Splunk® Enterprise Security

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Known issues for Splunk Enterprise Security

This version of Splunk Enterprise Security has the following reported known issues and workarounds. Some issues may appear in more than one section.


Date filed Issue number Description
2019-02-19 SOLNESS-18079 Port And Protocol Tracker Lookup Gen isn't tracking allowed ports
2018-09-18 SOLNESS-16563 globedistance macro units syntax does not match usage in summary gen search

Workaround:
The following syntax for Access - Geographically Improbable Access - Summary Gen:

eval key=mvsort(mvappend(src."->".dest, NULL, dest."->".src)) | dedup key, user | `globedistance(src_lat,src_long,dest_lat,dest_long,"m")`
 

Should be:
eval key=mvsort(mvappend(src."->".dest, NULL, dest."->".src)),units="m" | dedup key, user | `globedistance(src_lat,src_long,dest_lat,dest_long,units)`
 
2018-03-12 SOLNESS-14854 Notable Event Suppression actions are not tracked in the action history.
2017-12-07 SOLNESS-13840 Investigation print displays Dec 31, 1969 4:00 PM as a secondary timestamp for all entries.
2017-11-09 SOLNESS-12599 Glass table lines always appear at the front, even when sent to back.
2017-10-30 SOLNESS-12543 When Printing Investigation, events include start and end times, but end times are epoch=0
2017-10-16 SOLNESS-12495 Investigations does not appear in ES navigation menu toolbar after upgrade to 4.7.x.

Workaround:
Because the Investigations page was renamed in 4.6.x and the navigation editor now respects local overrides, the My Investigations page disappears from the navigation and the Investigations page does not replace it. To add the Investigations page to the navigation, select Config > General > Navigation and add the Investigations view to the navigation in Splunk Enterprise Security.
2017-06-22 SOLNESS-12151 /services/shcluster calls fail under dev license.
2017-05-07 SOLNESS-12049 Double quote in correlation search name causes "unknown" notable description in Incident Review dashboard

Workaround:
Remove the double quote from the correlation search name.
2017-04-14 SOLNESS-11988 Nav Editor: Cancel button doesn't work
2017-04-05 SOLNESS-11913 Glasstable searches containing | rest may display inaccurate results on Core Splunk 6.6+

Workaround:
Log in as a user who is a member of or inherits the "admin" role to ensure that the data presented in the Glass Table view is complete.
2017-03-30 SOLNESS-11872 Session Center Page : UBA tab : Export to PDF does not include UBA results
2017-01-13 SOLNESS-11296 SA-ExtremeSearch display_context view does not work in Splunk platform 6.5+

Workaround:
Download the Extreme Search Visualizations app from Splunkbase to use updated dashboards that are compatible with newer versions of the Splunk platform.
2016-12-22 SOLNESS-11188 Images attached to Timeline are not displayed on 6.5.x if they are larger than 512KB.
2016-12-12 SOLNESS-11120 When printing a dashboard, key indicators show up large and with the drilldown link in parentheses.
Last modified on 04 April, 2019
PREVIOUS
Fixed issues for Splunk Enterprise Security
  NEXT
How to find answers and get help with Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.5, 4.7.6


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters