Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of WindowsAddOn. Click here for the latest version.
Acrobat logo Download topic as PDF

Release notes for the Splunk Add-on for Windows

Version 8.0.0 of the Splunk Add-on for Windows was released on March 30, 2020.

The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the steps outlined in Upgrade the Splunk Add-on for Windows. Failure to do so can result in data loss.

The Splunk Add-on for Windows DNS version 1.0.1 and the Splunk Add-on for Windows Active Directory version 1.0.0 are not supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and above. The Splunk Add-on for Windows versions 6.0.0 and above includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.

Compatibility

Version 8.0.0 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM 4.15 and later
Platform Windows
Vendor Products Windows 2019, Windows 8.1, Windows 10, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server

New or changed features

Version 8.0.0 of the Splunk Add-on for Windows has the following new or changed features:

  • Updated to support the new change data model and new endpoint model
  • New event signatures data model
  • Support for Windows Server 2019
  • Improved regexes in transforms.conf for better performance

Fixed Issues

Version 8.0.0 of the Splunk Add-on for Windows fixes the following issues:


Date resolved Issue number Description
2020-03-22 ADDON-21484 For sourcetype="DhcpSrvLog" need to change value of msdhcp_id under msdhcp_signatures lookup file
2020-03-04 ADDON-23970 Update field extraction in Splunk_TA_windows

Known Issues

Version 8.0.0 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-11-12 ADDON-30911 Incorrect lookup definition of EventCode=5140
2020-07-08 ADDON-27558 Fix the CIM process fields mapping for Windows TA -> Endpoint DM
2020-06-10 ADDON-27059 Fix the CIM field mappings for Data Model Endpoint for Wineventlog and XmlWineventlog
2018-09-06 ADDON-19338 Data duplication issue in WindowsUpdate.Log
Last modified on 06 January, 2021
PREVIOUS
Source types for the Splunk Add-on for Windows
  NEXT
Hardware and software requirements for the Splunk Add-on for Windows

This documentation applies to the following versions of Splunk® Add-on for Windows: 8.0.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters