Skip to main content

Release Notes - uxmapp

  • Updated
Print Friendly and PDF

uxmapp - Release Notes

Release notes for uxmapp.

2025

2025.12.09


Breaking changes:

  • [Utility] Enable new Multiselect Utility for use in all UXM dashboards to support Splunk 10 and lazy loading multiselect inputs, old dashboards have to be manually upgraded if filters fails (#1537)
  • [Dashboards] Set autoRun="true" to support loading charts/tables when not using menu, tables/charts won't auto load when changing filter, use submit button to refresh (#1552)

Features:

  • [Web Analysis] WebVitals (LCP, INP and CLS) can be monitored via Browser Extension and JavaScript
    [Curl Monitor] Execute tracert on x failure and x successful execution, available on Windows Desktop agents(#1481)
  • [EventLog Monitor] Add CSV lookup files with available channels and sources and allow custom values (#1526)
  • [Active Directory] Capture l, physicalDeliveryOfficeName, postalCode, st and store under ux_userinfo KVStore (#1466)
  • [Reports] Add endpoint reports for detecting issues (#1581)
  • [macOS] Parse crashes info from *.ips and *.crash to generate uxm.application.crash

Dashboard changes:

  • [Application Crashes and Hangs]
  • [Application Dashboard]
  • [Application Usage]
  • [Applications_overview]
  • [Browser Errors]
  • [Endpoint Health Overview] New endpoint health dashboard. (#1545)
  • [Endpoint Details] Add Application Type to support only showing ThinOS apps detected
  • [Endpoint Details] Move UXM Desktop Agent Events to Event Logs and remove "UXM Desktop Agent Events" table (#1511)
  • [Endpoint Details] Add Boot Speed info texts and GPO/Post Boot details, requires enabling Events Logs 
  • [Endpoint Details] Add comments/notes to individual end-points (#1471)
  • [Endpoint details] Application Usage tab - Enhance chart/table for Java and unmapped processes in foreground (#1400)
  • [Endpoint Issues]
  • [Endpoints List]
  • [WiFi Signal Strength] Gather SSID from WiFi network conected to (#1556)
  • [Web Analysis] Display core WebVitals (LCP, INP and CLS), WebVitals monitoring have to be enabled in Browser Extension setting (#1502)
  • [Web Page Request Details] Add Drilldown button into external system if APM traceId is captured (#1554)
  • [Process Analysis] Add dropdown for selecting CPU, Memory (MB), Memory Committed (MB) (#1525)

Fixes:

  • [DataModels] Split DataModels into separate ones for easier updates and acceleration (#1368)
  • [Consumer] Unknown bot User-Agents causes empty browsers that can't be drilled into
  • [Web Page Requests Detail] Split out ux_nodes_lookup into own search (#1538)
  • [Custom Location] Select smallest Hosts count if multiple location with same priority and overlapping ranges exists (#1534)
  • [Teams] teams_session_details changing session fails and drilldown into search in Splunk 10 (#1551)
  • [Custom Location] Use Maxmind for Country/Region if unknown in found location (Example home networks using 192.*) (#1518)
  • [Endpoint Groups] View endpoints limited to top 10.000 results and can't search for endpoint that exists (#1515)
  • [Web Agent] Exception occurred while processing the Queue, exception: invalid literal for int() with base 10: 'x.x' (#1512)
  • [Encryption] Endpoint field encryption, use selected Countries in GUI and processing scripts (#1514)
  • [AlertManager] ux_thresholds_lookup return double data causing AlertManager and Incidents to fail (#1480)
  • [AlertManager] Can't create Close Issue alert when no issues exists (#1479)
  • [Warranty] Lenovo warranty not filled out on some endpoints due to invalid data returned (#1467)
  • [LogonSessions] Missing logons when events is received after rollup bucket is executed, optimized slow performance on large KVStores (#1401)
  • [Encryption] ux_nodes_lookup encrypted hostname, identifying_number and internal_mac_address is lowercased and can't be decrypted. (#1423)
  • [uwsgi] captureIdentifiers = next(iter(_setting), None) - TypeError: 'NoneType' object is not iterable (#1428)
    [KVStore] Invalid field type='cidr' for field='cidr' in collection='ux_locations' and app='uxmapp' (#1450)

Performance:

  • [Consumer] Slow process parsing performance when process application cache lookup is enabled, enable in local/setup.conf store.monitor.process.store_application_latency to enable application latency metrics.
  • [AuditTrail] Usage reports fails to show logins (#1568)
  • [Application Usage Analysis] Use hourly rollup data and add chart resolution (#1567)
  • [Performance] KVStore lookup limit to max 10.000 if only where filters are used (#1563)
  • [Process Monitor] Allow to store in separate index and use macro for selecting the data, Top Process data can use 60% of Metric Store (#1528)
  • [Rollup] Prepare dashboards to use rolled up data (#1569)
  • [Logon Session Details] Selecting 30 days data if Blast data with 5m resolution uses 10GB memory and crashes Splunk (#1566)
  • [Performance] update_statistics in update_kvstore.py is limited to 50.000 endpoints
  • [Performance] Server Busy error in HEC causes 5 minutes halts (#1403)
  • [EndpointMonitor] Network Connected Name: Identifying... received 9000 times per minute, discard event (#1491)

Security patches:

  • [security] Patch vulnerability requests GHSA-9hjg-9r4m-mvj7 and ignore signxml GHSA-gmhf-gg8w-jw42+GHSA-6vx8-pcwv-xhf4 (#1517)
  • [security] node-forge High vulnerability CVE-2025-12816 upgrade to 1.3.2 (#1575)
  • [security] xml-crypto 6.0.0 2x Critical vulnerabilities (CVE-2025-29774, CVE-2025-29775) (#1482)
  • [security] cryptography 42.0.8 High vulnerability (GHSA-79v4-65xg-pq4g) (#1476)
  • [Security] urllib3 1.26.20 GHSA-gm62-xv2j-4w53 and GHSA-2xpw-w6gg-jr37 (Resource usage) (#1583)
  • [security] protobuf-python has a potential Denial of Service issue - ignore until Splunk 9.2 is end of life

Removed features:

  • [remove] Disable automatically application tagging on endpoints (#1510)
  • [remove] Remove deprecated curl source="agent.metrics.curl" (#1475)
     

2025.01.30

Dashboards:

Features:

  • Use local ip for custom location lookup in SaaS customers
  • [AlertManager] Use Splunks SPL sendemail and delete our own mail implementation
  • [AlertManager] Ability to close open alerts if metric goes over/under specific threshold
  • [AlertManager] Add SPL search as notification channel to create/update custom ServiceNow incidents
  • [WiFi] Gather SSID from WiFi network conected to
  • [Performance] User cache only load updates last 10 minutes to avoid using 4 seconds on it

Fixes:

  • [ui] Restricting results of the "rest" operator to the local instance because you do not have the "dispatch_rest_to_indexers" capability.
  • [bug] Generated wsgi user password fails to comply to Splunk password requirements
  • [Consumer] Stops processing data if checking license times out
  • [rollup] Specify metrics to rollup in hourly buckets to avoid creating too many metrics
  • [wifi] Skip logging Identifying connection, 10.000 EventLogs consumes 20 GB per day for 20.000 endpoints
  • [web_analysis] Requests - Fetch showing requests that are not fetch calls
  • [web_analysis] Requests - Resource Requests showing Response Time in sec instead of ms
  • [synthetics] Ping/TCP Connect is showing sec instead of ms
  • [Boot] Use Incident BootStartTime as _time for Windows Boot Startup Event Logs
  • [Synthetics] Store Metrics with 0 ms for network tests to calculate correct averages on LAN tests
  • wfastcgi keeps restarting in windows

Security patches:

  • [Security] Found 2 known vulnerabilities in 2 packages (certifi 2023.7.22 and urllib3 1.26.18)
  • [Security] requests 2.31 - CVE-2024-35195 (medium)
  • [Security] idna 3.4 upgrade to 3.7 to fix GHSA-jjg7-2v4v-x38h
  • [Security] pycryptodome: side-channel leakage for OAEP decryption (CVE-2023-52323/MEDIUM)

 

2024

2024.09.04

Dashboards:

Features:

Fixes:

 

2023

2023.12.13

Features:

  • Warranty updater script moved from SH to HF in distributed environments.

2023.10.31

Features:

  • Warranty updater script moved from SH to HF in distributed environments.

2023.05.09

Features:

  • Application Usage detection for Java, Appx, Office and Prod/Test applications
  • New Web Application Analytics dashboards
  • Encryption of GDPR/PII user/endpoint fields, see GDPR and PII (Personally Identifiable Information) Collected
  • Lookup hashed username send from browser extension and replace with username or encrypted username if configured.
  • Parse Elastic APM JavaScript OTEL data.
    Process Monitor - Capture top memory heavy processes to detect who is using memory

Fixes:

  • uWSGI fails to connect to newly created splunk/uxm server - You (user=uxmapp_wsgi) do not have permission to perform this operation (requires capability: list_all_objects).
  • Performance optimizations in backend and dashboards to handle 100.000 endpoints with 3000+ application.
  • Running multiple mq consumers fails and leaves hanging processes in the background, added 4x pcagent and 4x web agent consumers which can be enabled manually on demand.

2022

2022.09.28

Features:

  • Automatic desktop application creation based on hours application is used in foreground. (Requires Process Monitor -> Foreground app usage enabled)
  • Use Splunk 9 GeoIP lookups file instead of providing own MaxMind file.
  • Setup page - Added RabbitMQ, HEC and KVStore settings and automatical encryption of passwords in local\setup.conf
  • Added BSOD/Stop Errors dashboard to troubleshoot issues with unstable endpoints.

Fixes:

  • Upgraded administration dashboards to support jQuery 3.5 and Splunk 9.x
  • Upgraded dashboards to run in SimpleXML version=1.1

 

2022.03.14

Features:

  • Endpoint issues dashboard and automatic endpoint issue detection for Battery, CPU, Memory, Disk Low Space.
  • Lenovo Warranty import from Lenovo's API see Lookup endpoint warranty information
  • Added deletion of old endpoints in setup page
  • Support new UXM Desktop agents that combines data and only sends 1 message per minute.

Fixes:

  • Support decimals for SLA thresholds

 

2021

2021.08.23

Features:

  • Automatic desktop application creation based on hours application is used in foreground. (Requires Process Monitor -> Foreground app usage enabled)
     
  • Application attributes "Is Approved", "Needs License" and "Lifecycle Status" is added to track rouge applications being used at the endpoints.

    mceclip3.png
  • Teams: Lookup endpoint hostname/os based on "Internal IP address" if UXM Desktop agent is installed on machine to detect users that are using Teams inside Citrix/RDS.

    Info is displayed in Teams session details and analytics dashboards.

    mceclip2.png
  • Teams: Telephone users phoning into meetings can now be filtered under "Network Connection" as PSTN users.

    mceclip0.png
    mceclip1.png

Beta Features:

  • Process crashes and foreground usage time is automatically mapped into correct applications based on their detected processes.

    Dashboards: test_applications_overview and test_application_dashboard_desktop_teams_style

    mceclip4.png

    mceclip5.png

2021.05.18

Features:

  • Added warranty lookup file for endpoint devices which makes the support able to query on expiry dates and drilldown into vendors support page to see extended info. Currently it's a manual process to export serial numbers and look them up in vendors systems.

    mceclip0.png

    mceclip1.png

 

2020

2020.12.22

Features:

  • Teams dashboards reporting on users call performance from calls quality (CQD) data.

 

2019

2019.09.05

Feature:

  • Migrated to Python 3 to support Splunks switch to Python 3.
  • Migrated to use RabbitMQ queue to support 300+ msg per second.
  • Added cURL, Ping, EventLog, Service and Performance counters monitors.

 

2019.03.26

Feature:

  •  Added Robot dashboard and admin pages.

 

2018

2018.06.14

  •  Migrated old APM solution to UXM.

Related articles

On this page