To learn about the Splunk Add-on for Microsoft Windows, see the official documentation here on docs.splunk.com.
For information on what has been fixed as well as known issues, see the release notes.
For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes
For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes
For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes
For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes
For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes
The add-on has improved logic for extracting Windows Registry information. (TAG-9106)
Bug fixes.
The add-on has been updated to better handle interaction with host field values in generated event data. (TAG-8935)
Change log (what's been fixed)
A problem with the secrpt-new-users macro has been fixed. (TAG-8945)
A problem with a transform that prevented the "User Account Lockout" dashboard from display events correctly was fixed. (TAG-8915, TAG-8894)
A problem with a transform that prevented security log field extractions from working properly was fixed. (TAG-3433)
The add-on no longer invokes variable key-value field extractions unnecessarily. This should improve overall performance on apps which rely on the add-on. (MSAPP-3293)
- An issue where some panels displayed with mislabeled drop-downs was fixed. (MSAPP-3214)
- A problem with an incorrectly-configured blacklist filter in the Windows Security Event Log stanza has been fixed. (MSAPP-3151)
- The "All_Changes.Account Management" events now properly extract "account deleted" actions. (MSAPP-3055)
- The add-on no longer generates warnings about invalid values in stanzas on some versions of Splunk. (MSAPP-3053)
- Values defined within stanzas in some configuration files now have proper URI encodings. (MSAPP-3012)
- The Splunk Add-on for Windows no longer improperly appears in dashboards in the Splunk App for Enterprise Security. (MSAPP-1835)
- Several Security Event Log field extractions that were in the add-ons included with the Splunk App for Windows Infrastructure have been moved to the Splunk Add-on for Windows. (MSAPP-2748)
- The Splunk Add-on for Windows now properly detects Windows updates on Windows Server 2012. (MSAPP-2799)
- The WMI:UserAccountsSID source has been deprecated. The Splunk Add-on for Windows now uses the WMI:UserAccounts source. (MSAPP-2802)
- An issue where the TA did not properly extract the "User" Common Information Model (CIM) field for failed logons was fixed. (MSAPP-2466)
- Added new lookup to convert Windows Event Log eventType numerical values into strings. (MSAPP-1442)
- Added some data model panels. (MSAPP-2773)
- Added some field extractions for the Security Windows Event Log channel. (MSAPP-2748)
- Updated a search that used WMI to retrieve a list of local users. The script returns only local users and runs faster. (MSAPP-2659)
- indexes.conf has been modified to include default indexes for Windows data. (MSAPP-2698, MSAPP-2755)
- Fixed some problems surrounding MS Event Log code 4776 (MSAPP-164)
- Added TaskCategory "User Account Management" to the account_management event type. (MSAPP-2233)
- Made changes to support Change Analysis:Audit Changes data model object. (SOLNESS-4993)
- Made changes for Filesystem_Changes data model. (SOLNESS-4743)
- Enhanced Windows Server 2008 time synchronization detection. (MSAPP-1848)
- REGRESSION: Fixed an issue where action field was being destroyed by OUTPUT. (MSAPP-2793)
- Updated to accommodate new Endpoint Change data model. (SPL-50859):
Fixed issue where using the Add-On with Splunk 6 caused "typo in stanza" warnings on startup
CIM compliance updates; Compatible with Splunk 6.
The app has been updated to conform to application taxonomy requirements.
Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.