Splunk® Enterprise

Release Notes

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Fixed issues

Splunk Enterprise 7.2.1 was released on November 9, 2018. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.

Authentication and authorization issues

Date resolved Issue number Description
2018-10-31 SPL-160868, SPL-147611 Socket error message in splunkd after login to SplunkWeb with self-signed cert
2018-10-30 SPL-159085, SPL-157717 Splunk local authentication: User REST call causes splunk to crash, once the user password expiration days becomes less than 'Expiration alert in days'

Search issues

Date resolved Issue number Description
2018-11-21 SPL-161174, SPL-160881 eventstats on an event search creates inconsistent resultCount
2018-10-31 SPL-161629, SPL-145546 When assigning indexes to roles, indexes defined on the indexer tier are not displayed
2018-10-26 SPL-162298, SPL-144752 Token values are not extracted all the time with sendemail command
2018-10-24 SPL-160294, SPL-159400 Assertion in PortableIovecCursor::bytesLeftToWrite() during search job export
2018-10-24 SPL-162183, SPL-159006 Memmapping Errors when using geospatial lookups
2018-10-24 SPL-161874, SPL-156123 Realtime search causes memory usage constant grow.
2018-10-23 SPL-161869, SPL-153621 Search shows "No results found" intermittently due to difference in minutes part between timezones of splunk instance and user preference
2018-10-23 SPL-160876, SPL-158196 Users page doesn't show default pagination correctly
2018-10-11 SPL-159249, SPL-154920 Search Removal With Case Insensitive Capability
2018-10-11 SPL-153486, SPL-149404 Search.log error message asks user to consider increasing match limit for a Regex without a reason
2018-10-08 SPL-160106, SPL-158486 tstats return less/no events if there is a cycle lookup field with NOT filter
2018-10-05 SPL-160523, SPL-159318 search process crash in AST due to subsearch in a saved search

Saved search, alerting, scheduling, and job management issues

Date resolved Issue number Description
2018-10-25 SPL-161717, SPL-144102 Custom Alert Action Parameters fails when Search has | (pipe) in its name
2018-10-23 SPL-159604, SPL-159053 Trigger Time format in alert emails without AM/PM designators and no Timezone information

Charting, reporting, and visualization issues

Date resolved Issue number Description
2018-10-24 SPL-159564, SPL-157992 Geom used in dashboard causing crash
2018-10-23 SPL-161706, SPL-158788 Scheduling PDF from Exporting Dashboard UI Issue
2018-10-10 SPL-160333, SPL-158897 Selected time picker on dashboard is not translated

Indexer and indexer clustering issues

Date resolved Issue number Description
2018-10-26 SPL-162292, SPL-155681 Splunk on a search head, hits OOM killer by storing a vast, untold, quantity of messages
2018-10-12 SPL-159406, SPL-157189 splunk is not reaping prior search-buckets manifests after new generation

Universal forwarder issues

Date resolved Issue number Description
2018-10-31 SPL-160531, SPL-156698 splunk-netmon consumes additional 2GB memory every day on Universal Forwarder

Monitoring Console issues

Date resolved Issue number Description
2018-10-12 SPL-160867, SPL-158166 Monitoring Console does not allow user to select 'All Queues' in Queues to Measure dropdown

Splunk Web and interface issues

Date resolved Issue number Description
2018-11-21 SPL-161174, SPL-160881 eventstats on an event search creates inconsistent resultCount
2018-10-31 SPL-161629, SPL-145546 When assigning indexes to roles, indexes defined on the indexer tier are not displayed
2018-10-26 SPL-162298, SPL-144752 Token values are not extracted all the time with sendemail command
2018-10-24 SPL-160294, SPL-159400 Assertion in PortableIovecCursor::bytesLeftToWrite() during search job export
2018-10-24 SPL-162183, SPL-159006 Memmapping Errors when using geospatial lookups
2018-10-24 SPL-161874, SPL-156123 Realtime search causes memory usage constant grow.
2018-10-23 SPL-161869, SPL-153621 Search shows "No results found" intermittently due to difference in minutes part between timezones of splunk instance and user preference
2018-10-23 SPL-160876, SPL-158196 Users page doesn't show default pagination correctly
2018-10-11 SPL-159249, SPL-154920 Search Removal With Case Insensitive Capability
2018-10-11 SPL-153486, SPL-149404 Search.log error message asks user to consider increasing match limit for a Regex without a reason
2018-10-08 SPL-160106, SPL-158486 tstats return less/no events if there is a cycle lookup field with NOT filter
2018-10-05 SPL-160523, SPL-159318 search process crash in AST due to subsearch in a saved search

Windows-specific issues

Date resolved Issue number Description
2018-10-31 SPL-162354, SPL-158197 splunk-regmon - failed to start the driver due to permission issue
2018-10-31 SPL-160531, SPL-156698 splunk-netmon consumes additional 2GB memory every day on Universal Forwarder
2018-10-31 SPL-162148, SPL-145841 MonitorNoHandle do not respect _TCP_ROUTING in inputs.conf

Admin and CLI issues

Date resolved Issue number Description
2018-10-15 SPL-159931, SPL-158762 Sorting on "type" column in lookup definitions does not work
2018-09-29 SPL-160807, SPL-161626 In server.conf.spec, the unit type for the 'eviction_padding' setting has been documented incorrectly, stating that the units are in bytes when they are actually in megabytes. Only the specification file has the error; the software operates as designed.

Uncategorized issues

Date resolved Issue number Description
2018-11-01 SPL-162107, SPL-159966 ADP: "Failed to localize" after startup because bucket is not registered with the CacheManager until repair finishes
2018-10-28 SPL-162108, SPL-161462 Splunk is crashing with CacheManager FATAL error
2018-10-28 SPL-160865, SPL-159547 Automatic Timestamp recognition fails for formats that use single-digit zero for hours
2018-10-26 SPL-160400, SPL-158148 SmartStore Migration - Remove-excess-buckets triggering summary reaping from S3 inadvertently - Customer seeing slow searches when using tstats / dma
2018-10-25 SPL-159848, SPL-155513 Mstats not honoring time picker range for windowed real time search
2018-10-25 SPL-161224, SPL-153371 S2 - Search of a frozen bucket returns with a "failed to localize" error.
2018-10-25 SPL-161940, SPL-161090 The Windows version of Splunk Enterprise does not prompt for creation of Splunk administrator user
2018-10-24 SPL-161771, SPL-159234 Splunk WebUI always defaults to http://localhost:8000/en-US local even if browser is configured to use other language
2018-10-24 SPL-159644, SPL-158875 splunk shipped python in *nix doesn't work with iso2022_jp
2018-10-24 SPL-158942, SPL-157993 S2 / Indexes UI - When maxTotalDataSizeMB != maxGlobalDataSizeMB only maxTotalDataSizeMB shown in UI on S2
2018-10-23 SPL-161123, SPL-154451 Only 100 indexes are listed when creating or modifying a HEC on SH
2018-10-19 SPL-160870, SPL-142546 System message emanating from a search peer prompts to restart the search-head instead of the search peer it originates from
2018-10-18 SPL-161121, SPL-158708 Localization of dashboard content broken for tokenized strings
2018-10-10 SPL-160866, SPL-159061 local values for browser tab header text not being respected
2018-10-08 SPL-159703, SPL-158771 Splunk Enterprise Login page is not localized
Last modified on 13 August, 2022
Timestamp recognition of dates with two-digit years fails beginning January 1, 2020   Deprecated features

This documentation applies to the following versions of Splunk® Enterprise: 7.2.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters