Splunk® Enterprise

Release Notes

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Fixed issues

Splunk Enterprise 7.2.4.2

This release addresses an issue that might impact data durability under certain rare cluster conditions. The issue is triggered when there is a confluence of data replication errors from index clustering as well as an upload to the Splunk object store medium (SmartStore) via secondary or tertiary replication nodes.

While the incidence of the condition is rare and the impact is negligible, we recommend that customers that are currently using SmartStore in a clustered production environment upgrade to version 7.2.4.2 and set max_replication_errors in server.conf to 20.

The upcoming Splunk Enterprise 7.2.5 release will also contain the fixes, but will not require you to set max_replication_errors to 20.

If you are an on-premises customer using both SmartStore and Indexer Clustering and have questions regarding this upgrade, please open a support case via the support portal with the subject 7.2.4.2 upgrade questions.

Splunk Cloud customers will be upgraded as part of Splunk Cloud standard operations.

Splunk Enterprise 7.2.4

Splunk Enterprise 7.2.4 was released on February 7, 2019. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.

Date resolved Issue number Description
2019-01-17 SPL-165011, SPL-165008 MaxMind GeoIP DB needs to be updated for Jan 2019
2019-01-16 SPL-164531, SPL-160841 Received fatal signal 11 (SEGV) on TailWatcher on Heavy Forwarders RegexExtractionProcessor race condition
2019-01-15 SPL-164266, SPL-158199 when merging tsidx files, splunk optimize failed to open temporary manifest file due to file name collision cause by race condition
2019-01-14 SPL-164725, SPL-159813 Post 6.6 / 7.0 upgrade, power user role cannot edit alert.expires from UI
2019-01-14 SPL-164842, SPL-162335 IdataDO_Collector.cpp void collect__summaries(): Assertion `paths.size() == 2' failed.
2019-01-08 SPL-164252, SPL-163808 CIM Setup page is showing single line because of syntax error in underlying search
2019-01-03 SPL-163032, SPL-157014 Search results on a dashboard are given with system timezone instead of user timezone
2018-12-18 SPL-163474, SPL-158779 Indexer crash with thread: BatchSearch
2018-12-17 SPL-163953, SPL-160833 Seeing 500 internal server error when opening many manager pages
2018-12-14 SPL-163530, SPL-162247 After adding Tags Whitelist for Data Models, the newly added tags disappears when there is a change in the acceleration setting for the respective datamodel from the UI.
2018-12-14 SPL-163974, SPL-157230 conf-mutator.pid cleanup error during GUI initiated restart
2018-12-06 SPL-163475, SPL-161299 ES Search Head Captain Crash: 'it != _summary_inprogress.end()'
2018-12-06 SPL-163621, SPL-158665 Token inside HTML element is not localized
2018-12-03 SPL-162282, SPL-157891, SPL-163562 Unable to open bucket as bucket is stuck in stale state
2018-11-20 SPL-162980, SPL-152828 Splunk does not start as specified user on boot on MacOS
2018-11-08 SPL-159413, SPL-162105, SPL-163566, SPL-162723, SPL-162670, SPL-162676, SPL-162724 "Failed to localize" due to "ERROR CacheManagerHandler"..."not an owner"..."and the bucket is draining"
PREVIOUS
Field alias behavior change
  NEXT
Deprecated features

This documentation applies to the following versions of Splunk® Enterprise: 7.2.4


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters