Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

This documentation does not apply to the most recent version of Splunk® Add-on for Windows. For documentation on the most recent version, go to the latest release.

Release notes

This topic contains information on new features, known issues, and updates as we version the Splunk Add-on for Windows.

New Features

Version 4.8.4 of the Splunk Add-on for Windows does not have any new features.

Fixed Issues

Version 4.8.4 of the Splunk Add-on for Windows fixes the following issues.


Date resolved Issue number Description
2017-02-25 ADDON-8495 Incorrect field transformations: Account_Domain to dest_nt_domain, and Login_ID_as_session_id
2017-02-22 ADDON-8497 "XmlWinEventLog:Security" events with EventCode 4776, 4768, 4769 not correctly mapped
2017-02-20 ADDON-8491 Windows TA DHCP server field names extracted directly to CIM; Mac field not CIM-compliant
2017-02-08 ADDON-13516 WMI:CPUTime: "ProcessorFrequency" does not exist in "Win32_PerfFormattedData_PerfOS_Processor"
2017-02-08 ADDON-8496 OS name mapped to the CPU Architecture Family field for "WinHostMon" sourcetype
2017-01-23 ADDON-8488 severity_id is overriding severity
2017-01-23 ADDON-12004 InstalledScripts props incorrectly clips the time from AM (sub 1200) installations
2017-01-23 ADDON-11213 Should remove alert tag for ALL Windows event logs
2016-12-21 ADDON-8486 sourcetype=Script:InstalledApps needs quoted values for Splunk to see complete app names

Known Issues

Version 4.8.4 of the Splunk Add-on for Windows contains the following known issues.


Date filed Issue number Description
2018-09-06 ADDON-19338 Data duplication issue in WindowsUpdate.Log
2018-02-20 ADDON-17164 Use field alias instead of eval to extract thruput and thruput_max field extractions in WMI:LocalNetwork
2018-02-20 ADDON-17166 help content is indexed incorrectly in sourcetype DhcpSrvLog
2018-02-20 ADDON-17167 cpu_load_mhz is not extracted from counter "Processor Frequency" of Perfmon object="Processor Information"
2018-02-19 ADDON-17163 Some WMI fields values contain spaces but don't get extracted properly
2018-02-19 ADDON-17161 All prebuilt panels based on macro `compute-ingestion-stats` are not populating
2017-02-24 ADDON-13847, ADDON-13875 'cpu_load_percent' or 'windows_cpu_load_percent' is missing in sourcetype "Perfmon:CPUTime"
2017-02-24 ADDON-13848 'storage_free_percent' field is missing in sourcetype "Perfmon:FreeDiskSpace"
2017-02-19 ADDON-13647, ADDON-8485 Better error classification for event code 4625
2016-04-19 ADDON-9162 Field extraction for Account Domain extracts multiple values
Last modified on 18 September, 2018
Source types and CIM data model info  

This documentation applies to the following versions of Splunk® Add-on for Windows: 4.8.4

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters