4.0.7
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
4.0.7
The following issues have been resolved in this release of Splunk:
Resolved general issues
- An issue with a memory leak when using SSL with Solaris forwarders has been resolved. (SPL-27702)
- An issue with the
recover-metadatacommand has been resolved. (SPL-27574) - This release includes a fix to work around a known issue in the threading code in Solaris 8 which was causing Splunk to crash with no corefile or error shortly after startup. (SPL-27999)
- An issue with Splunk crashing when a user tries to log in with an expired password has been resolved. (SPL-27905)
- Syslog out functionality that was broken on upgrade from 3.4.x is restored. (SPL-27621)
- The logging level in log.cfg for deployment server and client is no longer set to DEBUG by default. (SPL-27561)
- Splunk's implementation of openssl has been updated to fix the CVE-2009-3555 vulnerability. (SPL-27483)
- The xpath command now works correctly. (SPL-26985)
- The deployment server now uses the correct utsname on vm, VMware Virtual Platform machines (SPL-26513)
- Upgraded versions of Splunk light forwarders (3.4.x -> 4.x) no longer index locally when configured not to. (SPL-26752)
- The number of security events produced by Splunk when in light forwarder mode has been reduced to a reasonable level. This was accomplished by disabling all saved searches in the Search app when the light forwarder app is enabled. (SPL-27166)
- Splunk is now certified on MacOS 10.6, "Snow Leopard", supported in 32-bit mode only. (SPL-27318)
Resolved Splunk Web and Manager issues
- A cross-site scripting vulnerability in Splunk Web has been resolved. (SPL-27661, SPL-27560)
- Splunk Web now correctly displays dates from the Splunk server's timezone and not the local browser's. (SPL-27366, SPL-25226, SPL-25728)
- The interactive field extractor (IFX) now allows User and Power roles to save fields. (SPL-25471)
- The correct error is now displayed when a user reaches a disk quota limit. (SPL-27194)
- Summary of top 10 values of a field is now available again in the fields picker. (SPL-27820)
Resolved Windows-specific issues
- The cold-to-frozen script provided in the documentation now works correctly on Windows. (SPL-27474)
- Configuration files for the deployment server on Windows now have the correct backslashes. (SPL-26463)
- The Cisco app now installs and functions correctly on Windows. (SPL-26607)
- Indexed Windows events with no associated description string in the message file will now pull the description from the event itself if available. (SPL-27117)
- Windows Unicode format files are now correctly indexed. (SPL-27251)
- Clicking on a Windows source now correctly escapes the backslashes and returns results as appropriate. (SPL-27272)
- An issue around distributed search dashboard crashing on Windows with an error in splunkd.log (DEBUG HTTPStreamPerf) has been resolved. (SPL-27686)
- Event log message fields are now correctly extracted on Japanese Windows XP. (SPL-25255)
- An issue with the count of returned events being cached in IE6 has been resolved. (SPL-27171)
- Manager no longer limits shown Windows Event log collection inputs to 30. (SPL-27409)
- An issue around duplicating Application Log data on Windows when a particular Windows Event log category input source is not present has been resolved. (SPL-22613)
- An issue with CPU spiking when Windows forwarders are unable to reach an indexer has been resolved. (SPL-26789, SPL-27393)
- Splunk now displays Windows Events in a manner consistent to Windows Event Viewer. (SPL-24031)
Resolved search issues
- Running a saved search without a viewstate no longer generates a stack trace. (SPL-26915)
- When configuring distributed search, you no longer have to distribute a fields.conf to each search peer to define non-extracted fields. (SPL-26560)
- Saving event types in Splunk Web no longer incorrectly prepends "search" to the search string. (SPL-27461, SPL-27075, SPL-27049, SPL-27048)
- An issue with search hanging when searching across colddbs has been resolved. (SPL-27624)
- An issue with search crashing related to tags has been resolved. (SPL-27495)
- Dynamic list lookups using an external script now work in distributed search environments. (SPL-27391)
- "No result data" is no longer displayed before results are displayed. (SPL-27325)
- The stats operator now works correctly in the CLI in conjunction with "SourceName" extracted field in the Windows app. (SPL-27302)
- The top.sh script in the *NIX app has been updated to correctly report the output of
prstat. (SPL-27904) - The iostat event type has been restored in the *NIX app. (SPL-27616)
- An issue involving Splunk not indexing a monitored file after rolling has been resolved. (SPL-28036)
- An issue with defined fields not being extracted has been resolved. (SPL-27665)
- Event timestamps using the Z notation for UTC (supported by ISO8601) are now indexed with the correct time. (SPL-27344)
- An issue with incorrect merging of tsidx files and with lock files not being cleaned up has been resolved. (SPL-27429)
- UDP inputs now support
no_appending_timestamp = true. (SPL-26783)
This documentation applies to the following versions of Splunk: 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.