The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. To resolve redirect errors, you must use the version selector on the ES documentation homepage to navigate between the versions.
Fixed issues
| Date resolved | Issue number | Description |
|---|---|---|
| 2025-04-16 | SOLNESS-49939, SOLNESS-50415, SOLNESS-50442 | Risk values assigned to fields in a detection overwrites risk values assigned using SPL in the same detection. |
| 2025-04-02 | SOLNESS-49936 | Saving event-based detections causes errors when a new detection is created or edited using a custom domain. |
| 2025-03-24 | SOLNESS-48316, SOLNESS-48522 | Max_size error occurs for threat input source : Feed discarded despite adjusted settings. |
| 2025-03-04 | SOLNESS-49775 | Update got to the latest version to remediate CVE-2022-33987. |
| 2025-02-26 | SOLNESS-49668 | Skip migration script for private searches. |
| 2025-02-20 | SOLNESS-49522 | Findings can be created even if the entity entered in the UI doesn't match the fields in the search. |
| 2025-02-14 | SOLNESS-47198 | Severity incorrectly mapped as "Unknown" instead of "High" in the Analyst Queue for a detection that is upgraded when only the finding adaptive response action is configured. |
| 2025-01-28 | SOLNESS-44263, SOLNESS-44278 | No validation when you select Configurations, then select General Settings, and select Analyst capacity. |
| 2025-01-22 | SOLNESS-47689 | Leading space added to a detection field with multiline (line breaks) text input when versioning is turned on for the first time. |
| 2025-01-10 | SOLNESS-48753 | Executive Summary dashboard not displaying values for Mean time to triage and Mean time to resolution. |
| 2025-01-06 | SOLNESS-48006, SOLNESS-47293 | D for 8.1.0 Fix - Correlation searches "Threat Activity - Systems Impacted By Multiple Threats" and "Threat Activity - Threats Impacting Multiple Systems" were impacted since modifications to threat match searches updated a field. |
| 2024-12-19 | SOLNESS-47413 | Sorting on the Status column in Content Management doesn't work. |
| 2024-12-11 | SOLNESS-48403 | Mission Control Build Version is not fetched dynamically for upgrade testing on different cloud environments. |
| 2024-11-26 | SOLNESS-47625 | Detection Versioning can't save a duplicate version. |
| 2024-11-25 | SOLNESS-47420 | Detections Editor allows you to leave the page while there are unsaved changes. |
| 2024-11-22 | SOLNESS-47028 | Ingesting intelligence file does not extract expected lines using the regex rule. |
| 2024-11-15 | SOLNESS-47124, SOLNESS-47415, BLUERIDGE-12923 | Error message appears when severity is selected as "Unknown" from the available dropdown options. |
| Date resolved | Issue number | Description |
|---|---|---|
| 2025-05-14 | BLUERIDGE-16077, BLUERIDGE-15433, BLUERIDGE-16189 | Reflect the MC note created_time/updated_time on findings' update_time |
| 2025-04-30 | BLUERIDGE-16006, BLUERIDGE-15855 | Wrong id sent while bulk update Assign to me for a finding |
| 2025-04-29 | BLUERIDGE-13527 | Some workflow actions on the side-panel intermittently don't work after you have opened and investigation and go back to AQ without selecting another side-panel |
| 2025-04-29 | BLUERIDGE-15433, BLUERIDGE-16077 | Last updated field shows N/A after reloading |
| 2025-04-28 | BLUERIDGE-15899 | Large number of tokens generated during mc soar allowlist validation |
| 2025-04-25 | BLUERIDGE-15218 | IR Table field "label1" got changed to "Destination" after Upgrade |
| 2025-04-23 | BLUERIDGE-12231 | The usernames in nested findings do not use the account real-names (unlike the search results) |
| 2025-04-14 | BLUERIDGE-15833, MCHELP-548, BLUERIDGE-17038 | `All Time` range when drilldown search clicked too fast |
| 2025-04-14 | BLUERIDGE-15855, BLUERIDGE-16006 | AQ now showing errors and performs optimistic update event when bulk update fails |
| 2025-04-10 | BLUERIDGE-15832 | Pagination Does Not Reset When Applying New Filters on AQ Table |
| 2025-03-19 | BLUERIDGE-13359, BLUERIDGE-11468 | Legacy URL parameters are not handled correctly in Analyst Queue (those that start with with "form.") |
| 2025-03-18 | BLUERIDGE-15505 | SidePanel breaks for findings with variable called `comment` |
| 2025-03-17 | BLUERIDGE-15531 | MC Title Column Filter only searches Findings and not Investigations |
| 2025-03-11 | BLUERIDGE-15515, MCHELP-521 | After upgrade of Enterprise Security (ES) to ES 8.0.2, customer's Incident Review (Analyst Queue) filters are broken |
| 2025-03-03 | BLUERIDGE-13526 | Embedded workbench field action shows on the investigation details page without being requested |
| 2025-02-27 | BLUERIDGE-12221 | Selecting a time-range on Analyst Queue by clicking the timeline can cause recent changes to findings to appear to be reverted |
| 2025-02-07 | BLUERIDGE-14236 | Front end checks as part of PO automation. |
| Date resolved | Issue number | Description |
|---|---|---|
| 2025-04-17 | SINT-7432 | Cloning MITRE is blocked in the UI for several back releases. |
See also
For fixed issues in Splunk SOAR (Cloud), see Fixed issues for Splunk SOAR (Cloud).
Last modified on 11 June, 2025
| Release notes for Splunk Enterprise Security | Known issues |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.1.0
Download manual
Feedback submitted, thanks!