Splunk® Supported Add-ons

Splunk Add-on for Juniper

Release history for the Splunk Add-on for Juniper

The latest release of the Splunk Add-on for Juniper is version 1.6.0. See Release notes for the Splunk Add-on for Juniper for the release notes of this latest version.


Version 1.5.5

Version 1.5.5 of the Splunk Add-on for Juniper was released on December 15, 2020 and is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.3, 8.0, 8.1
CIM 4.18
Platforms Platform independent
Vendor Products Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

  • Added Splunk Connect for Syslog Support for new message tags.
  • Added support for CIM version 4.18.
  • Added Add-On support for EX4200 switches and MX80 routers.
  • The following SNMP tags are supported under a new sourcetype sourcetype=juniper:junos:snmp:
    • SNMP_TRAP_LINK_UP
    • SNMP_TRAP_LINK_DOWN
  • The following event types are added:
    • juniper_junos_change_network
  • Support for the following message tags have been added under sourcetype: sourcetype=juniper:junos:firewall:
    • PFE_FW_SYSLOG_ETH_IP
    • ESWD_STP_STATE_CHANGE_INFO
    • ESWD_DAI_FAILED
    • EVENT <UpDown>

See Source types for the Splunk Add-on for Juniper for more information.

Fixed issues

Version 1.5.5 of the Splunk Add-on for Juniper has the following fixed issues:


Date resolved Issue number Description
2020-12-23 ADDON-31343 Splunk Add-on for Juniper support for JunOS 15.1X49 and 18.3R1.9

Known issues

Version 1.5.5 of the Splunk Add-on for Juniper contains no known issues.


Date filed Issue number Description
2022-12-29 ADDON-59372 Junper SRX Logs Parsing for RT_FLOW_SESSION_CLOSE_LS
2021-06-17 ADDON-38543 Juniper TA is not extracting fields for the juniper:junos:firewall sourcetype

Third-party software attributions

Version 1.5.5 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.4.0

Version 1.4.0 of the Splunk Add-on for Juniper was released on June 16, 2020.

About this release

Version 1.4.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.2, 7.3, 8.0
CIM 4.15
Platforms Platform independent
Vendor Products Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1.

New Features

  • Removed support of deprecated source types.
  • Removed unsupported source types.
  • Added support of netscreen:firewall source type.
  • The structured events for Firewall and IDP now fall under juniper:junos:firewall:structured and juniper:junos:idp:structured sourcetypes. The unstructured events for Firewall and IDP now fall under juniper:junos:firewall and juniper:junos:idp sourcetypes.
  • Analyzed and updated Splunk Connect for Syslog filter.
  • Added support for webfilter_url_permitted and webfilter_url_blocked logs.

Note the following changes:

  • The CIM mapping won't work with structured data for juniper:junos:firewall and juniper:junos:idp sourcetypes when those source types were already indexed with Add-on v1.3.0. The CIM mapping will remain as it is for the unstructured data.
  • CIM data model mapping was removed from the netscreen_restart event type.
  • CIM data model maps for juniper_junos_aamw and juniper_junos_secintel eventtypes now follow the Intrusion Detection data model instead of the Malware data model.
  • The following source types are no longer supported:
  • juniper:idp
  • juniper:nsm:idp
  • juniper:nsm
  • juniper:sslvpn


  • The following event types are no longer supported:
  • netscreen_attack
  • juniper_idp
  • juniper_idp_attack
  • juniper_nsm
  • juniper_nsm_communicate
  • juniper_sslvpn
  • juniper_sslvpn_authentication
  • juniper_sslvpn_authentication_default
  • juniper_sslvpn_start
  • juniper_sslvpn_end
  • juniper_sslvpn_connected
  • juniper_sslvpn_network_traffic
  • juniper_junos_firewall_utm_network
  • juniper_junos_firewall_utm_malware

Following event types have been added:

  • juniper_junos_firewall_utm_attack
  • juniper_junos_firewall_utm_web

Fixed issues

Version 1.4.0 of the Splunk Add-on for Juniper has no fixed issues.

Known issues

Version 1.4.0 of the Splunk Add-on for Juniper contains no known issues.

Version 1.3.0

Version 1.3.0 of the Splunk Add-on for Juniper was released on March 25, 2020.

About this release

Version 1.3.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.2.x, 7.3.x, 8.0
CIM 4.15
Platforms Platform independent
Vendor Products Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1.

New Features

The Splunk Add-on for Juniper has the following new features:

  • Support for RT_UTM, RT_AAMW and RT_SECINTEL events for JunOS v20.1R1
  • New field extractions to support Juniper JunOS 16.2+
  • Support for Junos firewall and Junos IDP structured data
  • Support for CIM 4.15.0
  • For Junos OS, Splunk add-on for Juniper supports the following message tags:
    • RT_FLOW_SESSION_CREATE
    • RT_FLOW_SESSION_CLOSE
    • RT_FLOW_SESSION_DENY
    • RT_SCREEN_TCP
    • RT_SCREEN_UDP
    • RT_SCREEN_ICMP
    • APPTRACK_SESSION_CREATE
    • APPTRACK_SESSION_CLOSE
    • APPTRACK_SESSION_VOL_UPDATE
    • WEBFILTER_URL_PERMITTED
    • WEBFILTER_URL_BLOCKED
    • AV_VIRUS_DETECTED_MT
    • CONTENT_FILTERING_BLOCKED_MT
    • IDP_ATTACK_LOG_EVENT
    • AAMW_ACTION_LOG
    • AAMW_HOST_INFECTED_EVENT_LOG
    • SECINTEL_ACTION_LOG
  • The following source types are deprecated:
    • netscreen:firewall
    • juniper:idp
    • juniper:nsm:idp
    • juniper:nsm
    • juniper:sslvpn

Fixed issues

Version 1.3.0 of the Splunk Add-on for Juniper has no fixed issues.


Known issues

Version 1.3.0 of the Splunk Add-on for Juniper contains no known issues.


Third-party software attributions

Version 1.3.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0
CIM 4.13
Platforms Platform independent
Vendor Products Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4-12.2, Junos OS 15.1x49-D80 for RT_FLOW_SESSION_CLOSE Event, vSRX

New Features

The Splunk Add-on for Juniper has the following new feature:

  • Support for vSRX data parsing

Fixed issues

Version 1.2.0 of the Splunk Add-on for Juniper has no fixed issues.


Known issues

Version 1.2.0 of the Splunk Add-on for Juniper contains no known issues.


Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.0
CIM 4.11
Platforms Platform independent
Vendor Products Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4-12.2, Junos OS 15.1x49-D80 for RT_FLOW_SESSION_CLOSE Event

New Features

The Splunk Add-on for Juniper has the following new feature:

  • Support for logging changes in Junos Release 15.1x49-D80

Fixed issues

Version 1.1.0 of the Splunk Add-on for Juniper has the following fixed issues:


Date resolved Issue number Description
2018-07-24 ADDON-17332, SPL-149386 Incorrect search results when filtering by 'severity' due to misconfiguration in TA-juniper

Known issues

Version 1.1.0 of the Splunk Add-on for Juniper contains the following known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.0.2

Version 1.0.2 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.4 or later
CIM 4.2 or later
Platforms Platform independent
Vendor Products Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4+, Junos SRX (SRX 100, SRX110, SRX 210, SRX 220, SRX 240, SRX 550, SRX 650, SRX 3600, SRX 5400, SRX 5600, SRX 5800)

Fixed issues

Version 1.0.2 of the Splunk Add-on for Juniper has the following fixed issues:


Date resolved Issue number Description
2017-05-15 ADDON-14782 Product security issue in development support files
2016-03-09 ADDON-8228 Incorrect tag of netscreen_authentication and juniper_sslvpn_authentication eventtypes

Known issues

Version 1.0.2 of the Splunk Add-on for Juniper contains the following known issues:


Date filed Issue number Description
2018-07-09 ADDON-18669 App Inspect Fail-3 : Unused capturing groups in transforms.conf
2018-03-05 ADDON-17332, SPL-149386 Incorrect search results when filtering by 'severity' due to misconfiguration in TA-juniper
2017-08-14 ADDON-15528 Juniper add-on does not list "SRX" in its lookup file.

Workaround:
add this line to the lookup:

 

juniper:srx:firewall,Juniper,SRX Firewall,

2017-05-17 ADDON-14810 "dest" field for eventtype "netscreen_alert", "netscreen_authentication" is not extracted on the Linux platform
2017-05-17 ADDON-14811 "dest_ip" field for eventtype "netscreen_alert" and "netscreen_authentication" is not extracted on the Windows and Linux platforms

Third-party software attributions

Version 1.0.2 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.0.1

Version 1.0.1 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.2.2 or later
CIM 4.2 or later
Platforms Platform independent
Vendor Products Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4+, Junos SRX (SRX 100, SRX110, SRX 210, SRX 220, SRX 240, SRX 550, SRX 650, SRX 3600, SRX 5400, SRX 5600, SRX 5800)

Fixed issues

Version 1.0.1 of the Splunk Add-on for Juniper has the following fixed issues.

Resolved Date Issue number Description
2015-09-29 ADDON-5766 SSLVPN events are not tagged properly

Known issues

Version 1.0.1 of the Splunk Add-on for Juniper contains no known issues.

Third-party software attributions

Version 1.0.1 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Juniper has the same compatibility specifications as version 1.0.1.

New features

Version 1.0.0 of the Splunk Add-on for Juniper has the following new features.

Date Issue number Description
06/12/14 ADDON-1548 Update the Juniper add-on included with the Splunk App for Enterprise Security and make available as a standalone add-on on Splunkbase.

Known issues

Version 1.0.0 of the Splunk Add-on for Juniper contains the following known issues.

Date Reported Issue number Description
2015-09-23 ADDON-5766 SSLVPN events are not tagged properly

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Last modified on 25 September, 2023
Release notes for the Splunk Add-on for Juniper  

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters