Splunk® Universal Forwarder

Forwarder Manual

This documentation does not apply to the most recent version of Splunk® Universal Forwarder. For documentation on the most recent version, go to the latest release.

Fixed issues

The following issues were fixed in releases of the universal forwarder.

8.2.12

Version 8.2.12 was released on August 30, 2023.

Universal forwarder issues

Date resolved Issue number Description
2023-08-08 SPL-240820, SPL-242100, SPL-242101, SPL-242102, SPL-242103 Windows EventLog splunk-winevtlog.exe modular input crashing during AD object resolution


8.2.11

Version 8.2.11 was released on June 1, 2023. This release delivers the UF-relevant changes that have a date of 2023-06-01 on the Security Advisories list on the Splunk website.

8.2.10

Version 8.2.10 was released on February 14, 2023. This release fixes the following universal forwarder issues.

Universal forwarder issues

Date resolved Issue number Description
2023-01-18 SPL-217024, SPL-252644 Constant Memory growth with Universal Forwarder UDP / TCP inputs and third party forwarding enabled.
2023-01-06 SPL-231443, SPL-226795 Splunk UF Windows Event Log Stopped Being Ingested.
2022-12-05 SPL-231514, SPL-228406 UF crash on EventLoop::run assert rv > 0


8.2.9

Version 8.2.9 was released on November 2, 2022. This release fixes no new universal forwarder issues.


8.2.8

Version 8.2.8 was released on September 7, 2022. This release fixes the following universal forwarder issue.

Universal forwarder issues

Date resolved Issue number Description
2022-05-19 SPL-223501, SPL-224109, SPL-224531, SPL-224532 Splunk UF stops forwarding Windows Security events when Windows event log service is restarted


8.2.7.1

Version 8.2.7.1 was released on August 16, 2022. It delivers relevant fixes described in the August 16, 2022 quarterly security patch on the Splunk Product Security page.

8.2.7

Version 8.2.7 was released on June 30, 2022. This release fixes the following universal forwarder issue.

Universal forwarder issues

Date resolved Issue number Description
2022-11-10 SPL-212687, SPL-220769, SPL-221322 'MS Defender' Windows Event Logs stop sending several times a day. System logs still send


8.2.6

Version 8.2.6 was released on April 5, 2022. This release fixes no new universal forwarder issues.


8.2.5

Version 8.2.5 was released on February 16, 2022. This release fixes the following universal forwarder issue.

Universal forwarder issues

Date resolved Issue number Description
2022-01-11 SPL-215146, SPL-213415 Splunk forwarder consuming excessive memory when output group is unavailable


8.2.4

Version 8.2.4 was released on December 21, 2021. This release fixes no new universal forwarder issues.


8.2.3

Version 8.2.3 was released on October 25, 2021. This release fixes the following universal forwarder issues.


8.2.2

Version 8.2.2 was released on August 18, 2021. This release fixes the following universal forwarder issues.

Universal forwarder issues

Date resolved Issue number Description
2021-07-29 SPL-207848, SPL-207847, SPL-207849, SPL-207851, SPL-207901 UF stops ingesting sourcetype upon message - Bug during applyPendingMetadata
2021-07-19 SPL-208825, SPL-203947 After upgrade to 8.2.x all non-internal events + all internal audit logs are sent to syslog server. ES UI is very slow .
2021-06-29 SPL-208018, SPL-204906 UF has problems recognizing the DST changes.


8.2.1

Version 8.2.1 was released on June 22, 2021. This release fixes the following universal forwarder issues.


8.2.0

Version 8.2.0 was released on May 12, 2021. This release fixes the following universal forwarder issues.

Last modified on 12 August, 2024
Known issues   Third-party software

This documentation applies to the following versions of Splunk® Universal Forwarder: 8.2.12


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters