Release history for the Splunk Add-on for Microsoft Cloud Services¶
The latest version of the Splunk Add-on for Microsoft Cloud Services is version 5.4.1. See Release notes for the Splunk Add-on for Microsoft Cloud Services for the release notes of this latest version.
Version 5.4.0¶
Version 5.4.0 of the Splunk Add-on for Microsoft Cloud Services was released on September 11, 2024.
Check the release notes for version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services before upgrading to the latest version as breaking changes were introduced in the Storage Blob input.
Compatibility¶
Version 5.4.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.2.x, 9.0.x, 9.1.x, 9.2.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent (MacOS is not supported) |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.4.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Added support for exporting EventHub modular inputs snapshot in JSON format for cloud environments. These snapshots can be imported into Data Manager. See <Generate JSON snapshot for Event Hubs>.
- FIPS support for Metrics modular inputs.
- GUI to manage global settings for modular inputs.
- Support in Metrics modular inputs for metric gathering on the same resource types with different metrics available.
- Additional checkbox for EventHub modular inputs to enable AMQP mode for EventHub even if the global proxy is configured.
Fixed issues¶
Version 5.4.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.4.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.4.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.3.2¶
Version 5.3.2 of the Splunk Add-on for Microsoft Cloud Services was released on August 1, 2024.
Check the release notes for version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services before upgrading to the latest version as breaking changes were introduced in the Storage Blob input.
Compatibility¶
Version 5.3.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.2.x, 9.0.x, 9.1.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent (MacOS is not supported) |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.3.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- No new features
Fixed issues¶
Version 5.3.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.3.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.3.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.3.1¶
Version 5.3.1 of the Splunk Add-on for Microsoft Cloud Services was released on June 7, 2024.
Compatibility¶
Version 5.3.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.2.x, 9.0.x, 9.1.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent (MacOS is not supported) |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.3.1 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- No new features
Fixed issues¶
Version 5.3.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.3.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.3.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.3.0¶
Version 5.3.0 of the Splunk Add-on for Microsoft Cloud Services was released on April 12, 2024.
Compatibility¶
Version 5.3.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.2.x, 9.0.x, 9.1.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent (MacOS is not supported) |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.3.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Added support for compressed log sets for Storage Blobs
- Added support for Unicode/ASCII in EventHub collector event raw view
- Removed limitation of 64 partition for EventHub inputs
Fixed issues¶
Version 5.3.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.3.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.3.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.2.2¶
Version 5.2.2 of the Splunk Add-on for Microsoft Cloud Services was released on February 5, 2024.
Compatibility¶
Version 5.2.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.2.x, 9.0.x, 9.1.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent (MacOS is not supported) |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.2.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Bug fixes.
Fixed issues¶
Version 5.2.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.2.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.2.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.2.1¶
Version 5.2.1 of the Splunk Add-on for Microsoft Cloud Services was released on October 6, 2023.
Versions 5.1.0 and 5.2.0 are dependent on version 5.0 for upgrade. Upgrade to version 5.0 first before upgrading these versions. Please note that this dependency has been eliminated in versions 5.1.2 and 5.2.1. See the release notes topic for more details.
Check the release notes for version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services before upgrading to the latest version as breaking changes were introduced in the Storage Blob input.
Compatibility¶
Version 5.2.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.2.x, 9.0.x, 9.1.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.2.1 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Removed the dependency of version 5.0.0 during upgrade for Storage Blob input.
Fixed issues¶
Version 5.2.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.2.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.2.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.2.0¶
Version 5.2.0 of the Splunk Add-on for Microsoft Cloud Services was released on September 17, 2023.
After upgrading to version 5.0.0 or later of this add-on, you might observe a rise in the usage of memory and CPU resources within your deployment.
Check the release notes for version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services before upgrading to the latest version as breaking changes were introduced in the Storage Blob input.
Compatibility¶
Version 5.2.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.2.x, 9.0.x, 9.1.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.2.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Updated Azure Resource, Azure Consumption APIs and the Azure Storage Blob SDK to their latest versions.
- Fixed security related issues.
- Updated the
read_timeout
parameter’s default value for the Azure Storage Blob input to 60 seconds. - Automatic deletion of obsolete Storage Blob file checkpoints after successful migration to KV store.
Fixed issues¶
Version 5.2.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.2.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.2.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.1.2¶
Version 5.1.2 of the Splunk Add-on for Microsoft Cloud Services was released on October 3, 2023.
See the release notes for version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services before upgrading to the latest version as breaking changes were introduced in the Storage Blob input.
Compatibility¶
Version 5.1.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.1.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Removed Dependency for Storage Blob Input in v5.0.0 Step Upgrade
Fixed issues¶
Version 5.1.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.1.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.1.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.1.1¶
Version 5.1.1 of the Splunk Add-on for Microsoft Cloud Services was released on May 2, 2023.
See the release notes for version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services before upgrading to the latest version as breaking changes were introduced in the Storage Blob input.
Compatibility¶
Version 5.1.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.1.1 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Improved CPU utilization for eventhub inputs.
- Improved logging mechanism for eventhub inputs.
- Added a warning message to the Azure App account update, proxy, and logging pages, informing users that they will be required to re-enable EventHub inputs upon account, proxy, and log level changes.
Fixed issues¶
Version 5.1.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.1.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.1.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.1.0¶
Version 5.1.0 of the Splunk Add-on for Microsoft Cloud Services was released on May 2, 2023.
Please also check the release notes for Splunk Add-on for Microsoft Cloud Services v5.0.0 before upgrading to the latest version as breaking changes were introduced in the Storage Blob input.
Compatibility¶
Version 5.1.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
CIM version | 5.1.0 |
Supported OS for data collection | Platform independent |
Vendor products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.1.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- The following inputs were migrated from Splunk Add on for Microsoft Azure to Splunk Add-on for Microsoft Cloud Services. If these inputs are configured in Splunk Add-on for Microsoft Cloud Services, then they will be treated as new inputs. It is recommended to disable those inputs in the Splunk Add-on for Microsoft Azure:
- Introduced the Azure Metrics input
- Introduced the Azure KQL Log Analytics input
- Introduced the Azure Consumption(Billing) input
- Introduced new Resource Types (Disk Data, Image Data, Snapshot Data, Resource Groups, Security Groups and Subscriptions) in the Azure Resource input
- Security related issue have been fixed
- Introduced the Read Timeout parameter to the Storage Blob input, which can be used to resolve the data ingestion stuck issue. See the Storage Blob input configuration manual for more information.
- Added UI support to the Blob Mode parameter.
Provided CIM 5.1.0 support for the following:
Sourcetype | Category |
---|---|
mscs:resource:securityGroup | Azure Resource |
mscs:resource:disk | Azure Resource |
mscs:resource:image | Azure Resource |
mscs:resource:snapshot | Azure Resource |
mscs:resource:subscriptions | Azure Resource |
mscs:resource:resourceGroup | Azure Resource |
Fixed issues¶
Version 5.1.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear, then there are no bug fixes reported:
Known issues¶
Version 5.1.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear, no issues have yet been reported:
Third-party software attributions¶
Version 5.1.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 5.0.0¶
Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services was released on March 21, 2023.
Compatibility¶
Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
CIM version | 5.0.2 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- The following enhancements were made on the Eventhub Input. See Input Parameters for more details:
- Resolved the memory leak issue for the input.
- Introduced load balancing support across multiple instances. See Horizontal Scaling Across Multiple Splunk Environment section in the Eventhub input manual. See Horizontal Scaling for more information.
- Introduced debug loggers to the input execution. See Input Parameters for more details.
-
Enhancements were made on the Storage Blob Input. The Storage Blob checkpoint will be migrated from the File checkpoint mechanism to the KV Store mechanism.
If inputs are interrupted during the checkpoint migration in the first interval after upgrading the add-on to Version 5.0.0, it may lead to data duplication.
- The checkpoint mechanism was migrated to the Splunk KV Store.
- Introduced Horizontal Scaling that would allow parallel data ingestion via multiple inputs on a common KV Store architecture. See Horizontal Scaling for more information.
- Introduced a new field called
Prefix
to optimize the execution time of the input. - Introduced an Advanced Tab in the Configuration Tab to control the File Based Checkpoint deletion for Storage Blob.
Provided CIM 5.0.2 support for the following:
Sourcetype | Category |
---|---|
azure:monitor:aad | AzureActiveDirectory |
azure:monitor:activity | Administrative |
See the following table for the CIM fields removed for 5.0.0:
Source-type | operationName | Fields removed | Reason for removed fields |
---|---|---|---|
azure:monitor:aad |
Add a deletion-marked app role assignment grant to user as part of link removal | object | The event is not mapped to any Datamodel |
azure:monitor:aad |
Add blocked user | object_id | There is no ID for the target user present in the raw event. |
azure:monitor:aad |
Clear block on user | object_id | There is no ID for the target user present in the raw event. |
azure:monitor:aad |
POST Tenant.RemoveBlockedUser, POST Tenant.CreateBlockedUser, Update StsRefreshTokenValidFrom Timestamp, Process role update request, User started security info registration | object | The event is not mapped to any datamodel. |
azure:monitor:aad |
Sign-in activity, Validate user authentication, Risky user, User Risk Detection | object | The object field is not part of the datamodels mapped to the events. |
['azure:monitor:aad'] |
Start applying group based license to users | object | The event is not mapped to any datamodel. |
See the following table for a list of CIM fields modified for 5.0.0:
Source-type | CIM Field | operationName | Comment |
---|---|---|---|
['azure:monitor:aad'] |
object | Access review ended, Add app role assignment grant to user, Add blocked user, Add conditional access policy, Add label, Add owner to group, Add owner to service principal, Add role definition, Add role from template, Add user, Clear block on user, Consent to application, Create access package catalog, Create business flow, Create connected organization, Delete access package catalog, Delete application, Delete business flow, Delete conditional access policy, Delete group, Delete policy, Delete role definition, Delete user, Disable account, Enable account, Finish applying group based license to users, Get resource properties of a tenant, Get tenant details, Hard Delete application, Hard Delete group, Hard Delete user, Hard delete service principal, Initialize tenant, POST Tenant.CreateTenant, Remove app role assignment from user, Remove eligible member from role in PIM completed (permanent), Remove eligible member from role in PIM completed (timebound), Remove member from role, Remove member from role in PIM completed (permanent), Remove member from role in PIM completed (timebound), Remove member from role in PIM requested (permanent), Remove member from role in PIM requested (timebound), Remove owner from application, Remove owner from group, Remove service principal, Restore application, Set Company Information, Set directory feature on tenant, Set group license, Set user manager, Update access package catalog, Update application, Update authorization policy, Update business flow, Update conditional access policy, User registered all required security info, User registered security info | The object field is changed, the extraction is now more accurate, i.e. having more specific values, e.g. the object was the generic Azure AD, and now it has more specific and meaningful value. |
['azure:monitor:aad'] |
object_attrs | Add app role assignment grant to user, Add label, Add owner to group, Add owner to service principal, Add role from template, Add user, Create connected organization, Delete user, Disable account, Enable account, Hard Delete user, Hard delete service principal, POST Tenant.CreateTenant, Remove app role assignment from user, Remove eligible member from role in PIM completed (permanent), Remove eligible member from role in PIM completed (timebound), Remove member from role, Remove member from role in PIM completed (permanent), Remove member from role in PIM completed (timebound), Remove member from role in PIM requested (permanent), Remove member from role in PIM requested (timebound), Remove owner from application, Remove owner from group, Remove service principal, Update access package catalog, Update business flow, Verify domain | The object_attrs field got now more meaningful (and sometime more concise) value than before. |
['azure:monitor:aad'] |
user | Add blocked user, Clear block on user, Disable account, Enable account, Hard Delete user, Remove eligible member from role in PIM completed (permanent), Remove eligible member from role in PIM completed (timebound), Remove member from role in PIM completed (permanent), Remove member from role in PIM completed (timebound), Remove member from role in PIM requested (permanent), Remove member from role in PIM requested (timebound), Set user manager, User registered all required security info, User registered security info | The user field value is now corrected and extracted properly reflecting the CIM definitions of this field in the Change Datamodel (All_changes and Account_management Datasets). |
Fixed issues¶
Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 5.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 4.5.2¶
Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services was released on February 15, 2023.
Compatibility¶
Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
CIM version | 5.0.1 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New features¶
Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Security related issue have been fixed, No new features added.
Fixed issues¶
Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.5.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 4.5.1¶
Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services was released in November 15, 2022.
Compatibility¶
Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.1.x, 8.2.x, 9.0.0 |
CIM version | 5.0.1 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
Fixed issues¶
Eventhub input does not support “Transport Type” as “AMQP” in Splunk Cloud.
Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.5.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
- iso8601
- msrestazure
- sortedcontainers
- remote-pdb
- six.py
- Boto3
- urllib3
- cryptography
- Microsoft Azure Storage Blob Client Library for Python
- Microsoft Azure Storage Table Client Library for Python
- Microsoft Azure Event Hubs Client Library for Python
- Microsoft Azure Event Hubs checkpointer implementation with Blob Storage Client Library for Python
Version 4.5.0¶
Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services was released on July 31, 2022.
Compatibility¶
Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.0.x, 8.1.x, 8.2.x, 9.0.0 |
CIM version | 5.0.1 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Event Hubs, Azure Storage Table, Azure Storage Blob, Azure Audit, Azure Resource Group, and other cloud services. |
New Features¶
Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Provided CIM support for Azure Data Share events
- Updated Azure Audit API, Azure Storage Blob, and Storage Table client SDK to the latest version
Note: A high-level overview of differences between Audit API version 2015-04-01 and the old 2014-04-01 version:
- The key name was changed for the following fields of the audit events, but the value remains the same:
- eventSource → category
- resourceUri → resourceId
- The following fields were added in response to the latest Audit API version::
"resourceType":{"value": "<value>", "localizedValue": "<localizedValue>"}
"tenantId": "<tenant_id>"
Fixed issues¶
Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.5.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Third-party software attributions for the Splunk Add-on for Microsoft Cloud Services
Version 4.3.3¶
Version 4.3.3 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
-
The Microsoft Azure Event Hubs input in the previous version of the Splunk Add-on for Microsoft Cloud Services had an additional level of nesting for ingested events that had a records key. The additional nesting has been removed to provide a simpler and faster query experience. Previous versions of the Splunk Add-on for Microsoft Cloud Services:
{ "body": { "records": { "field1": value1 } } }
Current version of the Splunk Add-on for Microsoft Cloud Services:
{ "body": "field1": value1 }
- Bug fixes.
- Fixed a memory leak issue that was affecting the performance of the Event Hub input.
In this release, the existing lookups are updated for the Self Service App Install (SSAI) upgrade. Lookups do not update with the latest values automatically. To fix this issue, upgrade the Splunk Add-on for Microsoft Cloud Services, then manually update the lookup files using the latest version of this add-on.
Fixed issues¶
Version 4.3.3 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.3.3 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Version 4.2.0¶
Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services was released on September 13, 2021.
Compatibility¶
Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.0.x, 8.1.x, 8.2.x |
CIM version | 4.20 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
New Features¶
Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- UI component upgrades for compatibility with future versions of the Splunk software (jQuery upgrade).
- Bug fixes.
- Common Information Model (CIM) Release Notes:
- Compatibility with CIM version 4.20.
- The following CIM mapping enhancements:
- Added support for Alert and Change data models in the
mscs:azure:audit
sourcetype. - Added support for Inventory_Network data model in the
mscs:azure:networkInterfaceCard
sourcetype. - Fixed existing field mapping issue for
image_name
andseverity fields
inmscs:
resource:virtualMachine
andmscs:azure:security:recommendation
sourcetypes respectively. - The following
mscs:azure:audit
sourcetype enhancements:- Added an extra field
event_description
to retain the existingdescription
values from the event and updated thedescription
field values as per the Alert CIM data model recommendations. - Added new lookup
mscs_audit_change_cim_fields_with_status_code.csv
for populating CIM fields.
- Added an extra field
- Updated the values in the lookup
mscs_security_alert_object_category.csv
for themscs:azure:security:alert
sourcetype.
- Added support for Alert and Change data models in the
In this release, the existing lookups are updated for the Self Service App Install (SSAI) upgrade. Lookups do not update with the latest values automatically. To fix this issue, upgrade the Splunk Add-on for Microsoft Cloud Services, then manually update the lookup files using the latest version of this add-on.
Fixed issues¶
Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.2.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
- iso8601
- msrestazure
- sortedcontainers
- remote-pdb
- six.py
- Boto3
- urllib3
- cryptography
- Microsoft Azure Storage Blob Client Library for Python
- Microsoft Azure CosmosDB Table Client Library for Python
- Microsoft Azure Event Hubs Client Library for Python
- Microsoft Azure Event Hubs checkpointer implementation with Blob Storage Client Library for Python
Version 4.1.5¶
Fixed issues¶
Version 4.1.5 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.1.5 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.1.5 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
- iso8601
- msrestazure
- sortedcontainers
- remote-pdb
- Boto3
- urllib3
- Microsoft Azure Storage Blob Client Library for Python
- Microsoft Azure CosmosDB Table Client Library for Python
- Microsoft Azure Event Hubs Client Library for Python
- Microsoft Azure Event Hubs checkpointer implementation with Blob Storage Client Library for Python
Version 4.1.4¶
Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services was released on July 28, 2021.
Compatibility¶
Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.0.x |
CIM version | 4.18 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
New Features¶
Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Bug fixes
Fixed issues¶
Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.1.4 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
- iso8601
- msrestazure
- sortedcontainers
- remote-pdb
- Boto3
- urllib3
- Microsoft Azure Storage Blob Client Library for Python
- Microsoft Azure CosmosDB Table Client Library for Python
- Microsoft Azure Event Hubs Client Library for Python
- Microsoft Azure Event Hubs checkpointer implementation with Blob Storage Client Library for Python
Version 4.1.3¶
Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services was released on May 14, 2021.
Compatibility¶
Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.0.x |
CIM version | 4.15 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
New Features¶
Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- When Event Hub data is ingested by the Splunk software, different events are generated in the Splunk platform for each record.
- Each record from Event Hub data is now split into separate Splunk events.
- Fixed an Event Hub input bug where Event Hub data isn’t ingested due to the following client secret error:
AADSTS7000215: Invalid client secret is provided
.
- The upper limit for
max_batch_size
is increased to be 10000.
Fixed issues¶
Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.1.3 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 4.1.2¶
Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services was released on April 20, 2021.
Compatibility¶
Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.0.x |
CIM version | 4.15 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
New Features¶
Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Changes to the Blob Storage input to address a data duplication issue with Append Blobs.
Fixed issues¶
Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues. If no issue appear below, then there are no bug fixes reported:
Known issues¶
Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services introduced a blob storage duplication solution that conflicts with the Event Hub input, leading to the following error:
AADSTS7000215: Invalid client secret is provided
.
If you do not need the blob storage duplication fix, the best practice is to continue using version 4.1.1 of this add-on instead of upgrading to version 4.1.2.
Third-party software attributions¶
Version 4.1.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 4.1.1¶
Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services was released on February 12, 2021.
Compatibility¶
Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.0.x |
CIM version | 4.15 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
New Features¶
Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- The 4.1.0 release of MSCS included a new SDK and libraries to support EventHubs. Due to some underlying Splunk Python behavior some customers who had other Microsoft TAs installed noted that the GUI configuration was failing for MSCS, This release solves this library clash issue.
- Improvements to proxy configuration enforcing an integer value.
- Fix for an exception
UnicodeDecodeError
that some customers where seeing for the Event Hubs Modular Input
Fixed issues¶
Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:
Known issues¶
Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.1.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 4.1.0¶
It is a best practice to use either version 4.1.1 and later or versions 4.0.2 and earlier of this add-on.
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services was released on January 9, 2020.
Compatibility¶
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.0.x |
CIM version | 4.15 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services cannot be installed on the same Splunk platform instance as one that has the Microsoft Azure Add-on for Splunk installed.
New Features¶
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Support for the Microsoft Azure Event Hubs input type.
Fixed issues¶
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:
Known issues¶
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 4.0.2¶
Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services was released on August 31, 2020.
Compatibility¶
Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.0.x |
CIM version | 4.15 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
New Features¶
Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Improved support for the Splunk Enterprise Security Assets & Identities Framework interface.
- Additional storage blob input capability and security compatibility.
- Federal Information Processing Standard (FIPS) compliance.
- Additional Python3 library support.
For more information on migrating your deployment to a Python 3 deployment, see Upgrade using the Python 3 runtime and dual-compatible Python syntax in custom scripts in the Splunk Enterprise Installation manual.
Fixed issues¶
Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:
Known issues¶
Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
The Splunk Add-on for Microsoft Cloud Services version 4.0.2 is incompatible with Splunk Enterprise versions 7.x.x and earlier.
Third-party software attributions¶
Version 4.0.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 4.0.1¶
Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services was released on August 31, 2020.
Compatibility¶
Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x |
CIM version | 4.12 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
Upgrade¶
The following migration guide is supported for upgrading from version 3.0.0 to version 4.0.0 or later. Upgrading from any version older than 3.0.0 requires a fresh installation of version 3.0.0.
A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.
- Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
- Install the Splunk Add-on for Microsoft Cloud Services version 3.1.0 and up from the Splunk Web UI (make sure Upgrade App checkbox is selected).
- Restart the Splunk platform.
- Navigate to the input page of the Splunk Add-on for Microsoft Cloud Service. Alerts will appear, indicating incomplete account authorization.
- Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
- Complete the authorization of your account by adding your account secret key/account token.
- Repeat above steps for all inputs which have alert sign against them.
- Enable each desired input to start data collection.
In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf
and splunk_ta_o365_server_setting.conf
. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf
. The default log level is INFO
.
Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft 0ffice 365.
New Features¶
Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Default support for Python 3
For more information on migrating your deployment to a Python 3 deployment, see Choose your Splunk Enterprise upgrade path for the Python 3 migration in the Splunk Enterprise Installation manual.
Fixed issues¶
Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:
Known issues¶
Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.0.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 4.0.0¶
Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services was released on October 21, 2019.
Compatibility¶
Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x |
CIM version | 4.12 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
Upgrade¶
The following migration guide is supported for upgrading from version 3.0.0 to version 4.0.0. Upgrading from any version older than 3.0.0 requires a fresh installation of version 3.0.0.
A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.
- Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
- Install the Splunk Add-on for Microsoft Cloud Services version 3.1.0 from the Splunk Web UI (make sure Upgrade App checkbox is selected).
- Restart the Splunk platform.
- Navigate to the input page of the Splunk Add-on for Microsoft Cloud Service. Alerts will appear, indicating incomplete account authorization.
- Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
- Complete the authorization of your account by adding your account secret key/account token.
- Repeat above steps for all inputs which have alert sign against them.
- Enable each desired input to start data collection.
In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf
and splunk_ta_o365_server_setting.conf
. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf
. The default log level is INFO
.
Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft 0ffice 365.
New Features¶
Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Support for Python 3
For more information on migrating your deployment to a Python 3 deployment, see Choose your Splunk Enterprise upgrade path for the Python 3 migration in the Splunk Enterprise Installation manual.
Fixed issues¶
Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:
Known issues¶
Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 4.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 3.1.0¶
Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services was released on April 8, 2019.
Compatibility¶
Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 6.6,x, 7.0.x, 7.1.x, 7.2.x, 7.3.x |
CIM version | 4.12 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
Upgrade¶
The following migration guide is supported for upgrading from version 3.0.0 to version 3.1.0. Upgrading from any version older than 3.0.0 requires a fresh installation of version 3.0.0.
A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.
- Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
- Install the Splunk Add-on for Microsoft Cloud Services version 3.1.0 from the Splunk Web UI (make sure Upgrade App checkbox is selected).
- Restart the Splunk platform.
- Navigate to the input page of the Splunk Add-on for Microsoft Cloud Service. Alerts will appear, indicating incomplete account authorization.
- Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
- Complete the authorization of your account by adding your account secret key/account token.
- Repeat above steps for all inputs which have alert sign against them.
- Enable each desired input to start data collection.
In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf
and splunk_ta_o365_server_setting.conf
. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf
. The default log level is INFO
.
Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft 0ffice 365 module. See the Splunk Add-on for Microsoft 0ffice 365.
New Features¶
Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:
- Credential validation of Account Name and Account secret key on Account configuration page.
Fixed issues¶
Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:
Known issues¶
Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 3.0.0¶
Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 6.6,x, 7.0.x, 7.1.x, 7.2.x |
CIM version | 4.12 |
Supported OS for data collection | Platform independent |
Vendor Products | Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services |
Upgrade¶
A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.
Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft Office 365.
In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf
and splunk_ta_o365_server_setting.conf
. In version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf
. The default log level is INFO
.
After you install version 3.0.0, you must clear the cache on the host of your Splunk platform instance or force refresh the input and configuration page the first time you use Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.
New Features¶
Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new feature:
- Support for XML and JSON field extractions via the
mscs:storage:
blob:xml
andmscs:storage:
blob:json
sourcetypes.
Fixed issues¶
Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:
Known issues¶
Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions¶
Version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 2.1.0¶
Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 6.5.x, 6.6,x, 7.0.x, 7.1.x, 7.2.x |
CIM | 4.11 |
Platforms | Platform independent |
Vendor Products | Microsoft Office 365, Azure Active Directory, Sharepoint Online, Exchange Online, Azure Storage Table, Azure Storage Blob, Azure Audit, and Azure Resource Group. |
New Features¶
Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Service has the following new features and enhancements.
- Support for Office365 Government Cloud
- Support for Azure Government Cloud
- Support for the Audit General class of Office365 events
Fixed issues¶
Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues.
Known issues¶
Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues.
Third-party software attributions¶
Version 2.1.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 2.0.3¶
Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 6.4 and later |
CIM | 4.4 and later |
Platforms | Platform independent |
Vendor Products | Microsoft Office 365, Azure Active Directory, Sharepoint Online, Exchange Online, Azure Storage Table, Azure Storage Blob, Azure Audit, and Azure Resource Group. |
New Features¶
Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Service has the following new features and enhancements.
- Enhanced stability and performance in data collection through the O365 Management APIs
- Updates to pagination handling for the O365 Management Activity APIs
- Added proxy support for Audit and Resource data inputs
- Optimized performance for the Diagnostics and websitesapplogs tables
Fixed issues¶
Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Service fixes the following issues.
Known issues¶
Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues.
Third-party software attributions¶
Version 2.0.3 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 2.0.2¶
Version 2.0.2 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 6.4 and 6.5 |
CIM | 4.4 or later |
Platforms | Platform independent |
Vendor Products | Microsoft Office 365, Azure Active Directory, Sharepoint Online, Exchange Online, Azure Storage Table, Azure Storage Blob, Azure Audit, and Azure Resource Group. |
Fixed issues¶
Version 2.0.2 of the Splunk Add-on for Microsoft Cloud Service fixes the following issues.
Publication Date | Issue number | Description |
---|---|---|
2017/02/20 | ADDON-12556 | Cannot use proxy without Authentication in Storage channel. |
2017/02/20 | ADDON-12665 | The length of the checkpoint file name exceeds the limitation of the operating system. |
2017/02/20 | ADDON-12666 | Cannot parse SAS token which is not start with ‘?’. |
Known issues¶
Version 2.0.2 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues.
Date |
Issue number |
Description |
---|---|---|
2017/06/02 |
ADDON-14969 |
Truncated Key/value pairs in Splunk Add-on for Microsoft Cloud Services. |
2017/02/07 |
ADDON-13487 |
The proxy value you configured in this add-on cannot be used for the Azure resource and Azure audit input channel. |
2017/02/06 |
ADDON-13476 |
Error occurs during upgrading Splunk add-on for Microsoft cloud service on Windows platform. |
For the known issues in the previous release, see release history of the Splunk add-on for Microsoft cloud service.
Third-party software attributions¶
Version 2.0.2 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 2.0.1¶
Version 2.0.1 of the Splunk Add-on for Microsoft Cloud Services is compatible with the same software, CIM versions and platforms as Version 2.0.2.
Fixed issues¶
Version 2.0.1 of the Splunk Add-on for Microsoft Cloud Service fixes the following issues.
Resolved Date |
Issue number |
Description |
---|---|---|
2016/10/14 |
ADDON-10454 |
Only the first 30 inputs (in the alphabet order) of Azure Storage Table (including Virtual Machine Metrics) can work. |
Known issues¶
Version 2.0.1 of the Splunk Add-on for Microsoft Cloud Services contains the following known issues.
Date |
Issue number |
Description |
---|---|---|
2016-10-13 |
ADDON-11638 |
This add-on does not check the input name stanza at the frontend. |
2016-10-12 |
ADDON-11609 |
This add-on fails to configure the certificate in the latest Firefox browser. |
2016-09-24 |
ADDON-11423 |
This add-on can only get data when blob name in Microsoft Cloud Service only contains ASCII code. It cannot get data if the blob name contains multibyte character set, such as Latin characters, Japanese characters. |
2016-09-20 |
ADDON-11419 |
If the names of the Azure storage blob inputs under the same account are the same except the case, such as INPUTS and inputs, the checkpoint conflicts to each other on Windows platform. This issue also exists in other modular inputs. |
2016-09-20 |
ADDON-11409 |
The changes in the |
2016-09-20 |
ADDON-11400 |
If you set the log level to ERROR for Azure Audit and Azure Blob input, there are still some INFO level logs recorded in the log file. |
2016-09-19 |
ADDON-11349 |
The error message |
2016-09-19 |
ADDON-11316 |
There will be some errors, such as Failed to load endpoint, Refresh token failed, Failed to init ServerInfo or Failed to send rest request in the log file when you restart Splunk platform. But it does not effect data collection. |
2016-09-15 |
ADDON-11298 |
There will be some data loss if the Splunk platform restart or shutdown accidently. |
2016-09-09 |
ADDON-11178 |
You can only add the Office365 account via Splunk web, you can not add it using the configuration file. |
2016-09-05 |
ADDON-11164 |
The Proxy Type and DNS Resolution settings do not work for Azure Storage Table and Azure Storage Blob input. |
2016-08-23 |
ADDON-10984 |
This add-on cannot get Virtual Machine (classic) metadata. |
2016/03/30 |
ADDON-8505 |
Splunk searches sometimes display duplicate events. This is a known issue with the Microsoft Office 365 Management API. |
2016/03/30 |
ADDON-8504 |
Splunk searches sometimes display events out of order. This is a known issue with the Microsoft Office 365 Management API. |
2016/03/29 |
ADDON-8432 |
Stanza "o365_certificate_setting" in splunk_ta_ms_o365_server_ucc_system_setting.conf.spec has incorrect default values. |
2016/03/29 |
ADDON-8424 |
Certificate status messages "* but invalid" should not appear until a longer time has passed. |
2016/03/08 |
ADDON-8221 |
If you configure an X.509 certificate and private key and upload the keyCredentials JSON for any integration account configured in the add-on, you also need to be uploaded it for all other accounts configured in the add-on, or any accounts not using the certificate cannot collect data. |
2016/01/31 |
ADDON-7653 |
Management log reports rest request error during Splunk platform stop/restart immediately after a configuration change. This error can be ignored. |
2016/01/26 |
ADDON-7597 |
Input will stop when the proxy_url exists but is invalid as a proxy. Workaround: Change your proxy URL to a valid proxy value. |
Third-party software attributions¶
Version 2.0.1 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 2.0.0¶
Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the same software, CIM versions and platforms as Version 2.0.1.
New features¶
Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features.
Date | Issue number | Description |
---|---|---|
2016/09/20 | ADDON-10883 | Mapping to Cloud of ITSI data model. |
2016/09/20 | ADDON-10728 | Add modular input for Azure Storage Blob data. |
2016/09/20 | ADDON-10727 | Add modular input for Azure Storage Table data. |
2016/09/20 | ADDON-10129 | Add modular input for Azure Audit data. |
2016/09/20 | ADDON-10696 | Add modular input for Azure Resource data. |
2016/09/20 | ADDON-10222 | Add modular input for Azure Virtual Machine Metrics data. |
Fixed issues¶
Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Service fixes the following issues.
Resolved Date | Issue number | Description |
---|---|---|
2016-09-05 | ADDON-11033 | If there is space in the name of inputs or account, this add-on will fail to ingest data. |
2016-07-19 | ADDON-9329 | This add-on does not work if you install the add-on under /etc/apps/SPLUNK_HOME/ect/apps folder |
2016-08-30 | ADDON-8735 | If the global proxy is enabled in splunk-launch.conf , the add-on cannot display the Account or Proxy tab under Configuration. |
Known issues¶
Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following known issues.
Date |
Issue number |
Description |
---|---|---|
2016-09-27 |
ADDON-10454 |
Only the first 30 inputs (in the alphabet order) of Azure Storage Table (including Virtual Machine Metrics) can work. |
2016-09-24 |
ADDON-11423 |
This add-on can only get data when blob name in Microsoft Cloud Service only contains ASCII code. It cannot get data if the blob name contains multibyte character set, such as Latin characters, Japanese characters. |
2016-09-20 |
ADDON-11419 |
If the names of the Azure storage blob inputs under the same account are the same except the case, such as INPUTS and inputs, the checkpoint conflicts to each other on Windows platform. This issue also exists in other modular inputs. |
2016-09-20 |
ADDON-11409 |
The changes in the |
2016-09-20 |
ADDON-11400 |
If you set the log level to ERROR for Azure Audit and Azure Blob input, there are still some INFO level logs recorded in the log file. |
2016-09-19 |
ADDON-11349 |
The error message |
2016-09-19 |
ADDON-11316 |
There will be some errors, such as Failed to load endpoint, Refresh token failed, Failed to init ServerInfo or Failed to send rest request in the log file when you restart Splunk platform. But it does not effect data collection. |
2016-09-15 |
ADDON-11298 |
There will be some data loss if the Splunk platform restart or shutdown accidently. |
2016-09-09 |
ADDON-11178 |
You can only add the Office365 account via Splunk web, you can not add it using the configuration file. |
2016-09-05 |
ADDON-11164 |
The Proxy Type and DNS Resolution settings do not work for Azure Storage Table and Azure Storage Blob input. |
2016-08-23 |
ADDON-10984 |
This add-on cannot get Virtual Machine (classic) metadata. |
2016/03/30 |
ADDON-8505 |
Splunk searches sometimes display duplicate events. This is a known issue with the Microsoft Office 365 Management API. |
2016/03/30 |
ADDON-8504 |
Splunk searches sometimes display events out of order. This is a known issue with the Microsoft Office 365 Management API. |
2016/03/29 |
ADDON-8432 |
Stanza "o365_certificate_setting" in splunk_ta_ms_o365_server_ucc_system_setting.conf.spec has incorrect default values. |
2016/03/29 |
ADDON-8424 |
Certificate status messages "* but invalid" should not appear until a longer time has passed. |
2016/03/08 |
ADDON-8221 |
If you configure an X.509 certificate and private key and upload the keyCredentials JSON for any integration account configured in the add-on, you also need to be uploaded it for all other accounts configured in the add-on, or any accounts not using the certificate cannot collect data. |
2016/01/31 |
ADDON-7653 |
Management log reports rest request error during Splunk platform stop/restart immediately after a configuration change. This error can be ignored. |
2016/01/26 |
ADDON-7597 |
Input will stop when the proxy_url exists but is invalid as a proxy. Workaround: Change your proxy URL to a valid proxy value. |
Third-party software attributions¶
Version 2.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.
Version 1.0.0¶
Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services was released on April 1, 2016. Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 6.3.X or later |
CIM | 4.4 or later |
Platforms | Platform independent |
Vendor Products | Microsoft Office 365, Azure Active Directory, Sharepoint Online, Exchange Online, and other cloud services. |
New features¶
Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features.
Date | Issue number | Description |
---|---|---|
2016/03/10 | ADDON-3941 | Create a new add-on for Microsoft cloud services. |
Known issues¶
Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services contains the following known issues.
Date | Issue number | Description |
---|---|---|
2016/03/30 | ADDON-8505 | Splunk searches sometimes display duplicate events. This is a known issue with the Microsoft Office 365 Management API. |
2016/03/30 | ADDON-8504 | Splunk searches sometimes display events out of order. This is a known issue with the Microsoft Office 365 Management API. |
2016/03/29 | ADDON-8432 | Stanza “o365_certificate_setting” in splunk_ta_ms_o365_server_ucc_system_setting.conf.spec has incorrect default values. |
2016/03/29 | ADDON-8424 | Certificate status messages “* but invalid” should not appear until a longer time has passed. |
2016/03/15 | ADDON-8280 | Add-on throws “Failed to send rest request” errors during restart after initial installation unless the user waits for about one minute after installing the add-on and before restarting the Splunk platform. Workaround: Restart the Splunk platform a second time. |
2016/03/08 | ADDON-8221 | If you configure an X.509 certificate and private key and upload the keyCredentials JSON for any integration account configured in the add-on, you also need to be upload it for all other accounts configured in the add-on, or any accounts not using the certificate cannot collect data. |
2016/01/31 | ADDON-7653 | Management log reports rest request error during Splunk platform stop/restart immediately after a configuration change. This error can be ignored. |
2016/01/26 | ADDON-7597 | Input will stop when the proxy_url exists but is invalid as a proxy. Workaround: Change your proxy URL to a valid proxy value. |
Third-party software attributions¶
Version 1.0.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.