Related Answers
This documentation does not apply to the most recent version of Splunk® Phantom (Legacy).
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Known issues in this release of Splunk Phantom
The following are issues and workarounds for this version of Splunk Phantom.
Splunk Phantom 4.9.39220
There are currently no known issues for this release of Splunk Phantom.
Splunk Phantom 4.9.37880
| Date filed | Issue number | Description |
|---|---|---|
| 2021-03-25 | PPS-25634, PSAAS-2292, PORT-484 | "Error" in web interface and "ERROR: App install failed" in wsgi.log when updating Apps on a release of Splunk Phantom with a lower minor version number than the final release for that version. Workaround: If you receive this error, take the following steps: 1. Upgrade to the latest Splunk Phantom platform release. Use the
2. Once the Splunk Phantom platform upgrade is complete, upgrade your installed Apps upgraded using the Main Menu > Apps, then clicking the APP UPDATES button. |
| 2021-01-18 | PPS-25333 | Search index 'phantom_app_run' is indexing duplicate records. |
| 2021-01-12 | PPS-25300 | Large number of prompt notifications could reach database connection limit Workaround: unknown |
| 2020-12-11 | PPS-25216 | When using the "Related Event" item from the artifact info screen in Investigation, produces error 'indicator_value 404 Not found' then displays a never-ending 'loading history' message |
| 2020-09-09 | PPS-24480 | Scheduled reports do not run |
| 2020-03-27 | PPS-22080 | Using special characters in the postgres replicator role password causes warm standby setup to fail. |
Splunk Phantom 4.9.35731
| Date filed | Issue number | Description |
|---|---|---|
| 2021-03-25 | PPS-25634, PPS-25632, PORT-484 | "Error" in web interface and "ERROR: App install failed" in wsgi.log when updating Apps on a release of Splunk Phantom with a lower minor version number than the final release for that version. Workaround: If you receive this error, take the following steps: 1. Upgrade to the latest Splunk Phantom platform release. Use the
2. Once the Splunk Phantom platform upgrade is complete, upgrade your installed Apps upgraded using the Main Menu > Apps, then clicking the APP UPDATES button. |
| 2021-01-12 | PPS-25300 | Large number of prompt notifications could reach database connection limit Workaround: unknown |
| 2020-11-26 | PPS-25108 | Editing/saving an artifact with special characters in a cef field name in the UI does not match the REST API. Workaround: it is possible to update the artifacts via rest, but that process doesn't seem like it would be practical for most customers. |
| 2020-11-17 | PPS-25028 | deleting containers causes embedded splunkd to consume excessive cpu and get backlogged, and add_to_searchindex to consume excessive memory |
| 2020-11-11 | PPS-24981 | Field create_time in Phantom is used as _time during Splunk indexing, when update_time is more appropriate |
| 2020-10-01 | PPS-24683 | openID fails to allow login after 4.9 upgrade due to UnicodeDecodeError |
| 2020-10-01 | PPS-24681 | Playbooks that have custom functions that have been deleted may fail to load the editor |
| 2020-09-18 | PPS-24574, PPS-24577 | After upgrade to ver 4.9, editing a playbook created in ver 4.8 with ampersands in the playbook name converts the ampersand to html entity "&" in phantom.playbook() call |
| 2020-09-17 | PPS-24534 | Script create_output.py does not produce new app json |
| 2020-08-27 | PPS-24358 | Event view rendering fails if it is created with a custom field set to 'None' |
| 2020-08-14 | PPS-24242 | Add 'txt' to custom list's _output_format options. |
| 2020-07-31 | PPS-24119 | SAML: UI and wsgi.log indicate "Missing entity_id specification" when attempting SAML Okta login after upgrading from ver 4.8 to ver 4.9 |
| 2020-03-27 | PPS-22080 | Using special characters in the postgres replicator role password causes warm standby setup to fail. |
| 2020-02-28 | PPS-21718 | When a user was required to authenticate using SAML2 the user was always taken to the dashboard instead of the intended URI. |
Splunk Phantom 4.9.33153
| Date filed | Issue number | Description |
|---|---|---|
