Duo Splunk Connector allow administrators to easily import their Duo logs into their Splunk environment.
Download the current release from Splunkbase.
Version 2.0.2 - September 11, 2023
- Adds new Duo log types:
- Activity Logs
- Authentication v2 Logs
- Telephony v2 Logs
- Trust Monitor Logs
- Adds ability to enable/disable individual log types to ingest.
- Adds support for multiple input instances.
- Increases security of credentials.
- Migrates storage of log timestamps from file on disk to a Splunk KV store.
- Separates Duo-specific Splunk logs into a
- Normalizes Splunk fields -
- Decreases the initial lookback period for new logs from 30 days to 7 days.
Version 1.2.2 - June 8, 2023
- Correctly restores
default/indexes.conf if it already existed.
app.conf with the correct version number.
Version 1.2.1 - June 7, 2023
- Corrects an issue in Duo Splunk Connector 1.2.0 where the
default/indexes.conf index was inadvertently removed from Splunk Cloud if it already existed.
Version 1.2.0 - June 5, 2023
- Removed support for Python 2 and Splunk releases below 8.0.
- Updated dependencies:
- splunk-sdk 1.7.3
- duo-client 4.7.1
- pytz 2023.3
- six 1.16.0
- Duo Splunk Connector installer no longer creates the
duo index automatically for new installs.
Version 1.1.9 - March 3, 2022
- Updated to jQuery 3.5+ for security fixes.
- Updated Splunk-SDK to 1.6.15 to support new version.
Version 1.1.8 - February 23, 2021
- Fixed a bug in packaging where latest version of the
six module was not getting set in
splunk env. This resolves issues seen upgrading to the latest version of Duo Splunk Connector due to incompatible libraries in older
Version 1.1.7 - July 9, 2020
- Customers should not upgrade directly to this version from v1.1.5 or earlier. Update your installation to v1.1.6 first, then proceed with the 1.1.7 upgrade.
- Added support for Splunk 8.0, including the optional
python3 runtime included with Splunk 8.
- The Python runtime default in
inputs.conf now sets the runtime to
python3 for Splunk versions 8.0 or newer (
python.version = python3). This change has no effect in Splunk 7.x environments, which continue using the
Version 1.1.6 - February 11, 2020
Version 1.1.5 - September 2019
- Added support for Splunk 7.3.
- Fixed bug related to error log messages sometimes breaking the Splunk JsonLineBreaker.
- Added more verbose logging messages to aid in troubleshooting.
- Improved performance when validating Duo Admin API credentials during the initial setup.
Version 1.1.4 - February 2019
- Added more helpful logging
- App will now gracefully handle API rate limits and results pagination
- Improved Endpoint retrieval process
- Minor changes to the dashboard queries to assist in a future preview
Version 1.1.3 - June 2018
- Now available in Splunkbase for Splunk Cloud
- Alignment with Splunk plugin recommended architecture
repoFactor=auto from the default
Version 1.1.2 - June 2017
Version 1.1.1 - May 2017
- Encrypting Duo SKEY with Splunk's encryption system
- Updated README with support information
Version 1.1.0 - March 2017
- Added Macro support allowing admins to specify a custom index
- Changed map on authentication page to use city instead of longitude and latitude
- Bug fixes
Version 1.0.1 - March 2017
- Initial Splunkbase release