windows. To work around the problem, add the following stanza to the inputs.conf in the Splunk Add-on for Windows and deploy it to all of the servers in the environment:

[WinHostMon://OperatingSystem]

interval = 600

disabled = 0

type = OperatingSystem

index = windows

N/A MSAPP-2259
MSAPP-2277
The dashboard builder does not work properly with Internet Explorer version 8 or earlier. To work around the problem, use another Splunk Enterprise-supported browser.
N/A MSAPP-2109 Some minor artifacts occur when you collapse the "Add Panels" sidebar on the Dashboard Builder page.
2015-11-12 TAG-9508 The app causes search heads that run Hunk to generate errors because Hunk attempts to search both real and virtual indexes.
2015-11-12 TAG-9555 The split_ldapgroup macro does not split out the member list correctly. This affects the member list panel in the Active Directory > Groups > Group Audit dashboard.
2015-11-12 TAG-9913 The "User" panel of the "Account Lockout Activity" page only shows the latest entry for a user lockout regardless of the number of lockouts a user might have.
2015-11-12 TAG-10120 If you install the app on a Linux search head, attempts to access the app on a Windows host with Internet Explorer version 11 fail with a scripting error. To work around the problem, use another Splunk-supported browser.
2015-11-12 TAG-10194 Nothing happens when you click on a host in the "Host Overview" dashboard. The expected behavior is to open the "Host Inventory" dashboard with information on the host you selected.

Change log (what's been fixed)

Publication date Defect number Description
2015-11-12 TAG-9123 A problem that prevented most of the Active Directory panels in the app from populating was fixed.
2015-11-12 TAG-9534 A problem that prevented the Active Directory > Group Changes and "Membership changes" pages was fixed.
2015-11-12 TAG-9556 The Splunk roles "winfra-admin" and "exchange-admin" now have default access to the msad index.
2015-11-12 TAG-9719 The ad-health.ps1 script no longer generates a null-valued expression when it runs on a read-only domain controller (RODC).
2015-11-12 TAG-9844 The "Account Lockout Activity" panel now populates data for Event Code 4740 (a user lockout event.)
2015-11-12 TAG-9905 A syntax error that prevented macro expansion for the "Org Units: New" dashboard panel was fixed.
PREVIOUS
Best practices guide
  NEXT
Third-party software attributions/credits

This documentation applies to the following versions of Splunk® App for Windows Infrastructure: 1.2.0


Comments

Hi,

The app was released on December 15, 2015. Thanks for the heads up.

Malmoore, Splunker
January 5, 2016

The release date shows as $TBA, it should say December 9th (based on the splunkbase app page)

Dturnbull splunk, Splunker
December 22, 2015

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters