Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

This documentation does not apply to the most recent version of Splunk® Add-on for Windows. For documentation on the most recent version, go to the latest release.

Release notes for the Splunk Add-on for Windows

Version 8.1.1 of the Splunk Add-on for Windows was released on January 18, 2021.

The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the steps outlined in Upgrade the Splunk Add-on for Windows. Failure to do so can result in data loss.

The Splunk Add-on for Windows DNS version 1.0.1 and the Splunk Add-on for Windows Active Directory version 1.0.0 are not supported when installed alongside the Splunk Add-on for Windows versions 6.0.0 and above. The Splunk Add-on for Windows versions 6.0.0 and above includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.

Compatibility

Version 8.1.1 of the Splunk Add-on for Windows is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.3.x, 8.0.x, 8.1.x
CIM 4.15 and later
Platform Windows
Vendor Products Windows 2019, Windows 8.1, Windows 10, Windows Server 2012/2012 R2, Windows Server 2016, Microsoft Active Directory, Microsoft Windows DNS Server

New or changed features

Version 8.1.1 of the Splunk Add-on for Windows has the following new or changed features:

  • Updated the extraction of process and process_name fields for EventCode 4688 for source WinEventLog:Security and XmlWinEventLog:Security:
    • For the Legacy format:
      • Mapped Process_Command_Line as process.
      • Mapped New_Process_Name as process_name.
    • For XML format:
      • Mapped CommandLine as process.
      • Mapped NewProcessName as process_name.

Fixed Issues

Version 8.1.1 of the Splunk Add-on for Windows fixes the following issues:


Date resolved Issue number Description
2021-01-04 ADDON-27059 Fix the CIM field mappings for Data Model Endpoint for Wineventlog and XmlWineventlog

Known Issues

Version 8.1.1 of the Splunk Add-on for Windows contains the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2021-03-04 ADDON-34637 Fix Common Information Model (CIM) field mapping for Windows Event ID 4688
2021-03-04 ADDON-34640 Windows TA: eventtype endpoint_services_processes is too broad.
2021-01-16 ADDON-33024 Version 8.1.1 of the Splunk Add-on for Windows bad version value in app.conf
Last modified on 14 April, 2021
Source types for the Splunk Add-on for Windows   Hardware and software requirements for the Splunk Add-on for Windows

This documentation applies to the following versions of Splunk® Add-on for Windows: 8.1.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters