Skip navigation

Duo Splunk Connector - Release Notes

Last updated:

Duo Splunk Connector allow administrators to easily import their Duo logs into their Splunk environment.

Download the current release from Splunkbase.

Version 2.1.0 - December 2, 2024

  • Upgraded Splunk SDK version.
  • No change in functionality of Duo Splunk Connector.
  • This Duo Splunk Connector will reach end of life as of May 1, 2025. Please update to the Cisco Security Cloud application on Splunkbase before this date.

Version 2.0.3 - July 25, 2024

  • Fixed an issue in the app.manifest file that did not comply with Splunk's standards.

Version 2.0.2 - September 11, 2023

  • Adds new Duo log types:
    • Activity Logs
    • Authentication v2 Logs
    • Telephony v2 Logs
    • Trust Monitor Logs
  • Adds ability to enable/disable individual log types to ingest.
  • Adds support for multiple input instances.
  • Increases security of credentials.
  • Migrates storage of log timestamps from file on disk to a Splunk KV store.
  • Separates Duo-specific Splunk logs into a SPLUNK_HOME/var/log/splunk/duo_splunkapp folder.
  • Normalizes Splunk fields - ctime, timestamp, eventtype, and host.
  • Decreases the initial lookback period for new logs from 30 days to 7 days.

Version 1.2.2 - June 8, 2023

  • Correctly restores default/indexes.conf if it already existed.
  • Updates app.manifest and app.conf with the correct version number.

Version 1.2.1 - June 7, 2023

  • Corrects an issue in Duo Splunk Connector 1.2.0 where the default/indexes.conf index was inadvertently removed from Splunk Cloud if it already existed.

Version 1.2.0 - June 5, 2023

  • Removed support for Python 2 and Splunk releases below 8.0.
  • Updated dependencies:
    • splunk-sdk 1.7.3
    • duo-client 4.7.1
    • pytz 2023.3
    • six 1.16.0
  • Duo Splunk Connector installer no longer creates the duo index automatically for new installs.

Version 1.1.9 - March 3, 2022

  • Updated to jQuery 3.5+ for security fixes.
  • Updated Splunk-SDK to 1.6.15 to support new version.

Version 1.1.8 - February 23, 2021

  • Fixed a bug in packaging where latest version of the six module was not getting set in splunk env. This resolves issues seen upgrading to the latest version of Duo Splunk Connector due to incompatible libraries in older six versions.

Version 1.1.7 - July 9, 2020

  • Customers should not upgrade directly to this version from v1.1.5 or earlier. Update your installation to v1.1.6 first, then proceed with the 1.1.7 upgrade.
  • Added support for Splunk 8.0, including the optional python3 runtime included with Splunk 8.
  • The Python runtime default in inputs.conf now sets the runtime to python3 for Splunk versions 8.0 or newer (python.version = python3). This change has no effect in Splunk 7.x environments, which continue using the python2 runtime.

Version 1.1.6 - February 11, 2020

Version 1.1.5 - September 2019

  • Added support for Splunk 7.3.
  • Fixed bug related to error log messages sometimes breaking the Splunk JsonLineBreaker.
  • Added more verbose logging messages to aid in troubleshooting.
  • Improved performance when validating Duo Admin API credentials during the initial setup.

Version 1.1.4 - February 2019

  • Added more helpful logging
  • App will now gracefully handle API rate limits and results pagination
  • Improved Endpoint retrieval process
  • Minor changes to the dashboard queries to assist in a future preview

Version 1.1.3 - June 2018

  • Now available in Splunkbase for Splunk Cloud
  • Alignment with Splunk plugin recommended architecture
  • Removed repoFactor=auto from the default indexes.conf file

Version 1.1.2 - June 2017

  • Bug fixes

Version 1.1.1 - May 2017

  • Encrypting Duo SKEY with Splunk's encryption system
  • Updated README with support information

Version 1.1.0 - March 2017

  • Added Macro support allowing admins to specify a custom index
  • Changed map on authentication page to use city instead of longitude and latitude
  • Bug fixes

Version 1.0.1 - March 2017

  • Initial Splunkbase release