4.0.5

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Resolved general issues
Resolved Windows issues

4.0.5

The following issues were resolved in this release of Splunk:

Resolved general issues

Splunk Free is now available.
Memory corruption issue on OS X 10.6 "snow leopard" is resolved for 32-bit. (SPL-25434)
Event signing and auditing now work as documented. (SPL-26299)
Scripted authentication now works as documented. (SPL-26489)
Splunk SSL now supports the use of intermediate CA certificates. (SPL-14463)
When creating new users, all available roles are now shown in the field picker. (SPL-26185)
Failing to define a source type in inputs.conf no longer results in an "unknown#" unsearchable source type. (SPL-26213)
Performance has been improved when searching across separate filesystems for warm and cold storage. (SPL-26263)
Splunk no longer truncates multi-line events of more than 500 lines. (SPL-26880)
The .spec file for inputs.conf no longer states an inaccurate default value for rcvbuf. (SPL-24860)
Local file upload now supports file sizes up to 500MB. (SPL-24292)
The followTail setting in inputs.conf is now respected. (SPL-26010)
You may now add up to 50 rows or columns in a view's layoutPanel. (SPL-26177)
Saved searches now function correctly if user is logged in with username in different case than was used to log in when the saved search was created (for example fflanda vs. Fflanda). Refer to Migrating user configurations to 4.0.5 in the Release Notes for more information. (SPL-26335)
Xpath command now functions correctly. (SPL-26985)
Scrolling in panel layout view now works correctly in IE7. (SPL-24861)
Distributed search on Solaris now returns all results. (SPL-27006,SPL-26440)
A crash involving the TcpInputProcessor thread on distributed search heads has been resolved. (SPL-26568)
Show source on Firefox 3.5 now shows the source of the correct event. (SPL-25578)
Logs forwarded from the lightweight forwarder are now timestamped correctly. (SPL-26949)
Whitelisted symlinks pointing to non-whitelisted files now result in the target files being indexed. (SPL-26718)
The custom time range picker in Splunk Web no longer closes too quickly to use in small browser windows. (SPL-26674)
The vmstat.sh script from the *Nix app no longer fails. (SPL-26635)
When defining a scripted input in Splunk Web, it is no longer possible to erroneously select 'automatic' as a source type. (SPL-26608)
The permission setting on $SPLUNK_HOME/etc/apps/*/metadata now allows updates to permissions on views even if you're not running as root. (SPL-26603)
It's no longer possible to save an unnamed event type in Splunk Manager. (SPL-26536)
There is a new forwarder backoff settings section in outputs.conf to configure the slowdown of subsequent attempted connections to an indexer when there are repeated failed connections. (SPL-26478)
An issue with high memory usage resulting in a INDEXER_INTERNAL_MEMORY_ERROR error has been resolved. (SPL-26466)
Running the delete operator now correctly deletes metadata. (SPL-26415)
The makemv and mvexpand search commands now function correctly. (SPL-26304)
When enabling audit event signing, the ID field for the sequential number is now labeled search_id instead of just "id", which was already in use. (SPL-26283)
Setting the input type for compressed files explicitly now works correctly. (SPL-25812)
Deleting large numbers of events from the CLI works correctly. (SPL-25751)
Splunk Web now consistently displays the selected timezone. (SPL-25728)
The "business_week_to_date" timerange option now functions correctly. (SPL-25629)
Users with spaces in their usernames can now edit views. (SPL-25537)
An issue with non-UTF-8 characters in usernames has been resolved. (SPL-25503)
Setting updateCheckerBaseURL= 0 no longer prevents Splunk Web from loading. (SPL-25319)
Event auditing data now forwards correctly. (SPL-24485)
The 'frozenTimePeriodInSecs' and 'maxTotalDataSizeMB' settings in indexes.conf are now properly respected. (SPL-23415)
Issues with search stemming have been resolved (when you search explicitly for 10.3.2.1 you will not get results for 10.3.2.100). (SPL-17103)
The testmode option for the collect data type now works correctly. (SPL-15853)
Spaces are now supported in stanza names in auth.conf. (SPL-5609)
Invalid .tmp directories (such as artifacts of partially decompressed directories) are now ignored. (SPL-27101)
Saved searches now support terms in quotes. (SPL-26763)
An issue with tools.sessions.timeout setting being ignored is resolved. (SPL-26243)
Redundant quotes removed from arguments passed to custom alerting scripts. For an example, see [this page]

Resolved Windows issues

An issue with duplicate strings being extracted from Windows Event Logs has been resolved. (SPL-26974)
When the application that generated a Windows Event has been uninstalled, Splunk now indicates within affected events that some fields cannot be extracted. (SPL-26818)
The Windows command line installation FORWARD_SERVER="<host:port>" now creates outputs.conf correctly. (SPL-26580)

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.10/ReleaseNotes/4.0.5"

« 4.0.4 4.0.6 »

This documentation applies to the following versions of Splunk: 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Release Notes

4.0.5

Contents

4.0.5

Resolved general issues

Resolved Windows issues

Comments