Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

This documentation does not apply to the most recent version of Splunk® Add-on for Windows. For documentation on the most recent version, go to the latest release.

Release notes for the Splunk Add-on for Windows

Version 6.0.0 of the Splunk Add-on for Windows was released on February 18, 2019.

The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the steps outlined in Upgrade the Splunk Add-on for Windows. Failure to do so can result in data loss.

Neither the Splunk Add-on for Windows DNS version 1.0.1 nor the Splunk Add-on for Windows Active Directory version 1.0..0 is supported when installed alongside the Splunk Add-on for Windows version 6.0.0. The Splunk Add-on for Windows version 6.0.0 includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.

Compatibility

Version 6.0.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM 4.11 and later
Platform Windows
Vendor Products Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server

New or changed features

Version 6.0.0 of the Splunk Add-on for Windows has the following new or changed features:

  • Windows Server 2016 Compatibility for Microsoft AD and DNS inputs
  • Added support for multi-KV mode for perfmon data inputs of AD and DNS add-ons
  • Added support for the metrics index for Perfmon:* sourcetypes of AD and DNS add-ons
  • Source and sourcetype changes for WinEventLog data of AD and DNS sources
  • Removed out-of-date configurations
  • The Splunk Add-on for Microsoft Active Directory and the Splunk Add-on for Microsoft DNS are merged into version 6.0.0 of the Splunk Add-on for Windows
  • For Windows 10 and Windows Server 2016, the Get-WindowsUpdateLog PowerShell command collects Windows Update Log data at regular, automated intervals
  • For all Wineventlog inputs, the renderXml setting is true by default

Fixed Issues

Version 6.0.0 of the Splunk Add-on for Windows fixes the following issues:


Date resolved Issue number Description
2019-03-08 ADDON-20207 Documentation for release

Known Issues

Version 6.0.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-11-12 ADDON-30911 Incorrect lookup definition of EventCode=5140
2020-04-13 ADDON-26043 Windows TA nullifies the Windows field called Error Code
2019-10-16 ADDON-23970 Update field extraction in Splunk_TA_windows

Workaround:
a workaround would be search extractions in SPL:
|rex "collection=\"?(?<collection>[^\"\s\r\n]*[^\"\s])\"?\s*\r*\n*object=\"?(?<object>[^\"\s\r\n]*[^\"\s])\"?\s*\r*\n*counter=\"?(?<counter>[^\"\s\r\n]*[^\"\s])\"?\s*\r*\n*instance=\"?(?<instance>[^\"\s\r\n]*[^\"\s])\"?\s*\r*\n*Value=\"?(?<Value>[^\"\s\r\n]*[^\"\s])"
2019-05-27 ADDON-22052, ADDON-23900 Conflicting extraction written for "dest" field in source "WinEventLog:Application" and for "body" field in source "XmlWinEventLog:System"
2019-03-12 ADDON-21484 For sourcetype="DhcpSrvLog" need to change value of msdhcp_id under msdhcp_signatures lookup file
2018-09-06 ADDON-19338 Data duplication issue in WindowsUpdate.Log
2016-04-19 ADDON-9162 Field extraction for Account Domain extracts multiple values
Last modified on 26 March, 2021
Source types for the Splunk Add-on for Windows   Hardware and software requirements for the Splunk Add-on for Windows

This documentation applies to the following versions of Splunk® Add-on for Windows: 6.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters