Splunk® User Behavior Analytics

Release Notes

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Welcome to Splunk UBA 5.3.0

Splunk UBA 5.3.0 is a major release. See About Splunk User Behavior Analytics and release types for more information about the different types of Splunk UBA releases.

If you are new to Splunk UBA, review all the steps in the Splunk UBA installation checklist before installing Splunk UBA.

The introduction of UBA 5.3.0 means the End of Support for UBA 5.0.x versions. For more information, see the Splunk Software Support Policy

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk UBA, read the following documents before you get started:

What's new in 5.3.0

Splunk UBA version 5.3.0 includes the following features and changes:

Feature, enhancement, or change Description
Operating System updates: The 5.3.0 release provides the following operating system updates:
  • Support for Ubuntu version 20.04 (new installations and upgrades).
  • Support for RHEL version 8.6 and 8.8 (new installations and upgrades).
  • Support for Oracle/Linux version 8.8 (new installations and upgrades).

The 5.3.0 AMI install package is available shortly after GA for AWS environments.

For more information, see Operating system requirements in the Install and Upgrade Splunk User Behavior Analytics manual.

20 Node XL cluster A new 20 node cluster option is now available. This 20 Node XL cluster is a vertically scaled-up version of the current 20 node "Classic" option. The XL option offers increased events-per-second (EPS) support up to 160K, supports up to 750K accounts, and up to 1M devices.

To learn more, see About the 20 Node XL option in the Plan and Scale your Splunk UBA Deployment manual.

New and enhanced UBA models
Health Monitor new indicator New indicator for backup disk utilization in the Health Monitor user interface.
Security enhancements
  • Supports openjdk-8u372-b07
  • Compatible with Splunk Universal Forwarder
  • Supports security related HTTP headers
  • Eliminated use of static cypher keys
  • Removed/replaced all Log4j jars in new Impala container
MaxMind database refresh The Maxmind GeoLite2-City DB GeoLite2-City_20230718 (07/18/2023) is bundled with UBA 5.3.0.

User can keep the Maxmind DB up to date by following these instructions: https://community.splunk.com/t5/Splunk-User-Behavior-Analytics/Adding-IP-database-to-UBA/m-p/591635

Splunk UBA external dependencies

You can download a PDF file listing the external dependencies required to install Splunk UBA:

Do not independently upgrade the following UBA-dependent components to avoid impacting UBA operations:

  • docker
  • hadoop
  • hive
  • impala
  • influxdb
  • kafka
  • kubernetes
  • nodejs
  • openjdk
  • postgresql
  • protobuf
  • redis
  • spark
  • zookeeper
Last modified on 18 July, 2024
  Known issues in Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.3.0

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters