Splunk® User Behavior Analytics

Release Notes

Welcome to Splunk UBA 5.4.1

Splunk UBA 5.4.1 is a maintenance and patch release. See About Splunk User Behavior Analytics and release types for more information about the different types of Splunk UBA releases.

If you are new to Splunk UBA, review all the steps in the Splunk UBA installation checklist before installing Splunk UBA.

Lower versions of Splunk UBA reach End of Support on set timelines. For more information, see the Splunk Support Policy

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk UBA, read the following documents before you get started:

What's new in version 5.4.1

Splunk UBA version 5.4.1 includes the following features and changes:

Feature, enhancement, or change Description
Operating System updates: The 5.4.1 release supports the following operating systems:
  • Ubuntu version 20.04 (upgrades only, not new installations).
  • RHEL version 8.10 (new installations and upgrades).
  • RHEL version 8.8 (new installations and upgrades).
  • RHEL version 8.6 (upgrades only, not new installations).
  • Oracle/Linux (OEL) version 8.10 (new installations and upgrades).
  • Oracle/Linux (OEL) version 8.9 (new installations and upgrades).
  • Oracle/Linux (OEL) version 8.8 (upgrades only, not new installations).

For more information, see Operating system requirements in the Install and Upgrade Splunk User Behavior Analytics manual.

False Positive Suppression Model enhancement A Large Language Model (LLM) connector is now available. When you use the LLM connector, the model adheres to the thresholdRanking parameter. This parameter defines the maximum number of false alerts it will classify. See False Positive Suppression Model in the Use Splunk User Behavior Analytics manual.

Splunk UBA external dependencies

You can download a PDF file listing the external dependencies required to install Splunk UBA:

Do not independently upgrade the following UBA-dependent components to avoid impacting UBA operations:

  • docker
  • hadoop
  • hive
  • impala
  • influxdb
  • kafka
  • kubernetes
  • nodejs
  • openjdk
  • postgresql
  • protobuf
  • redis
  • spark
  • zookeeper
Last modified on 30 August, 2024
  Known issues in Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.4.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters