This documentation does not apply to the most recent version of Splunk® Add-on for Windows.
For documentation on the most recent version, go to the latest release.
Release notes
This topic contains information on new features, known issues, and updates as we version the Splunk Add-on for Windows.
Version 4.7.1 of the Splunk Add-on for Windows was released on Thursday, August 28, 2014.
What's new
Here's what's new in the latest version of the Splunk Add-on for Windows:
- Bug fixes.
- Improvements for internationalization.
- Several Security Event Log field extractions that were in the add-ons included with the Splunk App for Windows Infrastructure have been moved to the Splunk Add-on for Windows. (MSAPP-2748)
Current known issues
The Splunk Add-on for Windows has the following known issues:
- On Windows Server 2003 systems, the sourcetypes for
WinEventLogevents are in lower case, while others have mixed case (for example:WinEventLog:SecurityversusWinEventLog:security). This causes filters set up inprops.confto fail to match. To work around the issue, read this Splunk Answers post. (SPL-78726, MSAPP-2916)
Change log (what's been fixed)
- The Splunk Add-on for Windows no longer improperly appears in dashboards in the Splunk App for Enterprise Security. (MSAPP-1835)
- Several Security Event Log field extractions that were in the add-ons included with the Splunk App for Windows Infrastructure have been moved to the Splunk Add-on for Windows. (MSAPP-2748)
- The Splunk Add-on for Windows now properly detects Windows updates on Windows Server 2012. (MSAPP-2799)
- The
WMI:UserAccountsSIDsource has been deprecated. The Splunk Add-on for Windows now uses theWMI:UserAccountssource. (MSAPP-2802)
Last modified on 18 August, 2014
| Source types and CIM data model info |
This documentation applies to the following versions of Splunk® Add-on for Windows: 4.7.1
Download manual
Feedback submitted, thanks!