What's New in Version 4.0.1
The Illumio Technology Add-On (TA) for Splunk enriches Illumio Policy Compute Engine (PCE) with Common Information Model (CIM) field names, event types, and logs.
The TA enables Illumio data to be used with Splunk Enterprise Security, Splunk App for PCI Compliance, and more.
Important
In version 4.0.0, Syslog prefixes are stripped at index-time for JSON-formatted events. Because of this change, the search-time extractions and transforms for version 4.0.0 are incompatible with data indexed by previous versions of the TA. See the Upgrade section in the README (or the Installation Instructions pane) for instructions about how to convert data and custom searches from previous versions of the TA.
Related Links
For dashboards with Illumio data, install the Illumio App for Splunk.