Splunk® Enterprise

Release Notes

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Fixed issues

Splunk Enterprise 7.2.10.1

Splunk Enterprise 7.2.10.1 was released on April 27, 2020. This release includes a fix for the following issue.

Date resolved Issue number Description
2020-04-11 SPL-186282, SPL-186347, SPL-186349, SPL-186351, SPL-186647, SPL-186348 DMA rebuild is causing random indexer crashes

Workaround:
To stop the acceleration of data model "DM_search_asset_mart" from GUI, in order for stoping/not starting "re-build".

Splunk Enterprise 7.2.10

Splunk Enterprise 7.2.10 was released on March 25, 2020. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.

Data input issues

Date resolved Issue number Description
2019-11-15 SPL-178914, SPL-171961 The datetime.xml timestamp recognition file does not recognize two-year dates after 2019 or Unix epoch-time seconds higher than 1599999999 (12:26:39 UTC 13 Sep 2020)

Search issues

Date resolved Issue number Description
2020-01-31 SPL-180068, SPL-169835 ad-hoc search artifact uses up 22GB of disk space with thousands of "tmpevents_*.csv.gz" and "mmsort_pass1_*.csv.gz" temporary files
2020-01-31 SPL-177675, SPL-180073, SPL-180267, SPL-180268 Crash in BucketSummaryActorThread for a specific summary directory, persists after removing
2020-01-31 SPL-181835, SPL-181612 Searching for lookup default_match - Consider wildcards
2020-01-24 SPL-182156, SPL-174005 Search crashes on indexer in ChunkedCSVLineReader::initReader due to empty kvstore lookup folder in the bundle
2020-01-12 SPL-181152, SPL-177255 Searching for lookup default_match value includes default_match value in lispy
2020-01-07 SPL-181332, SPL-181303 Rex mode sed - 7.1.0+ - Sed with caret (^) is giving an incorrect result/not functioning as expected
2020-01-07 SPL-180934, SPL-178545 Recursive _SOURCETYPE settings block splunkd startup.
2020-01-06 SPL-180038, SPL-180315, SPL-181366, SPL-181367 Search performance decreases (long running searches) with high index deployments (2K indexes)
2019-12-04 SPL-179745, SPL-177665 (7.2.x) - tstats where clause does not filter as expected
2019-12-04 SPL-173430, SPL-172951 Pivot failing on an accelerated Datamodel
2019-11-20 SPL-177888, SPL-174425 outputlookup with the setting, override_if_empty=false does not work for KVStore lookups.
2019-11-20 SPL-173098, SPL-174198, SPL-175515 Slow SH lookups impacting search performance post 7.2.6 upgrade
2019-11-20 SPL-178542, SPL-176921 Search results not returned intermittently for _indextime search on hot bucket, results are found on later searches (Windows platform only).
2019-11-08 SPL-177399, SPL-179452, SPL-179453 Search on indexers crashes in reverse_lookup when working with kvstore lookup (use_lookups_v2=false)
2019-11-05 SPL-178266, SPL-176046 Lookup overwrites source field when OUTPUTNEW is used in search
2019-10-25 SPL-177849, SPL-164106 export results function in the UI produces "Invalid latest_time: latest_time must be after earliest_time" message
2019-10-22 SPL-178245, SPL-177844 "tostring" function doesn't add a leading zero when using the duration format in 7.2.x

Saved search, alerting, scheduling, and job management issues

Date resolved Issue number Description
2020-01-17 SPL-179471, SPL-177963 Datamodel acceleration_search command throws error for streaming root searches
2020-01-13 SPL-169912, SPL-174673, SPL-174680, SPL-180352 SHC - Alert Scheduler - Next Scheduled Time does not update if cron-scheduler is updated from Deployer
2020-01-06 SPL-171422, SPL-165259 Splunkd CMIndexID lock contention due to DispatchManager::getDiskUsage populating batch-retry map
2019-11-19 SPL-173414, SPL-179491, SPL-179612, SPL-179627 Splunk unable to load defined Saved Searches in a conf file if a bad/malformed cron_schedule value is present/set
2019-10-25 SPL-177564, SPL-175380 When alert condition is not met, scheduled searches are deferred, leading to skip searches

Charting, reporting, and visualization issues

Date resolved Issue number Description
2019-11-07 SPL-178113, SPL-178989, SPL-179170, SPL-179171 Editing color scale using colorpalette in dashboard creates custom configuration

Data model and pivot issues

Date resolved Issue number Description
2020-01-17 SPL-179471, SPL-177963 Datamodel acceleration_search command throws error for streaming root searches
2020-01-13 SPL-169912, SPL-174673, SPL-174680, SPL-180352 SHC - Alert Scheduler - Next Scheduled Time does not update if cron-scheduler is updated from Deployer
2020-01-06 SPL-171422, SPL-165259 Splunkd CMIndexID lock contention due to DispatchManager::getDiskUsage populating batch-retry map
2019-11-19 SPL-173414, SPL-179491, SPL-179612, SPL-179627 Splunk unable to load defined Saved Searches in a conf file if a bad/malformed cron_schedule value is present/set
2019-10-25 SPL-177564, SPL-175380 When alert condition is not met, scheduled searches are deferred, leading to skip searches

Indexer and indexer clustering issues

Date resolved Issue number Description
2020-01-26 SPL-182016, SPL-182086 Cluster Peer rolling restart can cause unnecessary extra re-adds
2020-01-17 SPL-180200, SPL-180725, SPL-181617, SPL-181618 Some cluster peers did not try to restart when new bundle was applied
2019-12-22 SPL-178632, SPL-178927, SPL-180282, SPL-180283 Fixup stuck after reprovisioning an indexer in SmartStore enabled cluster
2019-11-28 SPL-180016, SPL-175926 S2 Smartstore :Indexer cluster not recovering when decommissioning indexers greater than or equal to SF/RF
2019-11-15 SPL-178412, SPL-155281 Indexer Clustering Search Performance - search manifest updates should be locked per site+genid
2019-11-08 SPL-174534, SPL-168108 Cloud Cluster Master - Identical Bundles not reaping
2019-11-05 SPL-172102, SPL-173702, SPL-176730 Real Time search does not warn about disconnected peers which may lead to incomplete search results

Distributed search and search head clustering issues

Date resolved Issue number Description
2020-01-03 SPL-176796, SPL-177408, SPL-178240, SPL-178241 Corrupted Raft entry files crashes SH instance node
2019-12-11 SPL-175387, SPL-176140, SPL-179985, SPL-179986 app.conf not being replicated in SHC gives end user false promises of ui functionality
2019-11-15 SPL-178412, SPL-155281 Indexer Clustering Search Performance - search manifest updates should be locked per site+genid
2019-11-05 SPL-172102, SPL-173702, SPL-176730 Real Time search does not warn about disconnected peers which may lead to incomplete search results
2019-10-25 SPL-174796, SPL-175960, SPL-177530, SPL-177531 dispatch folder with cancel file not getting reaped
2019-10-25 SPL-178171, SPL-160828 DistributedPeerManager::handleConflicts needs to be improved

REST, Simple XML, and Advanced XML issues

Date resolved Issue number Description
2020-01-02 SPL-181066, SPL-173500 REST API /cluster/config endpoint returns default values

Authentication and authorization issues

Date resolved Issue number Description
2019-11-25 SPL-180077, SPL-179933 SAML Failure after upgrade to 7.0.13 - ERROR UiSAML - Malformed SAML document(Assertion) received from IDP
2019-10-09 SPL-177705, SPL-174145 CSRF token failure on timeout, multiple browser tabs constantly reauthenticating

Admin and CLI issues

Date resolved Issue number Description
2020-01-02 SPL-181117, SPL-181085 Jan 1 2020 Bug: 7.3.3 datetime.xml has a misleading line (comment line 198) should be 2023 not 2017
2019-12-18 SPL-180153, SPL-173365 UI displaying incorrect results from Data Model List view
2019-11-19 SPL-173414, SPL-179491, SPL-179612, SPL-179627 Splunk unable to load defined Saved Searches in a conf file if a bad/malformed cron_schedule value is present/set

Uncategorized issues

Date resolved Issue number Description
2020-01-31 SPL-179443, SPL-165762 Invalid latest_time: latest_time must be after earliest_time when DST is reached
2020-01-10 SPL-172622, SPL-174289, SPL-179441, SPL-181465 Cluster map visualization is not accurate after upgrade to 7.2.x
2020-01-10 SPL-179256, SPL-179703, SPL-180148, SPL-180149 kvstore inputlookup with large 'where' filter fails silently when hitting 300 second timeout
2020-01-09 SPL-170703, SOLNESS-16682, SPL-172792, SPL-177344, SPL-177345 splunkd.log "ERROR SearchParser - Missing a search command before '*'" error message without context
2020-01-03 SPL-180195, SPL-177752 Deadlock in splunk when using pstacks action
2020-01-03 SPL-178058, SPL-174960 Customer Spin Off for code fix - SmartStore - 0 bytes receipt.json Upload
2019-12-18 SPL-179772, SPL-179935, SPL-179936, SPL-179937 Script to create Self Signed default web SSL cert add's "/opt/splunk/" to path in Web.conf
2019-12-17 SPL-164839, SPL-180783, SPL-181017, SPL-181018 systemd warnings about Splunkd.service being executable and world-inaccessible
2019-12-11 SPL-174286, SPL-178290, SPL-180518, SPL-180519, SPL-180520 Using timechart AS clause with wildcard and a constant (*_x) in fast mode returns too many columns
2019-12-04 SPL-168459, SPL-176508, SPL-177366, SPL-180432 Splunkd Server Memory growth over time on ES search head
2019-11-27 SPL-178630, SPL-175977 Summarizer 404s forever trying to delete partially local frozen buckets
2019-11-27 SPL-176230, SPL-177924, SPL-177925, SPL-177926, SPL-177927, SPL-177928 HealthReporter threads deadlock resulting in stuck _reload, blocked ingestion, eventually causing a crash
2019-11-20 SPL-176142, SPL-176892, SPL-177846, SPL-177847 IOStats events for introspection occasionally reports negative avg_total_ms
2019-11-08 SPL-149157, SPL-178289, SPL-178767, SPL-178768 Missing some meta keys extracted by INDEXED_EXTRACTION after changing _raw content and adding index-time field extraction
2019-10-31 SPL-178721, SPL-152457 splunkd.log WARN TelemetryHandler - 1521648000.000000
Last modified on 14 December, 2020
Timestamp recognition of dates with two-digit years fails beginning January 1, 2020   Deprecated features

This documentation applies to the following versions of Splunk® Enterprise: 7.2.10

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters