Splunk® Enterprise Security

Release Notes

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Fixed issues for Splunk Enterprise Security

Splunk Enterprise Security 7.0.0 was released on December 16, 2021. For more information on release dates for the major versions of Splunk Enterprise Security, see Software Support Policy page.

This release includes fixes for the following issues:


Date resolved Issue number Description
2022-09-07 SOLNESS-28048 Incident Review: Workflow actions broken after upgrade for action type "search"
2021-11-30 SOLNESS-28904 Incident Review: When the Event Table reloads while editing a notable, you can potentially edit different or all matching notables
2021-10-28 SOLNESS-28622 Field value substitution does not work in workflow actions and does not extract or replace variables as expected. You might see the variable for "$source$" instead of the field value when you use a custom workflow action.
2021-10-08 SOLNESS-28565 Unable to add Additional Collaborator to Investigation with HTTP 400: "Investigation must use existings users as collaborators"
2021-10-04 SOLNESS-28349 Incident Review is empty with javascript error TypeError: e.replace is not a function when displaying notables with a multivalue field.
2021-10-01 SOLNESS-28194 Incident Review: When using the "Date & Time Range" option for the timepicker, the selected time will change when pressing Apply if the user timezone doesn't match the server timezone
2021-09-17 SOLNESS-28180 Unable to load a newly created adhoc managed lookup from Content Management.
2021-09-10 SOLNESS-28019 "src" or "dest" fields of Threat Activity events showing as "unknown" even though "threat_match_fields" is "src" or "dest"
2021-09-01 SOLNESS-28002 . ES Traffic centre dashboard is still using the deprecated saved search.
2021-08-31 SOLNESS-27991 Multi-valued urgency value causes the Incident Review page to crash
2021-08-30 SOLNESS-27985 Incident Review sorting reverts to chronological ordering when switching between pages (as opposed to default, reverse-chronological order)
2021-07-15 SOLNESS-26712 Incident review page loads slowly after an upgrade to Splunk Enterprise Security version 6.4 or higher.
Last modified on 07 September, 2022
Release notes for Splunk Enterprise Security   Known issues for Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters