This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Known issues for Splunk Enterprise Security
Splunk Enterprise Security 7.1.1 was released on April 5, 2023. For more information on release dates for the major versions of Splunk Enterprise Security, see Software Support Policy page.
This release includes the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2023-11-30 | SOLNESS-40082 | Timeline options for the Investigations do not display correctly for Splunk Enterprise Security version 7.0.2 and higher. |
| 2023-11-28 | SOLNESS-39996 | Unable to export custom Analytic Story from Content Management |
| 2023-11-02 | SOLNESS-39469 | Cannot customize fields in Risk Analysis DataModel |
| 2023-09-11 | SOLNESS-38480 | ES dashboard panels hardcode URL so root endpoint doesn't get applied Workaround: Amend the XML file behind the dashboard e.g. /opt/splunk/etc/apps/DA-ESS-IdentityManagement/default/data/ui/views/user_activity_data.xml There is a url field in the section for each panel. |
| 2023-08-30 | SOLNESS-37237 | Cloned dashboards in Splunk Enterprise Security version 7.1.1 returns a 404 error. |
| 2023-08-16 | SOLNESS-36952, SOLNESS-47316 | Risk Analysis 'Source' drop-down list results truncated Workaround: Searches appear in alphabetical order. To move important searches to the top of the list, rename them to appear earlier in the alphabet. For example, add "AAA -" to the beginning of the search name. |
| 2023-07-27 | SOLNESS-36746, SOLNESS-36748 | Notable title with non-existent tokens are normalized with "empty strings" in Incident Review page. |
| 2023-06-12 | SOLNESS-36169 | The Incident Review page loads entire asset and identity tables into memory. Workaround: Disable Assets and Identities and clear out the A and I "asset_lookup_by_str" and "identity_lookup_expanded" lookups |
| 2023-04-14 | SOLNESS-35485 | Duplicate risk notables might be created for the same risk object. |
| 2023-04-03 | SOLNESS-35335 | In Content Management page selecting multiple saved searches and selecting "Enable" or "Disable" causes the entire page to freeze. |
| 2022-09-14 | SOLNESS-32647 | Saved searches created in the Content Management page with private settings are not displayed. |
Last modified on 12 October, 2024
| Fixed issues for Splunk Enterprise Security | How to find answers and get help with Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.1
Download manual
Feedback submitted, thanks!