Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

This documentation does not apply to the most recent version of Splunk® Add-on for Windows. For documentation on the most recent version, go to the latest release.

Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk Add-on for Windows.

The latest version of the Splunk Add-on for Windows was released on Tuesday, December 15, 2015.

What's new

Here's what's new in the latest version of the Splunk Add-on for Windows:

Publication date Defect number Description
2015-12-15 TAG-10033 The add-on no longer produces data that is not compliant with Common Information Model (CIM) when you configure it to generate events in XML with the renderXml attribute.

Current known issues

The Splunk Add-on for Windows has the following known issues:

Publication date Defect number Description
2015-12-15 TAG-10249 The add-on improperly adds the "authentication" tag to events that do not have anything to do with authentication, then maps those events to the Authentication CIM data model.
2015-12-15 TAG-9912 The add-on sometimes parses the wrong value for Windows Event Code 4740 (User lockout).
Before 2015-9-18 TAG-9554 The Account_Domain_as_dest_nt_domain field transformation incorrectly parses the "Account Domain" field. Additionally, the Login_ID_as_session_id transformation incorrectly parses the "Logon_ID" field. Both field transformations produce multi-value fields. This prevents the Splunk Apps for Microsoft Exchange and Windows Infrastructure from displaying correct results in the "Account Lockout - User" panels and any ad-hoc searches that reference these fields.
Before 2015-9-18 TAG-9173 The WinHostMon inputs in the add-on are not compliant with Common Information Model.
Before 2015-9-18 SPL-91311, TAG-9069 A problem with how Splunk Enterprise parses configuration files causes several transforms in the Splunk Add-on for Windows to generate WARN SearchOperator:kv - Missing FORMAT error messages. This results in the generation of an incorrect regular expression for the affected field transformations. Those transformations are:
  • Security_ID_as_dest_nt_domain
  • Target_Account_ID_as_dest_nt_domain
  • User_ID_as_dest_nt_domain

Change log (what's been fixed)

Publication date Defect number Description
2015-12-15 TAG-10033 The add-on no longer produces non-CIM compliant data when you configure it to generate events in XML with the renderXml attribute.
2015-12-15 TAG-10213 The add-on has been updated to move some of the data it collects into a data model. This is for use with the OS Module for Splunk IT Service Intelligence.
Last modified on 29 February, 2016
Source types and CIM data model info  

This documentation applies to the following versions of Splunk® Add-on for Windows: 4.8.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters