Splunk® User Behavior Analytics

Release Notes

Welcome to Splunk UBA 5.4.1

Splunk UBA 5.4.1 is a maintenance and patch release. See About Splunk User Behavior Analytics and release types for more information about the different types of Splunk UBA releases.

If you are new to Splunk UBA, review all the steps in the Splunk UBA installation checklist before installing Splunk UBA.

Lower versions of Splunk UBA reach End of Support on set timelines. For more information, see the Splunk Support Policy

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk UBA, read the following documents before you get started:

What's new in version 5.4.1

Splunk UBA version 5.4.1 includes the following features and changes:

Feature, enhancement, or change Description
Operating System updates: The 5.4.1 release supports the following operating systems:
  • Ubuntu version 20.04 (upgrades only, not new installations).
  • RHEL version 8.10 (new installations and upgrades).
  • RHEL version 8.8 (new installations and upgrades).
  • RHEL version 8.6 (upgrades only, not new installations).
  • Oracle/Linux (OEL) version 8.10 (new installations and upgrades).
  • Oracle/Linux (OEL) version 8.9 (new installations and upgrades).
  • Oracle/Linux (OEL) version 8.8 (upgrades only, not new installations).

For more information, see Operating system requirements in the Install and Upgrade Splunk User Behavior Analytics manual.

False Positive Suppression Model enhancement A Large Language Model (LLM) connector is now available. When you use the LLM connector, the model adheres to the thresholdRanking parameter. This parameter defines the maximum number of false alerts it will classify. See False Positive Suppression Model in the Use Splunk User Behavior Analytics manual.
Powershell Threat Detection Model enhancements Splunk UBA version 5.4.1 introduces multiple enhancements to support the latest Windows log formats. For details see the new Splunk blog post Onboarding Windows Events to Powershell Threat Detection in UBA.

To learn how to verify that PowerShell events are being accurately collected on your Windows machines see Configure PowerShell logging to see PowerShell anomalies in Splunk UBA.

Splunk UBA external dependencies

You can download a PDF file listing the external dependencies required to install Splunk UBA:

Do not independently upgrade the following UBA-dependent components to avoid impacting UBA operations:

  • docker
  • hadoop
  • hive
  • impala
  • influxdb
  • kafka
  • kubernetes
  • nodejs
  • openjdk
  • postgresql
  • protobuf
  • redis
  • spark
  • zookeeper
Last modified on 21 February, 2025
  Known issues in Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.4.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters