Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk App for Windows Infrastructure.

The latest version of the Splunk App for Windows Infrastructure was released on July 18, 2016.

What's new

Here is what's new in the latest version of the Splunk App for Windows Infrastructure:

Publication date	Defect number	Description
2016-7-18	N/A	The app no longer includes the Splunk Add-ons for Microsoft Active Directory (TA-DomainController) or Windows DNS (TA-DNSServer). These add-ons now have new names and are available from Splunkbase as separate downloads (`Splunk_TA_Microsoft_AD` for the Microsoft Active Directory add-on and `Splunk_TA_Microsoft_DNS` for the Windows DNS add-on.) You must download and install them separately for the Splunk App for Windows Infrastructure to continue working. See Upgrade from version 1.2.x for the upgrade procedure.

Current known issues

The Splunk App for Windows Infrastructure has the following known issues:

-

Publication date	Defect number	Description
2016-2-29	TAG-10770	When you upgrade to Splunk Enterprise 6.3.3 or later, Splunk Enterprise generates the following messages on startup: `Invalid key in stanza [ui] in /opt/splunk/etc/apps/splunk_app_windows_infrastructure/default/app.conf, line 15: attribution_link (value: app.attributions). Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'` These messages can be safely ignored.
2016-2-29	TAG-10754	The PowerShell script within the `TA-DomainController-2012R2` add-on does not exit after execution.
2016-2-29	TAG-10742	The app displays a 404 error during first-time setup even though data that the app needs is available and can be searched with the Search and Reporting app.
2016-2-29	TAG-10703	If you configure the Splunk Add-on for Windows to render Windows Event Log events in XML format, some dashboard panels in the app do not display properly.
2016-2-29	TAG-10622	Some of the lookup files in the app are empty and this causes Splunk Enterprise to throw errors in splunkd.log such as `WARN SearchResults - D:\Splunk\etc\apps\splunk_app_windows_infrastructure\ lookups\windows_processes_process.csv is empty, multi-line header is missing matching quotation, or could not parse CSV header`.
2016-2-29	TAG-10588	The app incorrectly counts Kerberos events (such as Event Log ID 4768) as failed authentication events.
2016-2-29	TAG-10497	The `msad-nt6-disabled-logons` event type looks for Event Log ID 4625 events with status code `C000006E` (which translates to "invalid user name or bad password") instead of the correct status code `C000006D`.
2016-2-29	TAG-10484	The app menu bar does not appear regardless of browser; the app logs a message like the following in splunkd.log: `appnav:379 - An unknown view name "setup" is referenced in the navigation definition for "splunk_app_windows_infrastructure".`
2015-11-12	TAG-9913	The "User" panel of the "Account Lockout Activity" page only shows the latest entry for a user lockout regardless of the number of lockouts a user might have.
2015-11-12	TAG-9555	The `split_ldapgroup` macro does not split out the member list correctly. This affects the member list panel in the Active Directory > Groups > Group Audit dashboard.
2015-11-12	TAG-9508	The app causes search heads that run Hunk to generate errors because Hunk attempts to search both real and virtual indexes.

Change log (what's been fixed)

Publication date	Defect number	Description
$DATE	N/A	The Splunk Add-on for Active Directory (TA-DomainController) and Splunk Add-on for Windows DNS (TA-DNSServer) have been removed from the product and are now a separate download.

Related answers from Splunk Community

Release notes

What's new

Current known issues

Change log (what's been fixed)

Comments

Release notes

Was this topic useful?