Fixed issues
Splunk Enterprise 7.2.9.1
Splunk Enterprise 7.2.9.1 was released on December 5, 2019. This release includes a fix for the following issue.
| Date resolved
|
Issue number
|
Description
|
| 2019-12-05 |
SPL-178915, SPL-171961 |
The datetime.xml timestamp recognition file does not recognize two-year dates after 2019 or Unix epoch-time seconds higher than 1599999999 (12:26:39 UTC 13 Sep 2020)
|
Splunk Enterprise 7.2.9
Splunk Enterprise 7.2.9 was released on October 29, 2019. This release includes fixes for the following issues.
Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.
Search issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-03 |
SPL-172516, SPL-173684, SPL-176357 |
UI is showing the incorrect endTime for tstat search
|
| 2019-10-03 |
SPL-176558, SPL-173492 |
scheduled saved search delay significantly with with number of subsearches increasing
|
| 2019-10-03 |
SPL-176123, SPL-177410, SPL-177991, SPL-176365 |
Subsearch getting executed during summayId generation causing an additional run of the same subsearch
|
| 2019-10-02 |
SPL-172677, SPL-169114 |
LookupDataProvider warning correction in splunkd.log (with ES installed)
|
| 2019-09-22 |
SPL-173896, SPL-173452 |
search time increases exponentially or factorially with number of subsearches
|
| 2019-09-15 |
SPL-174872, SPL-173458 |
Crash from multisearch command causing splunkd to crash.
|
| 2019-09-13 |
SPL-176023, SPL-176244, SPL-176270 |
Lookup wildcards cannot match empty string
|
| 2019-09-06 |
SPL-172111, SPL-173339, SPL-176114 |
Real-Time Search Options Disabled for user role but still accessible in WebUI
|
| 2019-08-20 |
SPL-170402, SPL-171484, SPL-173962, SPL-175234 |
Sparkline in 7.2 in fast/smart mode does not work with table command in the search
|
Saved search, alerting, scheduling, and job management issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-03 |
SPL-176558, SPL-173492 |
scheduled saved search delay significantly with with number of subsearches increasing
|
| 2019-09-06 |
SPL-175483, SPL-170981 |
Running jobs should not be marked as expired
|
| 2019-08-25 |
SPL-174885, SPL-173647 |
Search dispatched without all peers participating without having a message that not all peers were participating
|
| 2019-08-25 |
SPL-173808, SPL-171073 |
SHC Stop Executing DMA Searches
|
Charting, reporting, and visualization issues
| Date resolved
|
Issue number
|
Description
|
| 2019-09-06 |
SPL-172111, SPL-173339, SPL-176114 |
Real-Time Search Options Disabled for user role but still accessible in WebUI
|
Data model and pivot issues
| Date resolved
|
Issue number
|
Description
|
| 2019-08-25 |
SPL-173808, SPL-171073 |
SHC Stop Executing DMA Searches
|
Indexer and indexer clustering issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-08 |
SPL-176164, SPL-168257 |
Indexers are flapping (up or pending) due to "non-streaming failure"
|
| 2019-08-29 |
SPL-170938, SPL-167708 |
Apply cluster bundle does not apply bundle to any indexers which are in progress of adding to cluster
|
| 2019-08-25 |
SPL-174885, SPL-173647 |
Search dispatched without all peers participating without having a message that not all peers were participating
|
Distributed search and search head clustering issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-01 |
SPL-173768, SPL-174273, SPL-175412 |
phased_execution_mode=multithreaded causes overall search performance to decrease 20% - 25%, impacting mostly larger deployments having 3k+ indexers.
|
| 2019-08-25 |
SPL-175305, SPL-171401 |
KVstore out of Sync In Two Out Of Nine SHs
|
| 2019-08-25 |
SPL-173808, SPL-171073 |
SHC Stop Executing DMA Searches
|
| 2019-08-19 |
SPL-175009, SPL-145260 |
UI: Jobs Manager page still displaying supposedly deleted job
|
| 2019-08-18 |
SPL-169952, SPL-167421 |
the scheduled search "Bucket Copy Trigger" (aka Hadoop Data Roll) has stopped working properly.
|
Universal forwarder issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-24 |
SPL-163851, SPL-166696 |
Bugcheck due to splunkdrv (WinRegMon driver)
|
Distributed deployment, forwarder, deployment server issues
| Date resolved
|
Issue number
|
Description
|
| 2019-08-23 |
SPL-170151, SPL-173635, SPL-174532, SPL-175339 |
Deployment Server does not clean up previous bundles where app and bundle names do not match
|
Monitoring Console issues
| Date resolved
|
Issue number
|
Description
|
| 2019-09-10 |
SPL-175397, SPL-173618 |
Servers with Custom groups in DMC are not saved to distsearch.conf
|
| 2019-08-20 |
SPL-161159, SPL-171211, SPL-174926, SPL-175193 |
DMC/MC (UI) - KV Store-> Instance -> 'Average Replication Lag' is removed. The user no longer will be able to see "Average Replication Lag' for each instance.
|
Splunk Web and interface issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-03 |
SPL-173362, SPL-145572 |
Users can create Field Extractions in GUI which cannot be changed or deleted by Admin
|
| 2019-09-06 |
SPL-172111, SPL-173339, SPL-176114 |
Real-Time Search Options Disabled for user role but still accessible in WebUI
|
Windows-specific issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-24 |
SPL-163851, SPL-166696 |
Bugcheck due to splunkdrv (WinRegMon driver)
|
REST, Simple XML, and Advanced XML issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-03 |
SPL-173362, SPL-145572 |
Users can create Field Extractions in GUI which cannot be changed or deleted by Admin
|
Authentication and authorization issues
| Date resolved
|
Issue number
|
Description
|
| 2019-09-06 |
SPL-172111, SPL-173339, SPL-176114 |
Real-Time Search Options Disabled for user role but still accessible in WebUI
|
| 2019-08-27 |
SPL-175248, SPL-168795 |
Unable to clear non-actionable messages requesting a splunkd restart from WebUI with sc_admin role
|
PDF issues
| Date resolved
|
Issue number
|
Description
|
| 2019-09-06 |
SPL-175902, SPL-170982 |
Can not export pdf from dashboard when using wider time range
|
Admin and CLI issues
| Date resolved
|
Issue number
|
Description
|
| 2019-09-11 |
SPL-176179, SPL-159600 |
Clone dialog in Searches, Reports, and Alerts manager page is listing internal apps as target
|
| 2019-08-20 |
SPL-166620, SPL-167267, SPL-175046 |
btool dumps : CountAccounter::CountAccounter(bool): Assertion `main_thread_created' failed (LDAP)
|
| 2019-08-19 |
SPL-175009, SPL-145260 |
UI: Jobs Manager page still displaying supposedly deleted job
|
Uncategorized issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-08 |
SPL-171599, SPL-167453 |
Replicated bucket in indexer cluster is timestamped with earliest time 0 (January 1970) if its last slice is empty.
|
| 2019-10-08 |
SPL-174492, SPL-172641 |
regex_cpu_profiling not generating events on WIndows instance
|
| 2019-10-04 |
SPL-172790, SPL-173445 |
Host Field Is Not Applied While Searching Against Archived Buckets in Hadoop
|
| 2019-10-03 |
SPL-176537, SPL-174948 |
Indexers in Cluster having problems utilizing AWS storage gateway for cold storage
|
| 2019-10-03 |
SPL-175767, SPL-171220 |
Frequent restarting of real-time searches and bundle replication can cause memory growth in splunkd mothership
|
| 2019-10-03 |
SPL-172097, SPL-174799, SPL-175600 |
instrumentation IOStats in resource_usage.log is not being collected for some paths.
|
| 2019-09-16 |
SPL-171488, SPL-173258, SPL-173371 |
Very Frequent Error "Monotonic time source didn't increase; is it stuck?"
|
| 2019-09-12 |
SPL-175399, SPL-170416 |
Misleading error message when uploading a bundle via Deployer
|
| 2019-09-06 |
SPL-170099, SPL-170550, SPL-175617, SPL-175618, SPL-179439, SPL-179440 |
Indexers are crashing on merging thread with CowPipelineData::appendAndReset
|
| 2019-09-04 |
SPL-167631, SPL-171280, SPL-174529 |
ERROR HttpInputDataHandler - Parsing error : Incorrect index
|
| 2019-08-27 |
SPL-174903, SPL-168635 |
S2: Disabling index does not roll hot buckets prior to disabling the index preventing bucket upload
|
| 2019-08-26 |
SPL-175272, SPL-174634 |
$message$ token is not working for <fail> search event handler
|
Download manual
Feedback submitted, thanks!