Splunk® Enterprise

Release Notes

Acrobat logo Download manual as PDF


Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Fixed issues

Splunk Enterprise 7.2.9.1

Splunk Enterprise 7.2.9.1 was released on December 5, 2019. This release includes a fix for the following issue.

Date resolved Issue number Description
2019-12-05 SPL-178915, SPL-171961 The datetime.xml timestamp recognition file does not recognize two-year dates after 2019 or Unix epoch-time seconds higher than 1599999999 (12:26:39 UTC 13 Sep 2020)

Splunk Enterprise 7.2.9

Splunk Enterprise 7.2.9 was released on October 29, 2019. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.

Search issues

Date resolved Issue number Description
2019-10-03 SPL-172516, SPL-173684, SPL-176357 UI is showing the incorrect endTime for tstat search
2019-10-03 SPL-176558, SPL-173492 scheduled saved search delay significantly with with number of subsearches increasing
2019-10-03 SPL-176123, SPL-177410, SPL-177991, SPL-176365 Subsearch getting executed during summayId generation causing an additional run of the same subsearch
2019-10-02 SPL-172677, SPL-169114 LookupDataProvider warning correction in splunkd.log (with ES installed)
2019-09-22 SPL-173896, SPL-173452 search time increases exponentially or factorially with number of subsearches
2019-09-15 SPL-174872, SPL-173458 Crash from multisearch command causing splunkd to crash.
2019-09-13 SPL-176023, SPL-176244, SPL-176270 Lookup wildcards cannot match empty string
2019-09-06 SPL-172111, SPL-173339, SPL-176114 Real-Time Search Options Disabled for user role but still accessible in WebUI
2019-08-20 SPL-170402, SPL-171484, SPL-173962, SPL-175234 Sparkline in 7.2 in fast/smart mode does not work with table command in the search

Saved search, alerting, scheduling, and job management issues

Date resolved Issue number Description
2019-10-03 SPL-176558, SPL-173492 scheduled saved search delay significantly with with number of subsearches increasing
2019-09-06 SPL-175483, SPL-170981 Running jobs should not be marked as expired
2019-08-25 SPL-174885, SPL-173647 Search dispatched without all peers participating without having a message that not all peers were participating
2019-08-25 SPL-173808, SPL-171073 SHC Stop Executing DMA Searches

Charting, reporting, and visualization issues

Date resolved Issue number Description
2019-09-06 SPL-172111, SPL-173339, SPL-176114 Real-Time Search Options Disabled for user role but still accessible in WebUI

Data model and pivot issues

Date resolved Issue number Description
2019-08-25 SPL-173808, SPL-171073 SHC Stop Executing DMA Searches

Indexer and indexer clustering issues

Date resolved Issue number Description
2019-10-08 SPL-176164, SPL-168257 Indexers are flapping (up or pending) due to "non-streaming failure"
2019-08-29 SPL-170938, SPL-167708 Apply cluster bundle does not apply bundle to any indexers which are in progress of adding to cluster
2019-08-25 SPL-174885, SPL-173647 Search dispatched without all peers participating without having a message that not all peers were participating

Distributed search and search head clustering issues

Date resolved Issue number Description
2019-10-01 SPL-173768, SPL-174273, SPL-175412 phased_execution_mode=multithreaded causes overall search performance to decrease 20% - 25%, impacting mostly larger deployments having 3k+ indexers.
2019-08-25 SPL-175305, SPL-171401 KVstore out of Sync In Two Out Of Nine SHs
2019-08-25 SPL-173808, SPL-171073 SHC Stop Executing DMA Searches
2019-08-19 SPL-175009, SPL-145260 UI: Jobs Manager page still displaying supposedly deleted job
2019-08-18 SPL-169952, SPL-167421 the scheduled search "Bucket Copy Trigger" (aka Hadoop Data Roll) has stopped working properly.

Universal forwarder issues

Date resolved Issue number Description
2019-10-24 SPL-163851, SPL-166696 Bugcheck due to splunkdrv (WinRegMon driver)

Distributed deployment, forwarder, deployment server issues

Date resolved Issue number Description
2019-08-23 SPL-170151, SPL-173635, SPL-174532, SPL-175339 Deployment Server does not clean up previous bundles where app and bundle names do not match

Monitoring Console issues

Date resolved Issue number Description
2019-09-10 SPL-175397, SPL-173618 Servers with Custom groups in DMC are not saved to distsearch.conf
2019-08-20 SPL-161159, SPL-171211, SPL-174926, SPL-175193 DMC/MC (UI) - KV Store-> Instance -> 'Average Replication Lag' is removed. The user no longer will be able to see "Average Replication Lag' for each instance.

Splunk Web and interface issues

Date resolved Issue number Description
2019-10-03 SPL-173362, SPL-145572 Users can create Field Extractions in GUI which cannot be changed or deleted by Admin
2019-09-06 SPL-172111, SPL-173339, SPL-176114 Real-Time Search Options Disabled for user role but still accessible in WebUI

Windows-specific issues

Date resolved Issue number Description
2019-10-24 SPL-163851, SPL-166696 Bugcheck due to splunkdrv (WinRegMon driver)

REST, Simple XML, and Advanced XML issues

Date resolved Issue number Description
2019-10-03 SPL-173362, SPL-145572 Users can create Field Extractions in GUI which cannot be changed or deleted by Admin

Authentication and authorization issues

Date resolved Issue number Description
2019-09-06 SPL-172111, SPL-173339, SPL-176114 Real-Time Search Options Disabled for user role but still accessible in WebUI
2019-08-27 SPL-175248, SPL-168795 Unable to clear non-actionable messages requesting a splunkd restart from WebUI with sc_admin role

PDF issues

Date resolved Issue number Description
2019-09-06 SPL-175902, SPL-170982 Can not export pdf from dashboard when using wider time range

Admin and CLI issues

Date resolved Issue number Description
2019-09-11 SPL-176179, SPL-159600 Clone dialog in Searches, Reports, and Alerts manager page is listing internal apps as target
2019-08-20 SPL-166620, SPL-167267, SPL-175046 btool dumps : CountAccounter::CountAccounter(bool): Assertion `main_thread_created' failed (LDAP)
2019-08-19 SPL-175009, SPL-145260 UI: Jobs Manager page still displaying supposedly deleted job

Uncategorized issues

Date resolved Issue number Description
2019-10-08 SPL-171599, SPL-167453 Replicated bucket in indexer cluster is timestamped with earliest time 0 (January 1970) if its last slice is empty.
2019-10-08 SPL-174492, SPL-172641 regex_cpu_profiling not generating events on WIndows instance
2019-10-04 SPL-172790, SPL-173445 Host Field Is Not Applied While Searching Against Archived Buckets in Hadoop
2019-10-03 SPL-176537, SPL-174948 Indexers in Cluster having problems utilizing AWS storage gateway for cold storage
2019-10-03 SPL-175767, SPL-171220 Frequent restarting of real-time searches and bundle replication can cause memory growth in splunkd mothership
2019-10-03 SPL-172097, SPL-174799, SPL-175600 instrumentation IOStats in resource_usage.log is not being collected for some paths.
2019-09-16 SPL-171488, SPL-173258, SPL-173371 Very Frequent Error "Monotonic time source didn't increase; is it stuck?"
2019-09-12 SPL-175399, SPL-170416 Misleading error message when uploading a bundle via Deployer
2019-09-06 SPL-170099, SPL-170550, SPL-175617, SPL-175618, SPL-179439, SPL-179440 Indexers are crashing on merging thread with CowPipelineData::appendAndReset
2019-09-04 SPL-167631, SPL-171280, SPL-174529 ERROR HttpInputDataHandler - Parsing error : Incorrect index
2019-08-27 SPL-174903, SPL-168635 S2: Disabling index does not roll hot buckets prior to disabling the index preventing bucket upload
2019-08-26 SPL-175272, SPL-174634 $message$ token is not working for <fail> search event handler
Last modified on 11 February, 2021
PREVIOUS
Timestamp recognition of dates with two-digit years fails beginning January 1, 2020 		  NEXT
Deprecated features

This documentation applies to the following versions of Splunk® Enterprise: 7.2.9

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters