Skip to content

Release notes for the Splunk Add-on for Unix and Linux

Version 10.0.0 of the Splunk Add-on for Unix and Linux was released on July 12, 2024.

Compatibility

Version 10.0.0 of the Splunk Add-on for Unix and Linux is compatible with the following software, CIM versions, and platforms:
Splunk platform versions 9.1.x, 9.2.x, 9.3.x, 9.4.x
CIM 4.20.2
Supported OS for data collection All supported Unix operating systems. See Unix operating systems.
Vendor products All supported Unix operating systems. See Unix operating systems.

See the Scripted input reference for the Splunk Add-on for Unix and Linux page in the Reference chapter of this manual to learn more about scripted inputs and their operating system compatibility.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 10.0.0 of the Splunk Add-on for Unix and Linux has the following new features:

  • Support for new vendor product Rocky Linux OS
  • Support for new vendor product AlmaLinux OS
  • Support newer version v13.3 of FreeBSD OS
  • Added CIM support of ssh logs generated by OpenSSH >9.8 in linux_secure sourcetype. SSH logs in linux_secure were previously mapped to the Authentication data model, but they will now be mapped to the Network Sessions data model.
  • TA now extracts IPv6 values as well in “Received Disconnect” sshd log
  • Added new extractions for “proctitle” and “execve_command” for Linux kernels in audit logs
  • Added DURATION field in lastlog sourcetype that corresponds to the lastlog.sh script
  • Updated SAR, MPSTAT and TOP command parameters in cpu.sh and cpu_metric.sh for Linux, Darwin and AIX kernels to address the issue of momentary spikes of higher utilization when invoked compared to previous major version of Splunk. The scripts will output 5 reports by default at an interval of 2 seconds. Thus, the script execution will last for 10 seconds. Customers can set the script interval to 10 seconds in order to monitor their linux machines continuously.

Bug fixes

Version 10.0.0 of the Splunk Add-on for Unix and Linux has the following bugfixes:

  • Fixed an issue where version.sh script was showing kernel information instead of OS information in os_* field. Corrected the values for os_nane, os_version and os_release fields accross all the supported OSs. Also, added 3 new fields, namely kernel_name, kernel_release and kernel_version having kernel related information.

Fixed issues

Version 10.0.0 of the Splunk Add-on for Unix and Linux has the following known issues. If no issues appear here, no issues have yet been reported:

Known issues

Version 10.0.0 of the Splunk Add-on for Unix and Linux has the following known issues. If no issues appear here, no issues have yet been reported:

Third-party software attributions

The Splunk Add-on for Unix and Linux does not use third-party software or libraries.