| 2021-03-25 | PPS-25634, PSAAS-2292, PORT-484 | "Error" in web interface and "ERROR: App install failed" in wsgi.log when updating Apps on a release of Splunk Phantom with a lower minor version number than the final release for that version. Workaround: If you receive this error, take the following steps: 1. Upgrade to the latest Splunk Phantom platform release. Use the
2. Once the Splunk Phantom platform upgrade is complete, upgrade your installed Apps upgraded using the Main Menu > Apps, then clicking the APP UPDATES button. |
| 2021-01-18 | PPS-25333 | Search index 'phantom_app_run' is indexing duplicate records. |
| 2021-01-12 | PPS-25300 | Large number of prompt notifications could reach database connection limit Workaround: unknown |
| 2020-11-30 | PPS-25111 | Creating an artifacts with a cef_name that contains a space crashes JS when viewing the artifact. |
| 2020-08-27 | PPS-24362 | able to view and edit works books even without "system settings" permission |
| 2020-08-20 | PPS-24285 | Child playbook or Custom Function error can cause parent playbook to hang |
| 2020-07-28 | PPS-24100 | The phantom.update API mutates the container object with incompatible formats and key/value pairs |
| 2020-07-20 | PPS-23962 | The function signature of VPE-disabled blocks do not automatically update to accept the custom_function keyword arguments |
| 2020-07-17 | PPS-23945 | VPE playbook block is incorrectly named after upgrade to version 4.9 |
| 2020-07-17 | PPS-23936 | Splunk Phantom instances upgraded from a 3.0 installation break during upgrade path to the 4.9 release. Workaround: Delete the file /tmp/phantomOvaUpgrade before running the upgrade script. |
| 2020-06-30 | PPS-23766 | Wrong Event Opens from AQ Workaround: In Investigation, keep the default tab settings and don't hide or rearrange them from the system default tab settings. |
| 2020-06-29 | PPS-23761 | Pylint validation for custom functions may cause validation errors due to python version mismatch. Workaround: Limit or disable pylint validation:
|
| 2020-06-25 | PPS-23726, PPS-23709 | Phantom 4.9 - Restore fails to start phantom after completion if there are postgresql.conf changes at the source instance Workaround: Copy the changes or modifications from the source instance from /opt/phantom/data/db/postgresql.conf where the backup was done and paste them in /opt/phantom/data/db/postgresql.conf. Restart Splunk Phantom after the changes are saved. |
| 2020-06-24 | PPS-23703 | Restoring cluster backup multiple times on standalone does not work Workaround: Drop and recreate the local db before doing the second restore.
|
| 2020-06-23 | PPS-23683 | More menu dropdown for multiple selected artifacts is missing download JSON option |
| 2020-06-12 | PPS-23436 | update_certificates status shows double information for nginx |
| 2020-06-11 | PPS-23415 | HUD card data text is not centered. |
| 2020-06-09 | PPS-23339 | Case report does not show event status |
| 2020-06-01 | PPS-23196 | The prefix feature is not supported on a cloud instance of Splunk |
| 2020-05-28 | PPS-23155 | Asset & playbook indexes are not updated when data is deleted with remote search |
| 2020-04-14 | PPS-22378 | Artifact note title is not refreshed in timeline Investigation page after being modified |
| 2020-04-02 | PPS-22181 | force-pg-stop-backup option does not stop backup Workaround: Run select pg_stop_backup(); in the postgres shell instead of via the script.
This script option has been deprecated. |
| 2020-04-01 | PPS-22151 | Playbook and custom function .tgz files can be imported in the wrong listing page |
| 2020-01-29 | PPS-21286 | Backup & Restore: Unprivileged cluster restoration onto unprivileged standalone instance and vice versa does not work |
| 2019-05-13 | PPS-17004 | Hashicorp vault token saved incorrectly Workaround: Enter the token as the LAST field, or re-enter the token when making other changes and save with that in the text box. |
Last modified on 13 August, 2022
|
PREVIOUS Welcome to Splunk Phantom 4.9 |
NEXT Fixed issues in this release of Splunk Phantom |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9
Feedback submitted, thanks!