Splunk® Universal Forwarder

Forwarder Manual

This documentation does not apply to the most recent version of Splunk® Universal Forwarder. For documentation on the most recent version, go to the latest release.

Fixed issues

The following issues were fixed in releases of the universal forwarder.

9.0.10

Version 9.0.10 was released on July 1, 2024. This release fixes the following universal forwarder issues.

Universal forwarder issues

Date resolved Issue number Description
2024-03-13 SPL-252444, SPL-245954 UF memory utilization by splunk-winevtlog.exe increases until resources are exausted on Domain Controller
2024-03-12 SPL-245954, SPL-252444, SPL-252445, SPL-252446 UF memory utilization by splunk-winevtlog.exe increases until resources are exausted on Domain Controller


9.0.9

Version 9.0.9 was released on March 27, 2024. This release fixes the following universal forwarder issues. It also delivers relevant updates from the 2024-03-27 Security Advisories list.

Universal forwarder issues

Date resolved Issue number Description
2024-02-23 SPL-251515, SPL-237849 CHECK_METHOD = modtime not working as expected in ver. 9.0.4 upgrading from 8.2.7.

9.0.8

Version 9.0.8 was released on January 22, 2024. This release fixes the following universal forwarder issues.

Universal forwarder issues

Date resolved Issue number Description
2023-11-09 SPL-246707, SPL-245467 Global OPENSSL_CONF Env caused pre-flight check failure during installation


9.0.7

Version 9.0.7 was released on November 16, 2023. This release fixes the following universal forwarder issues.

Universal forwarder issues

Date resolved Issue number Description
2023-10-27 SPL-246144, SPL-233334 Warnings "user splunk does not exist" observed while installing rpm builds


9.0.6

Version 9.0.6 was released on August 30, 2023.

Universal forwarder issues

Date resolved Issue number Description
2023-08-08 SPL-240820, SPL-242100, SPL-242101, SPL-242102, SPL-242103 Windows EventLog splunk-winevtlog.exe modular input crashing during AD object resolution


9.0.5

Version 9.0.5 was released on May 30, 2023. This release delivers the UF-relevant changes that have a date of 2023-06-01 on the Security Advisories list on the Splunk website. This release also fixes the following universal forwarder issues.

Universal forwarder issues

Date resolved Issue number Description
2023-03-15 SPL-236429 Universal forwarder download for PPCLE kernel 3.0+ is unavailable for version 9.0.2, 9.0.3, 9.0.4
2023-03-01 SPL-236166, SPL-232028 Windows Defender logs stop being forwarded but other Winevent logs continue to forward until UF is restarted
2023-02-27 SPL-236097, CSPL-2216, SPL-236361, SPL-240877 UF 9.0.x migration fails when systemd errors especially in Docker Containers


9.0.4

Version 9.0.4 was released on February 14, 2023. This release fixes the following universal forwarder issues.

Universal forwarder issues

Date resolved Issue number Description
2023-01-18 SPL-217024, SPL-252644 Constant Memory growth with Universal Forwarder UDP / TCP inputs and third party forwarding enabled.
2022-12-05 SPL-231514, SPL-228406 UF crash on EventLoop::run assert rv > 0
2022-12-01 SPL-233535, SPL-231086 UF 9.x Unnecessary user creation during silent installation


9.0.3

Version 9.0.3 was released on December 14, 2022. This release fixes the following universal forwarder issues:

Universal forwarder issues

Date resolved Issue number Description
2023-04-14 SPL-232147 Debian package failed to start on armv8 agent `re-pkg-arm64`
2023-03-28 SPL-237740, SPL-226003 When forwarding from an 9.0 instance with useAck enabled, ingestion stops after some time with errors: "Invalid ACK received from indexer="
2022-11-14 SPL-231927, SPL-227653 UF throws erroneous WARN for KVSTORE SSL misconfiguration on startup - server.conf//sslVerifyServerCert or "Starting migrate-kvstore."
2022-11-02 SPL-231793 Crashing in TcpOutEloop thread with assertion_failure="_refCount > 0"
2022-10-12 SPL-227653, SPL-231927 UF throws erroneous WARN for KVSTORE SSL misconfiguration on startup - server.conf//sslVerifyServerCert or "Starting migrate-kvstore."
2022-09-07 SPL-226003, SPL-237740 When forwarding from an 9.0 instance with useAck enabled, ingestion stops after some time with errors: "Invalid ACK received from indexer="


9.0.2

Version 9.0.2 was released on November 2, 2022. This release fixes the following universal forwarder issues:

Universal forwarder issues

Date resolved Issue number Description
2022-09-21 SPL-222917, SPL-230428 Crash in indexer discovery service on search head
2022-09-09 SPL-229853, SPL-229208 PowerShell Modular input stopped working after UF 9.0 upgrade


9.0.1

Version 9.0.1 was released on August 16, 2022. It delivers relevant fixes described in the August 16, 2022 quarterly security patch on the Splunk Product Security page.

9.0.0.1

Version 9.0.0.1 was released on July 20, 2022. This release introduces no changes to universal forwarder functionality. This release is provided only for version parity with Splunk Enterprise 9.0.0.1, which fixes the one issue described in Splunk Enterprise 9.0.0.1 fixed issues.

9.0.0

Version 9.0.0 was released on June 14, 2022. This release fixes no new universal forwarder issues.

Last modified on 28 June, 2024
Known issues   Third-party software

This documentation applies to the following versions of Splunk® Universal Forwarder: 9.0.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters