This documentation does not apply to the most recent version of Splunk® App for Infrastructure (Legacy).
For documentation on the most recent version, go to the latest release.
Known issues for Splunk App for Infrastructure
The Splunk App for Infrastructure version 1.4.0 has the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2021-08-16 | SII-7102 | AWS TA inputs with spaces in the name can cause the AWS input restarter to fail |
| 2020-04-02 | SII-6903 | SAI Kubernetes data collection doesn't work with Kubernetes API 1.16 or higher |
| 2019-10-14 | SII-5853 | Manually adding an entity_type for a different type of entity can break dashboards. |
| 2019-10-14 | SII-5838 | Windows events are not present when expanding an event panel. |
| 2019-08-29 | SII-5411 | The em_metrics sourcetype is not visible in Splunk Cloud. |
| 2019-08-15 | SII-5268 | write_splunk does not support Collectd 5.9. |
| 2019-08-07 | SII-5155 | The alert creation modal breaks when you delete the warning threshold value. |
| 2019-07-29 | SII-5041 | The search for Docker entities may fail because the search is hard-coded to check a specific index. Workaround: Send Docker metrics to the em_metrics index. |
| 2019-07-26 | SII-5030 | The easy install script may fail for Ubuntu 18.04.1 LTS if the universe repository is not enabled. Workaround: Run these commands to add the universe repository before you run the easy install script: sudo apt-add-repository universe && sudo apt-get update |
| 2019-07-26 | SII-5022 | Splunk Connect for Kubernetes stops collecting the kube:objects:events:watch sourcetype. Workaround: Manually edit the objects deployment that SCK spawns. 1. Update the image to kube-objects:1.1.2. {code:java} kubectl -n splunk edit deploy sck-1.2.0-splunk-kubernetes-objects{code} {code:java} image: splunk/kube-objects:1.1.2 imagePullPolicy: IfNotPresent name: splunk-fluentd-k8s-objects{code}
2. Save and exit. This will cause the pod to roll over and deploy the new image. |
| 2019-07-09 | SII-4876 | On CentOS systems, the easy install script does not update the universal forwarder. Workaround: The script errors out at the last command in *bash install_uf.sh*. The command errors out because it's setting up something that's already been set up. Running the remainder of the script continues the installation:
You can add *|| true* to the script to avoid the error:
|
| 2019-07-07 | SII-4845 | Container logs are not being associated with pods. |
| 2019-07-01 | SII-4834 | Power users can't write to the infra_alerts index. Workaround: Manually enable power users to write to the infra_alerts index. |
| 2019-06-28 | SII-4832, SII-4831 | libcurl4 is incompatible with the write_splunk collectd plugin. This affects Ubuntu 18.04. Workaround: Replace libcurl4 with libcurl3. |
| 2019-06-26 | SII-4776 | The uninstall script might not delete the SplunkForwarder.service file. Workaround: Run this command: rm -rf /etc/systemd/system/multi-user.target.wants/SplunkForwarder.service |
| 2019-06-26 | SII-4788 | Kubernetes events objects stop being monitored after one hour. |
| 2019-06-04 | SII-4570 | The splunkd messages service fails to send error messages when the splunkd port is not 8089. |
| 2019-05-23 | SII-4474 | When you create a group alert, there may be an object ID error. |
| 2019-05-15 | SII-4390 | The sc_admin role cannot create a HEC token on the em_metrics index. |
| 2018-09-21 | SII-2924 | The Entity Overview does not properly display metrics values. |
Last modified on 18 February, 2022
| Fixed issues for Splunk App for Infrastructure | Third-party Software for Splunk App for Infrastructure |
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.4.0
Download manual
Feedback submitted, thanks!