This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Fixed Issues for Splunk Enterprise Security
The following issues have been resolved for this version of Splunk Enterprise Security.
| Date resolved | Issue number | Description |
|---|---|---|
| 2018-01-24 | SOLNESS-14285 | Assets identity correlation setup: automatic lookup for asset str matching misses "dvc_ip" and "src_ip" as output fields. |
| 2018-01-23 | SOLNESS-12314 | Report "Memory Utilization By System" is calculating mem, mem_used and mem_free to GB assuming that it is bytes |
| 2018-01-16 | SOLNESS-14140, SOLNESS-14154 | Custom swimlane searches are not showing output on the investigator dashboards. |
| 2018-01-10 | SOLNESS-12543 | When Printing Investigation, events include start and end times, but end times are epoch=0 |
| 2018-01-10 | SOLNESS-14034 | Blank identitiy_lookup_expanded table stops ES identity data being updated |
| 2018-01-09 | SOLNESS-13950 | ES Risk Adaptive Response does not display custom object type |
| 2017-11-08 | SOLNESS-12461 | ES installer performs operations on non-existent apps if app is present in state file |
| 2017-10-30 | SOLNESS-12457 | Failed TAXII threat feed poll collection doesn't show in Threat Intel Audit |
| 2017-10-05 | SOLNESS-12420 | corrupt csv header in identities_expanded.csv |
| 2017-09-18 | SOLNESS-12384 | mvtruncate looks at "src" regardless of what's passed to $input$ |
| 2017-09-15 | SOLNESS-12060 | ES 4.5.2 Glass Tables do not load behind apache reverse proxy |
| 2017-09-11 | SOLNESS-12365 | Multi-value field expansion in the asset lookup (IP, DNS, or MAC fields separated by a pipe) does not work. |
| 2017-09-05 | SOLNESS-12253, CIM-561 | Additional Field Extractions are not working for a specific Sourcetype |
| 2017-08-31 | SOLNESS-12261 | ES custom search commands using chunked protocol do not work correctly on windows (failed search or truncated results) |
| 2017-08-24 | SOLNESS-12282 | Asset/Identity Center --> Identity Information Panel is filtering out results improperly |
| 2017-08-10 | SOLNESS-12271 | Threat Intel CRUD API: GET operation should not require _key value. |
| 2017-08-08 | SOLNESS-12151 | /services/shcluster calls fail under dev license. |
| 2017-08-01 | SOLNESS-12142, SOLNESS-12149 | Error saving correlation search in correlation editor due to invalid alert_comparator |
| 2017-07-13 | SOLNESS-12194 | Adaptive Response: Email action uses wrong message parameter (should use action.email.message.alert) |
| 2017-06-30 | SOLNESS-12158, SOLNESS-12157 | confcheck_es_app_version generating errors prematurely |
| 2017-06-05 | SOLNESS-12086, SOLNESS-12107 | error when trying to remove windows duration field |
| 2017-05-22 | SOLNESS-12049 | Double quote in correlation search name causes "unknown" notable description in Incident Review dashboard |
| 2017-05-19 | SOLNESS-12045, SOLNESS-12077 | Upgrade from 4.5.2 to 4.7, incorrect threatlist download failure notifications |
| 2017-05-17 | SOLNESS-12021, SOLNESS-12042 | Asset and Identity merge issues due to whitespace in source files |
| 2017-05-15 | SOLNESS-12024, SOLNESS-12055 | confcheck_es_app_version exited with code 3 |
| 2017-05-15 | SOLNESS-12023, SOLNESS-12054 | Notable Status Lister page only returns 30 statuses |
| 2017-05-15 | SOLNESS-11988 | Nav Editor: Cancel button doesn't work |
Last modified on 24 September, 2018
| Release Notes for Splunk Enterprise Security | Known Issues for Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0
Download manual
Feedback submitted, thanks!