Splunk Enterprise 18.104.22.168
This release addresses an issue that might impact data durability under certain rare cluster conditions. The issue is triggered when there is a confluence of data replication errors from index clustering as well as an upload to the Splunk object store medium (SmartStore) via secondary or tertiary replication nodes.
While the incidence of the condition is rare and the impact is negligible, we recommend that customers that are currently using SmartStore in a clustered production environment upgrade to version 22.214.171.124 and set
server.conf to 20.
The upcoming Splunk Enterprise 7.2.5 release will also contain the fixes, but will not require you to set
max_replication_errors to 20.
If you are an on-premises customer using both SmartStore and Indexer Clustering and have questions regarding this upgrade, please open a support case via the support portal with the subject 126.96.36.199 upgrade questions.
Splunk Cloud customers will be upgraded as part of Splunk Cloud standard operations.
Splunk Enterprise 7.2.4
Splunk Enterprise 7.2.4 was released on February 7, 2019. This release includes fixes for the following issues.
Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.
|Date resolved||Issue number||Description|
|2019-01-17||SPL-165011, SPL-165008||MaxMind GeoIP DB needs to be updated for Jan 2019|
|2019-01-16||SPL-164531, SPL-160841||Received fatal signal 11 (SEGV) on TailWatcher on Heavy Forwarders RegexExtractionProcessor race condition|
|2019-01-15||SPL-164266, SPL-158199||when merging tsidx files, splunk optimize failed to open temporary manifest file due to file name collision cause by race condition|
|2019-01-14||SPL-164725, SPL-159813||Post 6.6 / 7.0 upgrade, power user role cannot edit alert.expires from UI|
|2019-01-14||SPL-164842, SPL-162335||IdataDO_Collector.cpp void collect__summaries(): Assertion `paths.size() == 2' failed.|
|2019-01-08||SPL-164252, SPL-163808||CIM Setup page is showing single line because of syntax error in underlying search|
|2019-01-03||SPL-163032, SPL-157014||Search results on a dashboard are given with system timezone instead of user timezone|
|2018-12-18||SPL-163474, SPL-158779||Indexer crash with thread: BatchSearch|
|2018-12-17||SPL-163953, SPL-160833||Seeing 500 internal server error when opening many manager pages|
|2018-12-14||SPL-163530, SPL-162247||After adding Tags Whitelist for Data Models, the newly added tags disappears when there is a change in the acceleration setting for the respective datamodel from the UI.|
|2018-12-14||SPL-163974, SPL-157230||conf-mutator.pid cleanup error during GUI initiated restart|
|2018-12-06||SPL-163475, SPL-161299||ES Search Head Captain Crash: 'it != _summary_inprogress.end()'|
|2018-12-06||SPL-163621, SPL-158665||Token inside HTML element is not localized|
|2018-12-03||SPL-162282, SPL-157891, SPL-163562||Unable to open bucket as bucket is stuck in stale state|
|2018-11-20||SPL-162980, SPL-152828||Splunk does not start as specified user on boot on MacOS|
|2018-11-08||SPL-159413, SPL-162105, SPL-163566, SPL-162723, SPL-162670, SPL-162676, SPL-162724||"Failed to localize" due to "ERROR CacheManagerHandler"..."not an owner"..."and the bucket is draining"|
Field alias behavior change
This documentation applies to the following versions of Splunk® Enterprise: 7.2.4