Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk App for Unix and Linux.

What's new

Here's what's new in the latest version of the Splunk App for Unix and Linux:

• A brand-new interface that allows for customization and configuration, and can display information on a large number of hosts.
• Major improvements to the application's installation workflow.
• Numerous bug fixes to underlying scripts and search language from the previous version.

Current known issues

The Splunk App for Unix and Linux has the following known issues:

• When you install the app and point it at the indexes which contain your *nix data, it might take up to 15 seconds for that data to begin showing up in the app. This is due to lookup generation. (NIX-467)
• The colors in the Metrics Viewer graphs do not update correctly if you transpose sliders in the Metrics Viewer's threshold bar. (NIX-428)
• When in node view, the Hosts dashboard sometimes shows inconsistent colors with respect to the detailed view colors. (NIX-353, NIX-409)
• When you use Firefox to access the Splunk App for Unix and Linux, the radial graphs in the Home dashboard sometimes do not display correctly. The slices within the graphs sometimes spill out of their containers. To work around the problem, refresh the page. (NIX-370, NIX-413)
• On HP/UX systems, there is no way to obtain the number of threads on a system. This means that the vmstat scripted inputs will always return "?" for threads columns on HP/UX.
• On Solaris systems, the hardware.sh scripted input sometimes returns empty values for some entries. (NIX-42)
• If you clone an existing alert saved search, you cannot edit the search using the "Settings: Alerts" configuration page. (NIX-537)
• You cannot create custom alerts using Splunk Web; you must do so with configuration files. (NIX-536)
• If you remove the default group, you sometimes receive an error "Unknown search command: 'all'" when you load the Home page. (NIX-560)
• In the Hosts page, if you do not wait for all data on a host information card to load before pinning that card, when you select another host, the original host information card does not remain pinned. (NIX-320)
• The app's scripted inputs do not work when the directory that they are hosted in contains spaces. This is particularly an issue with Mac OS X. (NIX-570)
• The full-screen NOC screen legends do not display correctly in Chrome. (NIX-584)
• You are not able to drill down into a specific host on the Hosts dashboard. (NIX-587)
• The app does not run saved searches that you create and run successfully. To work around the problem, check for the search name(s) stanza and edit $SPLUNK_HOME/etc/users/<username>/splunk_app_for_nix/local/savedsearches.conf and in $SPLUNK_HOME/etc/apps/splunk_app_for_nix/local/savedsearches.conf and set the display view and request.ui_dispatch_view attribute to blank:

displayview =
request.ui_dispatch_view =

(NIX-695)

Change Log (what's been fixed)

• You can now install the app using Splunk Web. (NIX-569, NIX-579)
• The app no longer generates a 500 error when you attempt to install it through Splunk Web. (NIX-569, BASE-1945)
• You can now install the Splunk Add-on for Unix and Linux by downloading a separate package from Splunk Apps. (NIX-591)
• You can now configure the add-on from within Splunk Web (NIX-576)
• An issue where the Common Information Model Network Sessions datamodel displayed unexpected sourcetypes was fixed. (NIX-583)
• Some vestigial code related to user preferences was removed. (NIX-601)