Splunk® Enterprise Security

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Fixed Issues

The following issues have been resolved for this release of the Splunk App for Enterprise Security.

Defect number Description
SOLNESS-1784 Contributing events from any notable event in the Incident Review dashboard will default to "All Time" and may take a long time to return results. To workaround this issue, cancel the search and rerun with the desired time window.
SOLNESS-6664 Disabling the SplunkEnterpriseSecuritySuite or SA-ThreatIntelligence apps removes all data collected in the KVStore collections. The KVStore collection data in those apps includes Notable Event status changes created on the Incident Review dashboard.
SPL-94414 The server.conf [kvstore] stanza will not accept environment variables in the caCertPath parameter.
SOLNESS-4256 Running Splunk Enterprise on Windows with under-provisioned virtualized hardware may cause Enterprise Security setup to fail. If the instance meets the "virtualized hardware" specifications, retry the setup if it fails the first time.
SOLNESS-5985 In a index cluster environment, a Notable Event's rule_id will not match the event_id and prevents the viewing of any status changes made to the Notable Event.
Last modified on 26 February, 2016
PREVIOUS
Release Notes 		  NEXT
Known Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 3.3.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters