Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk App for Windows Infrastructure.

The latest version of the Splunk App for Windows Infrastructure was released on July 18, 2016.

What's new

Here is what's new in the latest version of the Splunk App for Windows Infrastructure:

Publication date Defect number Description
2016-7-18 N/A The app no longer includes the Splunk Add-ons for Microsoft Active Directory (TA-DomainController*) or Windows DNS (TA-DNSServer*). These add-ons now have new names and are available from Splunkbase as separate downloads (Splunk_TA_Microsoft_AD for the Microsoft Active Directory add-on and Splunk_TA_Microsoft_DNS for the Windows DNS add-on.) You must download and install them separately for the Splunk App for Windows Infrastructure to continue working. See Upgrade from version 1.2.x for the upgrade procedure.

Current known issues

The Splunk App for Windows Infrastructure has the following known issues:

-
Publication date Defect number Description
2016-2-29 TAG-10770 When you upgrade to Splunk Enterprise 6.3.3 or later, Splunk Enterprise generates the following messages on startup:

Invalid key in stanza [ui] in /opt/splunk/etc/apps/splunk_app_windows_infrastructure/default/app.conf, line 15: attribution_link (value: app.attributions). Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'

These messages can be safely ignored.

2016-2-29 TAG-10754 The PowerShell script within the TA-DomainController-2012R2 add-on does not exit after execution.
2016-2-29 TAG-10742 The app displays a 404 error during first-time setup even though data that the app needs is available and can be searched with the Search and Reporting app.
2016-2-29 TAG-10703 If you configure the Splunk Add-on for Windows to render Windows Event Log events in XML format, some dashboard panels in the app do not display properly.
2016-2-29 TAG-10622 Some of the lookup files in the app are empty and this causes Splunk Enterprise to throw errors in splunkd.log such as WARN SearchResults - D:\Splunk\etc\apps\splunk_app_windows_infrastructure\ lookups\windows_processes_process.csv is empty, multi-line header is missing matching quotation, or could not parse CSV header.
2016-2-29 TAG-10588 The app incorrectly counts Kerberos events (such as Event Log ID 4768) as failed authentication events.
2016-2-29 TAG-10497 The msad-nt6-disabled-logons event type looks for Event Log ID 4625 events with status code C000006E (which translates to "invalid user name or bad password") instead of the correct status code C000006D.
2016-2-29 TAG-10484 The app menu bar does not appear regardless of browser; the app logs a message like the following in splunkd.log: appnav:379 - An unknown view name "setup" is referenced in the navigation definition for "splunk_app_windows_infrastructure".
2015-11-12 TAG-9913 The "User" panel of the "Account Lockout Activity" page only shows the latest entry for a user lockout regardless of the number of lockouts a user might have.
2015-11-12 TAG-9555 The split_ldapgroup macro does not split out the member list correctly. This affects the member list panel in the Active Directory > Groups > Group Audit dashboard.
2015-11-12 TAG-9508 The app causes search heads that run Hunk to generate errors because Hunk attempts to search both real and virtual indexes.

Change log (what's been fixed)

Publication date Defect number Description
$DATE N/A The Splunk Add-on for Active Directory (TA-DomainController*) and Splunk Add-on for Windows DNS (TA-DNSServer*) have been removed from the product and are now a separate download.
Last modified on 07 September, 2016
Best practices guide   Third-party software attributions/credits

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters