Fixed issues
Splunk Enterprise 7.0.1 was released on November 30, 2017.
Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.
Authentication and authorization issues
| Date resolved
|
Issue number
|
Description
|
| 2017-10-30 |
SPL-143916, SPL-141681 |
Custom web.conf:root_endpoint may cause SAML authentication to fail.
|
Data input issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-17 |
SPL-145978, SPL-142334 |
logs are delayed in reading after rotation
|
| 2017-10-20 |
SPL-144797, SPL-133461 |
Compressed files are deleted from sinkhole even if decompression fails
|
Search issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-15 |
SPL-146174, SPL-145252 |
Column sorting does not work on search and report page if the field contains a whitespace
|
| 2017-11-02 |
SPL-144063, SPL-143331 |
default_match is not honoured when lookup matches is 0 (using a kvstore collection)
|
| 2017-10-31 |
SPL-145395, SPL-144217 |
searchmatch() without arguments causes crash in search process or main splunkd
|
Saved search, alerting, scheduling, and job management issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-08 |
SPL-146104, SPL-143337 |
Possible false logging? -- reason="The maximum number of concurrent real-time scheduled searches on this cluster has been reached" concurrency_limit=1
|
| 2017-10-10 |
SPL-143576, SPL-142612 |
Some default license alerts are not returning any results for Splunk Cloud
|
Charting, reporting, and visualization issues
| Date resolved
|
Issue number
|
Description
|
| 2017-10-18 |
SPL-145550, SPL-143793 |
Map visualization fails to switch to empty state when no search results are returned
|
Distributed search and search head clustering issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-10 |
SPL-144480, SPL-140260 |
$SPLUNK_HOME/var/run/searchpeers growing due to latest common bundle in peers being stuck to an old version.
|
| 2017-11-02 |
SPL-145647, SPL-142964 |
Missed Events When Searching Against Lookup
|
Indexer and indexer clustering issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-28 |
SPL-146685, SPL-146214 |
Search returns the following error "Could not read event: cd=(n/a). Results may be incomplete ! (logging only the first such error; enable DEBUG to see the rest)"
|
| 2017-11-19 |
SPL-146451, SPL-145537 |
6.6+ CMs produce a heartbeat response that 6.5 indexers cannot deserialize
|
| 2017-11-17 |
SPL-146499, SPL-145736 |
Index Cluster not recovering from index peer failure - "cannot replicate as bucket hasn't rolled"
|
| 2017-11-01 |
SPL-145275, SPL-143967 |
event=commitGenerationFailure for non-existent bucket
|
| 2017-10-20 |
SPL-143757, SPL-143402 |
Fsck processes are stuck leading to fixup tasks not completing .
|
Distributed deployment, forwarder, deployment server issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-01 |
SPL-145273, SPL-143764 |
Deployment server doesn't always update client attributes without a reload, resulting in stale data on the Forwarder Management UI.
|
Monitoring Console issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-14 |
SPL-146338, SPL-144658 |
Monitoring console app's health check page shows results only for the 100 instances
|
Splunk Web and interface issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-15 |
SPL-146174, SPL-145252 |
Column sorting does not work on search and report page if the field contains a whitespace
|
| 2017-11-02 |
SPL-144063, SPL-143331 |
default_match is not honoured when lookup matches is 0 (using a kvstore collection)
|
| 2017-10-31 |
SPL-145395, SPL-144217 |
searchmatch() without arguments causes crash in search process or main splunkd
|
Windows-specific issues
| Date resolved
|
Issue number
|
Description
|
| 2017-10-31 |
SPL-144998, SPL-142005 |
Monitoring Windows Event Log files within archives may result in fields going missing
|
| 2017-10-20 |
SPL-144221, SPL-142071 |
splunk-winevtlog crashes on unregistering wait handle
|
PDF issues
| Date resolved
|
Issue number
|
Description
|
| 2017-10-18 |
SPL-143966, SPL-132666 |
(7.0.1) - Exported pdf shows token string for the dashboard element's title property instead of its value
|
Admin and CLI issues
| Date resolved
|
Issue number
|
Description
|
| 2017-10-19 |
SPL-144605, SPL-142961 |
CherryPy un-authenticates users if session_id cookie is missing at logout
|
Uncategorized issues
| Date resolved
|
Issue number
|
Description
|
| 2017-11-19 |
SPL-143848, SPL-144137 |
Add warning to splunkd.log if vm.overcommit_memory is set to 2
|
| 2017-11-15 |
SPL-144808, SPL-141762 |
Modification to kvstore collection are not being distributed to Indexer
|
| 2017-11-02 |
SPL-145671, SPL-146141, SPL-146142 |
Indexing Queue blocked after upgrading to 7.0
|
| 2017-11-02 |
SPL-145191, SPL-141645 |
buckets keeps failing integrity check
|
| 2017-11-02 |
SPL-145599, SPL-145365 |
Crash in IdataDO_Collector on shutdown
|
| 2017-11-01 |
SPL-145249, SPL-143141 |
SSL error for validation of self-signed certificates is not actionable.
|
| 2017-10-30 |
SPL-145242, SPL-145097 |
MessagesManager may deadlock during splunk startup when SAML is enabled.
|
| 2017-10-20 |
SPL-145328, SPL-144967 |
Error creating diag: in add_fake_file tinfo.size = 0 AttributeError: 'NoneType' object has no attribute 'size'
|
| 2017-10-18 |
SPL-144996, SPL-143312 |
Universal Forwarder Installer lies about the Event Logs it monitors by default
|
Splunk Analytics for Hadoop
| Date resolved
|
Issue number
|
Description
|
| 2017-11-01 |
ERP-2100, ERP-2089 |
Acceleration searches on HUNK are returning java.lang.IllegalArgumentException: No enum constant com.splunk.datasource.WriterFactory.Format exceptions
|
| 2017-10-27 |
ERP-2097, ERP-2047 |
/hdfs/user/hunk/bundles Not Being Reaped
|
| 2017-10-27 |
ERP-2087, ERP-2071 |
Search against archived buckets throws "bad gzip header" errors; getting events outside of the search time range
|
Download manual
Feedback submitted, thanks!