Splunk® Enterprise

Release Notes

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

6.6.4

Splunk Enterprise 6.6.4 was released on November 8, 2017.

For information about other security fixes, refer to the Splunk Security Portal.

Issues are listed in all relevant sections. Some issues appear more than once.

Data input issues

Date resolved Issue number Description
2017-11-27 SPL-142334, SPL-143553, SPL-145370, SPL-145978 logs are delayed in reading after rotation
2017-10-05 SPL-144353, SPL-142525 Duplicated events when indexing csv files with INDEXED_EXTRACTIONS
2017-10-03 SPL-144796, SPL-133461 Compressed files are deleted from sinkhole even if decompression fails

Search issues

Date resolved Issue number Description
2017-10-11 SPL-142442, SPL-145743, SPL-147664 The rex command, when used on a field that doesn't exist (i.e. null) or on an event that fails to match, causes the optimizer to mistakenly optimize out preceding search commands
2017-10-09 SPL-145004, SPL-145393, SPL-145354, SPL-145394, SPL-149338 Splunk cloud instance is crashing due to out of file descriptors when report accelerations are enabled
2017-10-05 SPL-144608, SPL-142835 Dashboard referencing a savedsearch leads JS to hammer the /control endpoint
2017-10-05 SPL-144670, SPL-148632, SPL-148633 Log required field back-propagation
2017-10-05 SPL-143793, SPL-145550, SPL-145551 Map visualization fails to switch to empty state when no search results are returned
2017-10-04 SPL-143204, SPL-143949, SPL-145964 CIDR searches providing different results than a wildcard search (host=172.29.100.0/24 vs host=172.29.100.*)
2017-09-29 SPL-144217, SPL-145398, SPL-145400, SPL-145321, SPL-145332, SPL-145333, SPL-145395, SPL-145396, SPL-145399, SPL-145306 searchmatch() without arguments causes crash in search process or main splunkd
2017-09-26 SPL-141829, SPL-145186, SPL-145965 CIDR Search not returning expected behavior after upgrade to 6.6.0
2017-09-11 SPL-143331, SPL-144063, SPL-144366, SPL-144369, SPL-145963 default_match is not honoured when lookup matches is 0 (using a kvstore collection)

Saved search, alerting, scheduling, and job management issues

Date resolved Issue number Description
2017-09-27 SPL-144172, SPL-138156 Datamodel REST API does not support new tags_whitelist parameter
2017-08-11 SPL-143337, SPL-143925, SPL-146104 Possible false logging? -- reason="The maximum number of concurrent real-time scheduled searches on this cluster has been reached" concurrency_limit=1
2017-08-07 SPL-142612, SPL-143576, SPL-146093 Some default license alerts are not returning any results for splunk cloud

Charting, reporting, and visualization issues

Date resolved Issue number Description
2017-10-11 SPL-142442, SPL-145743, SPL-147664 The rex command, when used on a field that doesn't exist (i.e. null) or on an event that fails to match, causes the optimizer to mistakenly optimize out preceding search commands
2017-10-09 SPL-145004, SPL-145393, SPL-145354, SPL-145394, SPL-149338 Splunk cloud instance is crashing due to out of file descriptors when report accelerations are enabled
2017-10-05 SPL-144608, SPL-142835 Dashboard referencing a savedsearch leads JS to hammer the /control endpoint
2017-10-05 SPL-144670, SPL-148632, SPL-148633 Log required field back-propagation
2017-10-05 SPL-143793, SPL-145550, SPL-145551 Map visualization fails to switch to empty state when no search results are returned
2017-10-04 SPL-143204, SPL-143949, SPL-145964 CIDR searches providing different results than a wildcard search (host=172.29.100.0/24 vs host=172.29.100.*)
2017-09-29 SPL-144217, SPL-145398, SPL-145400, SPL-145321, SPL-145332, SPL-145333, SPL-145395, SPL-145396, SPL-145399, SPL-145306 searchmatch() without arguments causes crash in search process or main splunkd
2017-09-26 SPL-141829, SPL-145186, SPL-145965 CIDR Search not returning expected behavior after upgrade to 6.6.0
2017-09-11 SPL-143331, SPL-144063, SPL-144366, SPL-144369, SPL-145963 default_match is not honoured when lookup matches is 0 (using a kvstore collection)

Data model and pivot issues

Date resolved Issue number Description
2017-09-27 SPL-144172, SPL-138156 Datamodel REST API does not support new tags_whitelist parameter
2017-08-11 SPL-143337, SPL-143925, SPL-146104 Possible false logging? -- reason="The maximum number of concurrent real-time scheduled searches on this cluster has been reached" concurrency_limit=1
2017-08-07 SPL-142612, SPL-143576, SPL-146093 Some default license alerts are not returning any results for splunk cloud

Indexer and indexer clustering issues

Date resolved Issue number Description
2017-10-16 SPL-145537, SPL-149454, SPL-145708, SPL-146451 6.6+ CMs produce a heartbeat response that 6.5 indexers cannot deserialize
2017-09-28 SPL-143967, SPL-145275, SPL-145276 event=commitGenerationFailure for non-existent bucket
2017-08-08 SPL-143402, SPL-143757, SPL-144482 Fsck processes are stuck leading to fixup tasks not completing .

Distributed search and search head clustering issues

Date resolved Issue number Description
2017-10-12 SPL-142964, SPL-145647, SPL-146105 Missed Events When fetching events from index past search_keepalive_frequency setting timelimit

Universal forwarder issues

Date resolved Issue number Description
2017-10-05 SPL-143294, SPL-140335 MonitorNoHandle.exe uses all available RAM

Distributed deployment, forwarder, deployment server issues

Date resolved Issue number Description
2017-09-28 SPL-143764, SPL-147133, SPL-145273, SPL-145274 Deployment server doesn't always update client attributes without a reload, resulting in stale data on the Forwarder Management UI.

Monitoring Console/DMC issues

Date resolved Issue number Description
2017-08-28 SPL-143255, SPL-133416 DMC: Resource Usage Deployment: Load Average and Deployment-Wide Load Average panels fail to populate in windows

Splunk Web and interface issues

Date resolved Issue number Description
2017-09-26 SPL-144510, SPL-142605 Page loads slowly when there are more global saved searches

Windows-specific issues

Date resolved Issue number Description
2017-09-26 SPL-142005, SPL-144998, SPL-144999 Monitoring Windows Event Log files within archives may result in fields going missing

Authentication and Authorization issues

For a list of security issues, please see the Security Advisory. A list of all recent advisories can be found in the Security Portal.

Date resolved Issue number Description
2017-10-05 SPL-143915, SPL-141681 Custom web.conf:root_endpoint may cause SAML authentication to fail.

Admin and CLI issues

Date resolved Issue number Description
2017-10-03 SPL-142961, SPL-144605, SPL-144606 CherryPy un-authenticates users if session_id cookie is missing at logout

Unsorted issues

Date resolved Issue number Description
2017-10-05 SPL-145245, SPL-141135 diag does not resolve $COMPUTERNAME
2017-10-02 SPL-144967, SPL-145328, SPL-145329 Error creating diag: in add_fake_file tinfo.size = 0 AttributeError: 'NoneType' object has no attribute 'size'
2017-09-28 SPL-142902, SPL-109470 UF MSI doesn't show updated monitor path

Uncategorized issues

Date resolved Issue number Description
2017-10-24 SPL-145365, SPL-145599, SPL-145600 Crash in IdataDO_Collector on shutdown
2017-10-10 SPL-145248, SPL-143141 SSL error for validation of self-signed certificates is not actionable.
2017-10-05 SPL-143846, SPL-144137 Add warning to splunkd.log if vm.overcommit_memory is set to 2
2017-10-04 SPL-145190, SPL-141645 buckets keeps failing integrity check
2017-10-04 SPL-144654, SPL-140755 Missing events in RT search results (or any search if tsidx reduction is enabled) when using negation (NOT or !=)
2017-09-27 SPL-145097, SPL-145235, SPL-145236, SPL-145237, SPL-145242, SPL-145243 MessagesManager may deadlock during splunk startup when SAML is enabled.
2017-09-18 SPL-143401, SPL-146290, SPL-146292 REGEX in transforms is hitting PCRE recursion limit
2017-09-15 SPL-142817, SPL-141494 Map command in dashboard is sending empty PDF file when scheduling
2017-08-07 SPL-142452, SPL-141522 Heavy Forwarder crash in typing thread with persistent queues

Splunk Analytics for Hadoop

Date resolved Issue number Description
2017-09-22 ERP-2103, ERP-2079 (6.6.x) - Please make splunk_archiver.log roll
PREVIOUS
6.6.5
  NEXT
6.6.3

This documentation applies to the following versions of Splunk® Enterprise: 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters