Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

This documentation does not apply to the most recent version of Splunk® Add-on for Windows. For documentation on the most recent version, go to the latest release.

Release notes for the Splunk Add-on for Windows

Version 5.0.1 of the Splunk Add-on for Windows was released on August 29, 2018.

The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the steps outlined in Upgrade the Splunk Add-on for Windows. Failure to do so can result in data loss.

Compatibility

Version 5.0.1 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM 4.11
Platform Windows
Vendor Products Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012/2012 R2, Windows Server 2016

The Splunk Add-on for Windows 5.0.1 is not compatible with the Splunk App for Windows Infrastructure version 1.4.4 and the Splunk App for Microsoft Exchange version 3.4.4. Use the Splunk Add-on for Windows 4.8.4 if you want to use either of these apps.

New or changed features

Version 5.0.1 of the Splunk Add-on for Windows has the following new or changed features:

  • Improved load balancing on the universal forwarder
  • Decoding of User Account Control values for Microsoft Active Directory
  • Functionality to normalize inappropriate values in WinEventLog events using the sed command
  • A scripted input for collecting local IP configurations

Fixed Issues

Version 5.0.1 of the Splunk Add-on for Windows fixes the following issues:


Date resolved Issue number Description
2018-08-06 ADDON-18850 TA-Windows is sending Wineventlog data with a different host format

Known Issues

Version 5.0.1 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-11-12 ADDON-30911 Incorrect lookup definition of EventCode=5140
2019-06-10 ADDON-22175 Splunk_TA_windows: Windows TA not extracting user_group field correctly

Workaround:
create a calculated field 

 

[source::XmlWinEventLog:Security : EVAL-user_group|http://10.73.116.255:8000/en-GB/manager/Splunk_TA_windows/data/props/calcfields/source%3A%3AXmlWinEventLog%3ASecurity%20%3A%20EVAL-user_group?ns=Splunk_TA_windows&uri=%2FservicesNS%2Fnobody%2FSplunk_TA_windows%2Fdata%2Fprops%2Fcalcfields%2Fsource%253A%253AXmlWinEventLog%253ASecurity%2520%253A%2520EVAL-user_group&f_ns=Splunk_TA_windows&f_count=25&action=edit&f_search=coalesce&f_pwnr=-]

user_group=coalesce(Group_Name,New_Account_Name,Target_Account_Name)

2019-05-27 ADDON-22052, ADDON-23900 Conflicting extraction written for "dest" field in source "WinEventLog:Application" and for "body" field in source "XmlWinEventLog:System"
2019-03-12 ADDON-21484 For sourcetype="DhcpSrvLog" need to change value of msdhcp_id under msdhcp_signatures lookup file
2018-09-06 ADDON-19338 Data duplication issue in WindowsUpdate.Log
2016-04-19 ADDON-9162 Field extraction for Account Domain extracts multiple values
Last modified on 18 December, 2020
Source types for the Splunk Add-on for Windows   Hardware and software requirements for the Splunk Add-on for Windows

This documentation applies to the following versions of Splunk® Add-on for Windows: 5.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters