Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

This documentation does not apply to the most recent version of Splunk® Add-on for Windows. For documentation on the most recent version, go to the latest release.

Release notes for the Splunk Add-on for Windows

Version 7.0.0 of the Splunk Add-on for Windows was released on October 21, 2019.

The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the steps outlined in Upgrade the Splunk Add-on for Windows. Failure to do so can result in data loss.

Neither the Splunk Add-on for Windows DNS version 1.0.1 nor the Splunk Add-on for Windows Active Directory version 1.0..0 is supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and above. The Splunk Add-on for Windows versions 6.0.0 and above includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.

Compatibility

Version 7.0.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM 4.11 and later
Platform Windows
Vendor Products Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server

New or changed features

Version 7.0.0 of the Splunk Add-on for Windows has the following new or changed features:

  • Python 3 compatibility

Fixed Issues

Version 7.0.0 of the Splunk Add-on for Windows fixes the following issues:


Date resolved Issue number Description
2019-10-10 ADDON-22052, ADDON-23900 Conflicting extraction written for "dest" field in source "WinEventLog:Application" and for "body" field in source "XmlWinEventLog:System"
2019-09-24 ADDON-22175 Splunk_TA_windows: Windows TA not extracting user_group field correctly

Known Issues

Version 7.0.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-11-12 ADDON-30911 Incorrect lookup definition of EventCode=5140
2020-05-12 ADDON-26533 Missing fields and Inaccurate field mapping
2019-03-12 ADDON-21484 For sourcetype="DhcpSrvLog" need to change value of msdhcp_id under msdhcp_signatures lookup file
2018-09-06 ADDON-19338 Data duplication issue in WindowsUpdate.Log
2016-04-19 ADDON-9162 Field extraction for Account Domain extracts multiple values
Last modified on 18 December, 2020
Source types for the Splunk Add-on for Windows   Hardware and software requirements for the Splunk Add-on for Windows

This documentation applies to the following versions of Splunk® Add-on for Windows: 7.0.0


Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters