Splunk® Enterprise Security

Release Notes

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Known issues for Splunk Enterprise Security

Splunk Enterprise Security 7.1.1 was released on April 5, 2023. For more information on release dates for the major versions of Splunk Enterprise Security, see Software Support Policy page.

This release includes the following known issues.


Date filed Issue number Description
2023-11-30 SOLNESS-40082 Timeline options for the Investigations do not display correctly for Splunk Enterprise Security version 7.0.2 and higher.
2023-11-28 SOLNESS-39996 Unable to export custom Analytic Story from Content Management
2023-11-02 SOLNESS-39469 Cannot customize fields in Risk Analysis DataModel
2023-09-11 SOLNESS-38480 ES dashboard panels hardcode URL so root endpoint doesn't get applied

Workaround:
Amend the XML file behind the dashboard e.g. /opt/splunk/etc/apps/DA-ESS-IdentityManagement/default/data/ui/views/user_activity_data.xml

There is a url field in the section for each panel.

2023-08-30 SOLNESS-37237 Cloned dashboards in Splunk Enterprise Security version 7.1.1 returns a 404 error.
2023-08-16 SOLNESS-36952, SOLNESS-47316 Risk Analysis 'Source' drop-down list results truncated

Workaround:
Searches appear in alphabetical order. To move important searches to the top of the list, rename them to appear earlier in the alphabet. For example, add "AAA -" to the beginning of the search name.
2023-07-27 SOLNESS-36746, SOLNESS-36748 Notable title with non-existent tokens are normalized with "empty strings" in Incident Review page.
2023-06-12 SOLNESS-36169 The Incident Review page loads entire asset and identity tables into memory.

Workaround:
Disable Assets and Identities and clear out the A and I "asset_lookup_by_str" and "identity_lookup_expanded" lookups
2023-04-14 SOLNESS-35485 Duplicate risk notables might be created for the same risk object.
2023-04-03 SOLNESS-35335 In Content Management page selecting multiple saved searches and selecting "Enable" or "Disable" causes the entire page to freeze.
2022-09-14 SOLNESS-32647 Saved searches created in the Content Management page with private settings are not displayed.
Last modified on 12 October, 2024
Fixed issues for Splunk Enterprise Security   How to find answers and get help with Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters