Skip to content

Release notes for the Splunk Add-on for Unix and Linux

Version 10.1.0 of the Splunk Add-on for Unix and Linux was released on April 28, 2025.

Compatibility

Version 10.1.0 of the Splunk Add-on for Unix and Linux is compatible with the following software, CIM versions, and platforms:
Splunk platform versions 9.1.x, 9.2.x, 9.3.x, 9.4.x
CIM 4.20.2
Supported OS for data collection All supported Unix operating systems. See Unix operating systems.
Vendor products All supported Unix operating systems. See Unix operating systems.

See the Scripted input reference for the Splunk Add-on for Unix and Linux page in the Reference chapter of this manual to learn more about scripted inputs and their operating system compatibility.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 10.1.0 of the Splunk Add-on for Unix and Linux has the following new features:

  • Added support for the following newer operating system versions:
    • MacOS 15.3.1
    • RHEL 9.5
    • SUSE 15.6
    • Ubuntu 24.04
    • FreeBDS 14.2
  • The ps.sh and ps_metric.sh are enhanced to include the ELAPSED field in the output, alongside the existing metrics.
  • The rlog.sh script is optimized to reduce CPU utilization on low-spec machines processing large audit log files.
  • The iostat.sh and iostat_metric.sh scripts are modified to add support for collecting I/O statistics averaged over 60 seconds, replacing the previous fixed 1 second interval.
  • Updated sar, mpstat and top command parameters in cpu.sh and cpu_metric.sh for Solaris kernel to address the issue of momentary spikes of higher utilization when invoked compared to previous major version of Splunk. The scripts will output 5 reports by default at an interval of 2 seconds. The script execution will last for 10 seconds. You can set the script interval to 10 seconds in order to continuously monitor your Linux machines.
  • Updated vmstat.sh and vmstat_metric.sh to fetch values from the average value row instead of the first row of the command output, ensuring accurate system performance metrics.
  • Updated df.sh parsing on Darwin and AIX to correctly handle whitespaces in Filesystem and Mounted on fields.
  • Renamed stanza eval_dimensions in transforms.conf and its reference in props.conf and to prevent conflict with other TAs

Fixed issues

Version 10.1.0 of the Splunk Add-on for Unix and Linux has the following known issues. If no issues appear here, no issues have yet been reported:

Known issues

Version 10.1.0 of the Splunk Add-on for Unix and Linux has the following known issues. If no issues appear here, no issues have yet been reported:

Third-party software attributions

The Splunk Add-on for Unix and Linux does not use third-party software or libraries.