Release Notes 2.2
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Release Notes 2.2
Date of Release: February 9, 2007
Splunk 2.2 resolves several issues identified in the 2.1.x branch. In addition to various fixes 2.2 introduces support for LDAP authentication.
To install Splunk 2.2, see the Installation Manual for full instructions.
New Features
- LDAP Authentication support
The Splunk Server now supports authentication via your existing LDAP server. The Splunk Server works with any LDAP v3 server. We've tested with OpenLDAP, Novell eDirectory, and Active Directory. Detailed documentation on configuring Splunk to work with your LDAP server can be found in the $SPLUNK_HOME/etc/bundles/auth.conf.spec file
- ZFS and VXFS support
The Splunk Server now supports the ZFS and VXFS filesystems on Solaris (SPARC and x86). For a complete list of supported filesystems please check here
Resolved Issues
- Multiple fixes for crashes related to memory management, input processors, distributed search, restart, and missing configuration files
- Splunk now prevents users from configuring Splunk-2-Splunk to use the management port. Splunk-2-Splunk must use its own port for communication.
- Report:: now supports querying for raw or * using full SQL
- Saved Splunks can not contain spaces, quotation marks or ampersands in the name
- Splunk server names with spaces will no longer cause the web-server to crash
- Saved Splunks that include the report:: operator will return the appropriate report when called via savedsplunk::
- Saved Splunks search terms are limited to 32,767 characters
- Editing a Saved Splunk via the GUI will no longer result in a duplicate entry being created in your $SPLUNK_HOME/etc/bundles/local/savedsplunks.conf file
- The Live Splunk URL passed in an email is identical to the URL passed in a script
- All Live Splunks run at their appropriate intervals
- Live Splunk next run time and alert history both update accordingly
- All Live Splunk scripts must reside in $SPLUNK_HOME/bin/scripts
Known Issues
- 2.1.x installs with multiple users configured will loose the ability for those users to authenticate on upgrade to 2.2. A workaround is documented in the Updating 2.1.x to 2.2 instructions
- The "Last refreshed" time in displayed in the upper left-hand corner of the browser did not update properly with the recent Daylight Savings change. The time will always be 1 hour behind the current time. In order to correct this issue simply replace your
$SPLUNK_HOME/lib/python2.4/site-packages/splunk/search/Query.pywith this corrected Query.py and restart Splunk's webserver (./splunk restart splunkweb) - If the Splunk Server is configured to use LDAP authentication, the amount of time required for Splunk to successfully start will be in direct relation to the number of users stored in the LDAP. Startup can take anywhere between 45-60 seconds.
- LDAP authentication should not use SSL
- When participating in distributed search the report::[ ] operator will need to be enclosed in quotes
- The GroupDN cannot contain an ampersand (&) character if you are configuring LDAP from the GUI. The workaround is to edit the auth.conf file directly.
- Restarting Splunk before a Live Splunk runs for the first time will result in 12/31/1969 being displayed as the Next Run date. This is purely cosmetic, the Live Splunk will run at the scheduled interval.
- An ampersand (&) in the user's Splunk password (e.g., "ch&ngeme") causes an authorization failure for Live Splunks. If you intend to use Live Splunks, choose a password without &.
This documentation applies to the following versions of Splunk: 2.1 , 2.2 , 2.2.1 , 2.2.3 , 2.2.6 View the Article History for its revisions.