Release notes for the Splunk Add-on for Windows
Version 6.0.0 of the Splunk Add-on for Windows was released on February 18, 2019.
The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the steps outlined in Upgrade the Splunk Add-on for Windows. Failure to do so can result in data loss.
Neither the Splunk Add-on for Windows DNS version 1.0.1 nor the Splunk Add-on for Windows Active Directory version 1.0..0 is supported when installed alongside the Splunk Add-on for Windows version 6.0.0. The Splunk Add-on for Windows version 6.0.0 includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Compatibility
Version 6.0.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x |
CIM | 4.11 and later |
Platform | Windows |
Vendor Products | Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server |
New or changed features
Version 6.0.0 of the Splunk Add-on for Windows has the following new or changed features:
- Windows Server 2016 Compatibility for Microsoft AD and DNS inputs
- Added support for multi-KV mode for perfmon data inputs of AD and DNS add-ons
- Added support for the metrics index for
Perfmon:*
sourcetypes of AD and DNS add-ons - Source and sourcetype changes for WinEventLog data of AD and DNS sources
- Removed out-of-date configurations
- The Splunk Add-on for Microsoft Active Directory and the Splunk Add-on for Microsoft DNS are merged into version 6.0.0 of the Splunk Add-on for Windows
- For Windows 10 and Windows Server 2016, the
Get-WindowsUpdateLog
PowerShell command collects Windows Update Log data at regular, automated intervals - For all Wineventlog inputs, the
renderXml
setting is true by default
Fixed Issues
Version 6.0.0 of the Splunk Add-on for Windows fixes the following issues:
Date resolved | Issue number | Description |
---|---|---|
2019-03-08 | ADDON-20207 | Documentation for release |
Known Issues
Version 6.0.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:
Date filed | Issue number | Description |
---|---|---|
2020-11-12 | ADDON-30911 | Incorrect lookup definition of EventCode=5140 |
2020-04-13 | ADDON-26043 | Windows TA nullifies the Windows field called Error Code |
2019-10-16 | ADDON-23970 | Update field extraction in Splunk_TA_windows Workaround: a workaround would be search extractions in SPL: |rex "collection=\"?(?<collection>[^\"\s\r\n]*[^\"\s])\"?\s*\r*\n*object=\"?(?<object>[^\"\s\r\n]*[^\"\s])\"?\s*\r*\n*counter=\"?(?<counter>[^\"\s\r\n]*[^\"\s])\"?\s*\r*\n*instance=\"?(?<instance>[^\"\s\r\n]*[^\"\s])\"?\s*\r*\n*Value=\"?(?<Value>[^\"\s\r\n]*[^\"\s])" |
2019-05-27 | ADDON-22052, ADDON-23900 | Conflicting extraction written for "dest" field in source "WinEventLog:Application" and for "body" field in source "XmlWinEventLog:System" |
2019-03-12 | ADDON-21484 | For sourcetype="DhcpSrvLog" need to change value of msdhcp_id under msdhcp_signatures lookup file |
2018-09-06 | ADDON-19338 | Data duplication issue in WindowsUpdate.Log |
2016-04-19 | ADDON-9162 | Field extraction for Account Domain extracts multiple values |
Source types for the Splunk Add-on for Windows | Hardware and software requirements for the Splunk Add-on for Windows |
This documentation applies to the following versions of Splunk® Add-on for Windows: 6.0.0
Feedback submitted, thanks!