Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk App for Unix and Linux.

What's new

Here's what's new in the latest version of the Splunk App for Unix and Linux:

• Many bug fixes.
• New setup and first-time run tools.
• You can now install and set up the app from the CLI. (APP-193, APP-207)
• If you run the app as the root user, you can now monitor users' .history files. (APP-264)

Current known issues

The Splunk App for Unix and Linux has the following known issues:

• On Solaris servers with less than two processors, the cpu.sh scripted input does not return results. This causes the Percent Load by Host dashboard to not display information for those hosts. (NIX-275)
• The common.sh scripted input does not set the LANG locale environment variable. This can cause problems for *nix systems that use a locale other than "en_US"or "en_US.UTF8": The output of several commands displays differently based on the system's locale, which affects how scripted inputs interpret the data that the commands generate. To work around the problem, edit $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin/common.sh and add the following line at the beginning (NIX-203):

LANG=en_US.UTF8

• The app does not properly display a "Results Chart" button above any displayed results. (APP-503)
• On Ubuntu systems, the "Percent Load by Host" chart does not display any results. The underlying script that feeds this chart, cpu.sh, runs the sar and mpstat binaries, which are not installed by default on an Ubuntu system. To fix the issue, use apt-get to install the sysstat package. (SPL-41361, NIX-22)
• On some Ubuntu installations, there is no detailed information displayed for events with the interface sourcetype. (SPL-44705).
• On FreeBSD systems, neither the lsof.sh scripted input nor the dashboards based on the lsof source type are functional. (SPL-44786)

Change log (what's been fixed)

• The search command for file system changes now works properly. (APP-28)
• The app no longer complains of missing fields for some search results, in particular, pctIoWait. (APP-42)
• The app now properly captures both SSH login successes and failures. (APP-63)
• When commands with the same name run at the same time, the app now properly adds their resource usage statistics together, instead of averaging them. (APP-67)
• On Oracle Enterprise Linux (OEL) and AIX systems with Micro-partitioning enabled, the app's cpu.sh script now produces correct information about the computer's CPU. (APP-82)
• The default time range is now 4 hours instead of 15 minutes. This fixes several dashboards which displayed improperly due to the shorter time range. (APP-97, APP-121)
• The app's scripts now function properly on Mac OS X 10.7 Lion. (APP-98)
• On all versions of Mac OS X, the app now properly captures failures with the 'su' command. (APP-101)
• The app's interface.sh script no longer exhausts a server's TCP connection pool in an attempt to get reverse DNS information. (APP-106)
• The log_errors_multiple_hosts dashboard now properly displays as a stacked graph. (APP-112)
• The app's drop-down menus now display in a consistent manner. (APP-116)
• The app now properly captures user creation events. (APP-145)
• On AIX systems, the app now properly displays disk system information gathered by the df.sh script. (APP-147)
• On Solaris systems, the app now properly gathers and displays memory statistics in megabytes instead of kilobytes. (APP-152)
• The app's interfaces.sh now properly displays network interface information on all OS versions. (APP-160, APP-162)
• The app now properly displays charts and dashboards for data with limited data points. (APP-172)