Splunk® Enterprise

Release Notes

Download manual as PDF

Download topic as PDF

Fixed issues

Splunk Enterprise 7.3.0 was released on June 4, 2019. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.

Data input issues

Date resolved Issue number Description
2019-02-06 SPL-152109, SPL-166104, SPL-166108 Windows Security Events getting truncated and missed with multiple blacklists.
2018-09-11 SPL-143236 Custom sourcetype is not displayed on sourcetype menu

Search issues

Date resolved Issue number Description
2019-05-09 SPL-160881, SPL-161173, SPL-161174, SPL-170371, SPL-170372 eventstats on an event search can create duplicate events in some scenarios
2019-02-27 SPL-162655, SPL-164505 Add ASNEW keyword to FIELDALIAS to support non-overriding version of aliasing
2019-02-13 SPL-163932, SPL-164894 Disabling case_sensitive_match in transforms.conf not working for WILDCARD type lookups
2019-02-01 SPL-155648, SPL-169611, SPL-169612 New phased_execution_mode is spawning extra processes for custom search commands
2019-01-30 SPL-163006 Bug in an Error message for SearchProcessMemoryTracker for killed job (swapped values)
2019-01-24 SPL-164718, SPL-165363, SPL-166562 limits.conf "phased_execution_mode = singlethreaded" causes issue with field ordering, for example _time showing in legend for a | timechart
2019-01-17 SPL-164112 Characters with accents not substituting properly with sed mode
2018-12-18 SPL-163825, SPL-153566, SPL-164144, SPL-164145, SPL-164146 Search process management may fail on race conditions resulting in spurious status as in SPL-152541.
2018-12-04 SPL-163319, ITSI-3045, SPL-163454 forceCsvResults parameter is improperly added to summary indexed data
2018-12-03 SPL-162339 Duplicate fields defined in |table or |fields command causes incorrect data to be assigned to a field in the Statistics tab
2018-11-20 SPL-162433, SPL-163887, SPL-163888 Precision may be truncated in accum, addtotals, addcoltotals commands based on event ordering
2018-11-07 SPL-162294, SPL-162500, SPL-162506 File-based lookup performance has dropped after upgrading from version 7.1- to 7.2/7.2.1 with very high cardinality lookups
2018-10-11 SPL-156141, SPL-146147 Search crashes when using lookup tables that are frequently updated

Saved search, alerting, scheduling, and job management issues

Date resolved Issue number Description
2019-01-08 SPL-164210, SPL-164242 A search scheduled to run monthly or weekly may run daily. "Next Scheduled Time" is incorrect due to cron parsing issue
2019-01-02 SPL-161721, SPL-157118 invisible datamodels /data/models/._*.json files are causing the manager to fail finding the datamodel definition
2018-12-04 SPL-163319, ITSI-3045, SPL-163454 forceCsvResults parameter is improperly added to summary indexed data

Data model and pivot issues

Date resolved Issue number Description
2019-01-02 SPL-161721, SPL-157118 invisible datamodels /data/models/._*.json files are causing the manager to fail finding the datamodel definition

Indexer and indexer clustering issues

Date resolved Issue number Description
2019-03-22 SPL-152168 Batch-mode retry can return more or less events than it should due to reordering from thread pool processing.
2018-11-30 SPL-156164, SPL-162309, SPL-162310, SPL-162311 Shutdown sequence does not begin after master has instructed peer to restart during rolling restart phase of a bundle push

Distributed search and search head clustering issues

Date resolved Issue number Description
2019-02-15 SPL-159461, SPL-159052 SH is not making use of the latest bundle info from the indexer, during the bundle replication.

Splunk Web and interface issues

Date resolved Issue number Description
2018-10-22 SPL-145546, SPL-154871, SPL-161441, SPL-161442, SPL-161629, SPL-162435, SPL-156316 When assigning indexes to roles, indexes defined on the indexer tier are not displayed

Windows-specific issues

Date resolved Issue number Description
2019-05-02 SPL-169289, SPL-155149 Registry changes under SYSTEM\CurrentControlSet are not being read by WinRegMon
2019-02-04 SPL-162659, SPL-80589 On Windows Server 2012 and Server 2012 R2, an external bug causes the %_Processor_Time counter to display 100 for multiple processes, even when the number of available CPU cores precludes that possibility.
2018-10-18 SPL-160391, SPL-158197 splunk-regmon - failed to start the driver due to permission issue

Authentication and Authorization issues

Date resolved Issue number Description
2019-03-11 SPL-123301, SPL-95164, SPL-167968 Aggressive calls to LDAP for non-existent/inactive users causes slow logins, performance issues/ skipped searches/ indexing pause
2019-03-08 SPL-167034, SPL-154382 Role Capability To See Indexes for Summary Indexing Gives Role Index Edit Ability
2018-11-07 SPL-161688, SPL-159552 SAML - "role" not parsing comma separated list

Admin and CLI issues

Date resolved Issue number Description
2019-02-27 SPL-162655, SPL-164505 Add ASNEW keyword to FIELDALIAS to support non-overriding version of aliasing

Uncategorized issues

Date resolved Issue number Description
2019-05-13 SPL-164837 'enable boot-start' should handle group ownership with systemd
2019-03-15 SPL-167179, SPL-164859 Error in 'summaryindex' command: You have insufficient privileges to run this command.
2019-02-15 SPL-162894 Abrupt termination of s2s client application using old s2s protocol can cause resource (memory) leak
2019-01-23 SPL-160037, FAST-11458, SPL-160858, SPL-160859, SPL-160860, INFRA-5076 Windows 2016 Standard blocked Splunk Enterprise 7.1.3 installation on a VM with BIOS UEFI mode enabled + Secure Boot enabled due to "A digitally signed driver is required"
PREVIOUS
Field alias behavior change
  NEXT
Deprecated and removed in version 7.3

This documentation applies to the following versions of Splunk® Enterprise: 7.3.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters