Splunk® User Behavior Analytics

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of UBA. Click here for the latest version.
Acrobat logo Download topic as PDF

Welcome to Splunk UBA 5.0.5

Splunk UBA 5.0.5 is a maintenance release. See About Splunk User Behavior Analytics and release types for more information about the different types of Splunk UBA releases.

If you are new to Splunk UBA, review all the steps in the Splunk UBA installation checklist before installing Splunk UBA.

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk UBA, read the following documentation before you get started:

What's new in 5.0.5

Splunk UBA 5.0.5 includes the following features and enhancements:

Feature or Enhancement Description
Operating system update This release provides support for Red Hat Enterprise Linux (RHEL) release 7.9.


See Operating system requirements in Install and Upgrade Splunk User Behavior Analytics manual.

EmployeeID Filter You can filter by employee ID from various locations in the product, such as users, anomalies, and threat tables, AAR, anomaly page, and threat page.
Per data source lag support You can customize data ingestion properties per data source.
Documentation Information for planning and sizing a new Splunk UBA deployment is available in the new Plan and Scale your Splunk UBA Deployment manual.


See About Splunk User Behavior Analytics in the Plan and Scale your Splunk UBA Deployment manual.

MaxMind database The MaxMind location database is updated for accurate mapping of IP addresses to geographic locations.
Splunk UBA Kafka Ingestion App This release of Splunk UBA is compatible with the latest update of the Splunk UBA Kafka Ingestion App.


See What's new in this release? in the Splunk UBA Kafka Ingestion App manual.

Updated Splunk forwarder The Splunk Forwarder included with Splunk UBA is upgraded to version 8.2.1.

Third-party software updates

The following third-party software updates are included in this release:

  • PostgreSQL is updated to version 10.17

Deprecated features

The functionality to use the legacy Netcat data source to push notable events from Splunk ES to Splunk UBA is deprecated and removed from both Splunk ES and Splunk UBA. Configure a Splunk ES Notables data source or use Splunk Direct to pull notable events from Splunk ES to Splunk UBA. See Pull notable events from Splunk ES to Splunk UBA in the Send and Receive Data from the Splunk Platform manual.

Last modified on 14 October, 2021
  NEXT
Known Issues in Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.5


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters