Splunk® Enterprise Security

Release Notes

Splunk Enterprise Security version 4.2.x is available only to Splunk Cloud subscribers.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Fixed issues for Splunk Enterprise Security

The following issues have been resolved for this version of Splunk Enterprise Security.

Issue number Description
SOLNESS-9394 Notable events do not appear on Incident Review when a notable event with unexpected fields exists
SOLNESS-9390 After adding a notable event to an investigation with the checkbox on Incident Review, errors appear in the console
SOLNESS-9333 Custom Notable Event Status cannot be selected from a notable event
SOLNESS-9332 Use the correct field for email subjects for emails created by a correlation search
SOLNESS-9195 default_partitions limit causes "no results found" for "| stats count"
SOLNESS-9159 On a search head running Splunk Enterprise 6.3.x: after the 4.1 upgrade is complete, using the Content Management page in ES to select objects from the "SplunkEnterpriseSecuritySuite" app will be redirected to the Enterprise Security post-install configuration page.
SOLNESS-9105 Unable to create an email alert on the correlation search page due to email address error
SOLNESS-9100 Timeline: List view doesn't show view link for notable events
SOLNESS-9090 Add powershell to binary suppressions for ES on Microsoft Windows
SOLNESS-9069 Content Management: Enabling/Disabling correlation searches doesn't update the values in the UI
SOLNESS-9056 Audit - Events Per Day - Lookup Gen should have _time constraints
SOLNESS-9029 Investigation Timeline doesn't tell users that adding one or more investigators failed (due to permissions)
SOLNESS-8910 Sort the owner field when assigning notable events by UID rather than owner_realname
SOLNESS-8895 The asset lookup fields configured to INDEXED_VALUE = false such as host_bunit, and host_category will slow down searching.
SOLNESS-8782 Timeline: After removing an attachment from a note, the list view for the timeline still shows an attachment icon.
SOLNESS-8468 Some dashboards return “no search provided” when using the Export to PDF button.
SOLNESS-8263 Risk Analysis: "Risk Object Type" dropdown doesn't properly populate the other panels
SOLNESS-6330
 Order of fields for maxmind_geoip_asn_ipv6 is wrong.
Last modified on 12 October, 2016
Release Notes for Splunk Enterprise Security   Known Issues for Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 4.2.0 Cloud only

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters