Fixed issues
Splunk Enterprise 7.2.1 was released on November 9, 2018. This release includes fixes for the following issues.
Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.
Authentication and authorization issues
Date resolved
|
Issue number
|
Description
|
2018-10-31 |
SPL-160868, SPL-147611 |
Socket error message in splunkd after login to SplunkWeb with self-signed cert
|
2018-10-30 |
SPL-159085, SPL-157717 |
Splunk local authentication: User REST call causes splunk to crash, once the user password expiration days becomes less than 'Expiration alert in days'
|
Search issues
Date resolved
|
Issue number
|
Description
|
2018-11-21 |
SPL-161174, SPL-160881 |
eventstats on an event search creates inconsistent resultCount
|
2018-10-31 |
SPL-161629, SPL-145546 |
When assigning indexes to roles, indexes defined on the indexer tier are not displayed
|
2018-10-26 |
SPL-162298, SPL-144752 |
Token values are not extracted all the time with sendemail command
|
2018-10-24 |
SPL-160294, SPL-159400 |
Assertion in PortableIovecCursor::bytesLeftToWrite() during search job export
|
2018-10-24 |
SPL-162183, SPL-159006 |
Memmapping Errors when using geospatial lookups
|
2018-10-24 |
SPL-161874, SPL-156123 |
Realtime search causes memory usage constant grow.
|
2018-10-23 |
SPL-161869, SPL-153621 |
Search shows "No results found" intermittently due to difference in minutes part between timezones of splunk instance and user preference
|
2018-10-23 |
SPL-160876, SPL-158196 |
Users page doesn't show default pagination correctly
|
2018-10-11 |
SPL-159249, SPL-154920 |
Search Removal With Case Insensitive Capability
|
2018-10-11 |
SPL-153486, SPL-149404 |
Search.log error message asks user to consider increasing match limit for a Regex without a reason
|
2018-10-08 |
SPL-160106, SPL-158486 |
tstats return less/no events if there is a cycle lookup field with NOT filter
|
2018-10-05 |
SPL-160523, SPL-159318 |
search process crash in AST due to subsearch in a saved search
|
Saved search, alerting, scheduling, and job management issues
Date resolved
|
Issue number
|
Description
|
2018-10-25 |
SPL-161717, SPL-144102 |
Custom Alert Action Parameters fails when Search has | (pipe) in its name
|
2018-10-23 |
SPL-159604, SPL-159053 |
Trigger Time format in alert emails without AM/PM designators and no Timezone information
|
Charting, reporting, and visualization issues
Date resolved
|
Issue number
|
Description
|
2018-10-24 |
SPL-159564, SPL-157992 |
Geom used in dashboard causing crash
|
2018-10-23 |
SPL-161706, SPL-158788 |
Scheduling PDF from Exporting Dashboard UI Issue
|
2018-10-10 |
SPL-160333, SPL-158897 |
Selected time picker on dashboard is not translated
|
Indexer and indexer clustering issues
Date resolved
|
Issue number
|
Description
|
2018-10-26 |
SPL-162292, SPL-155681 |
Splunk on a search head, hits OOM killer by storing a vast, untold, quantity of messages
|
2018-10-12 |
SPL-159406, SPL-157189 |
splunk is not reaping prior search-buckets manifests after new generation
|
Universal forwarder issues
Date resolved
|
Issue number
|
Description
|
2018-10-31 |
SPL-160531, SPL-156698 |
splunk-netmon consumes additional 2GB memory every day on Universal Forwarder
|
Monitoring Console issues
Date resolved
|
Issue number
|
Description
|
2018-10-12 |
SPL-160867, SPL-158166 |
Monitoring Console does not allow user to select 'All Queues' in Queues to Measure dropdown
|
Splunk Web and interface issues
Date resolved
|
Issue number
|
Description
|
2018-11-21 |
SPL-161174, SPL-160881 |
eventstats on an event search creates inconsistent resultCount
|
2018-10-31 |
SPL-161629, SPL-145546 |
When assigning indexes to roles, indexes defined on the indexer tier are not displayed
|
2018-10-26 |
SPL-162298, SPL-144752 |
Token values are not extracted all the time with sendemail command
|
2018-10-24 |
SPL-160294, SPL-159400 |
Assertion in PortableIovecCursor::bytesLeftToWrite() during search job export
|
2018-10-24 |
SPL-162183, SPL-159006 |
Memmapping Errors when using geospatial lookups
|
2018-10-24 |
SPL-161874, SPL-156123 |
Realtime search causes memory usage constant grow.
|
2018-10-23 |
SPL-161869, SPL-153621 |
Search shows "No results found" intermittently due to difference in minutes part between timezones of splunk instance and user preference
|
2018-10-23 |
SPL-160876, SPL-158196 |
Users page doesn't show default pagination correctly
|
2018-10-11 |
SPL-159249, SPL-154920 |
Search Removal With Case Insensitive Capability
|
2018-10-11 |
SPL-153486, SPL-149404 |
Search.log error message asks user to consider increasing match limit for a Regex without a reason
|
2018-10-08 |
SPL-160106, SPL-158486 |
tstats return less/no events if there is a cycle lookup field with NOT filter
|
2018-10-05 |
SPL-160523, SPL-159318 |
search process crash in AST due to subsearch in a saved search
|
Windows-specific issues
Date resolved
|
Issue number
|
Description
|
2018-10-31 |
SPL-162354, SPL-158197 |
splunk-regmon - failed to start the driver due to permission issue
|
2018-10-31 |
SPL-160531, SPL-156698 |
splunk-netmon consumes additional 2GB memory every day on Universal Forwarder
|
2018-10-31 |
SPL-162148, SPL-145841 |
MonitorNoHandle do not respect _TCP_ROUTING in inputs.conf
|
Admin and CLI issues
Date resolved
|
Issue number
|
Description
|
2018-10-15 |
SPL-159931, SPL-158762 |
Sorting on "type" column in lookup definitions does not work
|
2018-09-29 |
SPL-160807, SPL-161626 |
In server.conf.spec, the unit type for the 'eviction_padding' setting has been documented incorrectly, stating that the units are in bytes when they are actually in megabytes. Only the specification file has the error; the software operates as designed.
|
Uncategorized issues
Date resolved
|
Issue number
|
Description
|
2018-11-01 |
SPL-162107, SPL-159966 |
ADP: "Failed to localize" after startup because bucket is not registered with the CacheManager until repair finishes
|
2018-10-28 |
SPL-162108, SPL-161462 |
Splunk is crashing with CacheManager FATAL error
|
2018-10-28 |
SPL-160865, SPL-159547 |
Automatic Timestamp recognition fails for formats that use single-digit zero for hours
|
2018-10-26 |
SPL-160400, SPL-158148 |
SmartStore Migration - Remove-excess-buckets triggering summary reaping from S3 inadvertently - Customer seeing slow searches when using tstats / dma
|
2018-10-25 |
SPL-159848, SPL-155513 |
Mstats not honoring time picker range for windowed real time search
|
2018-10-25 |
SPL-161224, SPL-153371 |
S2 - Search of a frozen bucket returns with a "failed to localize" error.
|
2018-10-25 |
SPL-161940, SPL-161090 |
The Windows version of Splunk Enterprise does not prompt for creation of Splunk administrator user
|
2018-10-24 |
SPL-161771, SPL-159234 |
Splunk WebUI always defaults to http://localhost:8000/en-US local even if browser is configured to use other language
|
2018-10-24 |
SPL-159644, SPL-158875 |
splunk shipped python in *nix doesn't work with iso2022_jp
|
2018-10-24 |
SPL-158942, SPL-157993 |
S2 / Indexes UI - When maxTotalDataSizeMB != maxGlobalDataSizeMB only maxTotalDataSizeMB shown in UI on S2
|
2018-10-23 |
SPL-161123, SPL-154451 |
Only 100 indexes are listed when creating or modifying a HEC on SH
|
2018-10-19 |
SPL-160870, SPL-142546 |
System message emanating from a search peer prompts to restart the search-head instead of the search peer it originates from
|
2018-10-18 |
SPL-161121, SPL-158708 |
Localization of dashboard content broken for tokenized strings
|
2018-10-10 |
SPL-160866, SPL-159061 |
local values for browser tab header text not being respected
|
2018-10-08 |
SPL-159703, SPL-158771 |
Splunk Enterprise Login page is not localized
|
Feedback submitted, thanks!