Splunk® Enterprise Security

Release Notes

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Fixed Issues

The following issues have been resolved for this release of the Splunk App for Enterprise Security.

Defect number Description
SOLNESS-5194 Changing the title of an existing entity investigator or swimlane search will break all swimlane searches used on the same dashboard. Changing the title of the search back to the default will fix the display issue.
SOLNESS-5429 When using the Threat List Activity dashboard, selecting an entry on the Recent Threat List Activity panel generates an error.
SOLNESS-5245 On Splunk Enterprise version 6.1 and later, a Windows server can experience a crash when using INDEXED_EXTRACTIONS on introspection logs.
SOLNESS-5082 The performance of CIDR-based lookups degrades when evaluating hundreds of subnets.
SOLNESS-5421 During the installation of the Enterprise Security app on Microsoft Windows, the Splunk_SA_CIM is incorrectly reported as SA-CommonInformationModel.
SOLNESS-5268 The Browse more apps page can display a UI Error when loading an app: "found an invalid value for layoutPanel - 'liteHeader'.
SOLNESS-5490 During an upgrade of the Enterprise Security app, the installer will fail to create a backup of the existing Enterprise Security installation if the backup file size exceeds 2GB.
SOLNESS-5925 A link to Add a new indicator appears when adding a Key Security Indicator to an unpopulated dashboard. If the link is used to add indicators, upon saving the changes, the indicators added will fail to appear.
SOLNESS-5921 Using the lookup editor under Configure > Data Enrichment > Lists and Lookups will visually truncate the number of rows in a lookup to 60 or less, rendering any unseen rows unable to be edited. The issue does not limit the functionality of the lookup, or truncate the contents.
SOLNESS-5873 When installing the Enterprise Security App on Microsoft Windows, the inputs.conf settings for enforcing the Email data model acceleration is missing.
SOLNESS-5807 The Asset Investigator swimlanes for protocol data do not display common events in the event view when a object is selected.
SOLNESS-5969 When adding a custom swim lane to the Enterprise Security app where the base search uses a constraint_method = string in place of an asset lookup, the swim lane fails to populate. Examining the search log shows the error: Invalid constraint field requested.
SOLNESS-5902 During bundle replication, a large .context file may cause search timeouts.
Last modified on 28 January, 2015
Release Notes   Known Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 3.2.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters