Release notes for the Splunk Add-on for Windows
Version 7.0.0 of the Splunk Add-on for Windows was released on October 21, 2019.
The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the steps outlined in Upgrade the Splunk Add-on for Windows. Failure to do so can result in data loss.
Neither the Splunk Add-on for Windows DNS version 1.0.1 nor the Splunk Add-on for Windows Active Directory version 1.0..0 is supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and above. The Splunk Add-on for Windows versions 6.0.0 and above includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Compatibility
Version 7.0.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x |
CIM | 4.11 and later |
Platform | Windows |
Vendor Products | Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server |
New or changed features
Version 7.0.0 of the Splunk Add-on for Windows has the following new or changed features:
- Python 3 compatibility
Fixed Issues
Version 7.0.0 of the Splunk Add-on for Windows fixes the following issues:
Date resolved | Issue number | Description |
---|---|---|
2019-10-10 | ADDON-22052, ADDON-23900 | Conflicting extraction written for "dest" field in source "WinEventLog:Application" and for "body" field in source "XmlWinEventLog:System" |
2019-09-24 | ADDON-22175 | Splunk_TA_windows: Windows TA not extracting user_group field correctly |
Known Issues
Version 7.0.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:
Date filed | Issue number | Description |
---|---|---|
2020-11-12 | ADDON-30911 | Incorrect lookup definition of EventCode=5140 |
2020-05-12 | ADDON-26533 | Missing fields and Inaccurate field mapping |
2019-03-12 | ADDON-21484 | For sourcetype="DhcpSrvLog" need to change value of msdhcp_id under msdhcp_signatures lookup file |
2018-09-06 | ADDON-19338 | Data duplication issue in WindowsUpdate.Log |
2016-04-19 | ADDON-9162 | Field extraction for Account Domain extracts multiple values |
Source types for the Splunk Add-on for Windows | Hardware and software requirements for the Splunk Add-on for Windows |
This documentation applies to the following versions of Splunk® Add-on for Windows: 7.0.0
Feedback submitted, thanks!