Release notes
This topic contains information on new features, known issues, and updates as we version the Splunk App for Windows Infrastructure.
The latest version of the Splunk App for Windows Infrastructure was released on July 18, 2016.
What's new
Here is what's new in the latest version of the Splunk App for Windows Infrastructure:
Publication date | Defect number | Description |
2016-7-18 | N/A | The app no longer includes the Splunk Add-ons for Microsoft Active Directory (TA-DomainController*) or Windows DNS (TA-DNSServer*). These add-ons now have new names and are available from Splunkbase as separate downloads (Splunk_TA_Microsoft_AD for the Microsoft Active Directory add-on and Splunk_TA_Microsoft_DNS for the Windows DNS add-on.) You must download and install them separately for the Splunk App for Windows Infrastructure to continue working. See Upgrade from version 1.2.x for the upgrade procedure.
|
Current known issues
The Splunk App for Windows Infrastructure has the following known issues:
-Publication date | Defect number | Description |
2016-2-29 | TAG-10770 | When you upgrade to Splunk Enterprise 6.3.3 or later, Splunk Enterprise generates the following messages on startup:
These messages can be safely ignored. |
2016-2-29 | TAG-10754 | The PowerShell script within the TA-DomainController-2012R2 add-on does not exit after execution.
|
2016-2-29 | TAG-10742 | The app displays a 404 error during first-time setup even though data that the app needs is available and can be searched with the Search and Reporting app. |
2016-2-29 | TAG-10703 | If you configure the Splunk Add-on for Windows to render Windows Event Log events in XML format, some dashboard panels in the app do not display properly. |
2016-2-29 | TAG-10622 | Some of the lookup files in the app are empty and this causes Splunk Enterprise to throw errors in splunkd.log such as WARN SearchResults - D:\Splunk\etc\apps\splunk_app_windows_infrastructure\ lookups\windows_processes_process.csv is empty, multi-line header is missing matching quotation, or could not parse CSV header .
|
2016-2-29 | TAG-10588 | The app incorrectly counts Kerberos events (such as Event Log ID 4768) as failed authentication events. |
2016-2-29 | TAG-10497 | The msad-nt6-disabled-logons event type looks for Event Log ID 4625 events with status code C000006E (which translates to "invalid user name or bad password") instead of the correct status code C000006D .
|
2016-2-29 | TAG-10484 | The app menu bar does not appear regardless of browser; the app logs a message like the following in splunkd.log: appnav:379 - An unknown view name "setup" is referenced in the navigation definition for "splunk_app_windows_infrastructure".
|
2015-11-12 | TAG-9913 | The "User" panel of the "Account Lockout Activity" page only shows the latest entry for a user lockout regardless of the number of lockouts a user might have. |
2015-11-12 | TAG-9555 | The split_ldapgroup macro does not split out the member list correctly. This affects the member list panel in the Active Directory > Groups > Group Audit dashboard.
|
2015-11-12 | TAG-9508 | The app causes search heads that run Hunk to generate errors because Hunk attempts to search both real and virtual indexes. |
Change log (what's been fixed)
Publication date | Defect number | Description |
$DATE | N/A | The Splunk Add-on for Active Directory (TA-DomainController*) and Splunk Add-on for Windows DNS (TA-DNSServer*) have been removed from the product and are now a separate download. |
Best practices guide | Third-party software attributions/credits |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.3.0
Feedback submitted, thanks!