Splunk® Enterprise

Release Notes

Splunk Enterprise version 7.3 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Fixed issues

Splunk Enterprise 7.3.0 was released on June 4, 2019. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.

Authentication and authorization issues

Date resolved Issue number Description
2019-03-11 SPL-123301, SPL-95164, SPL-167968 Aggressive calls to LDAP for non-existent/inactive users causes slow logins, performance issues/ skipped searches/ indexing pause
2019-03-08 SPL-167034, SPL-154382 Role Capability To See Indexes for Summary Indexing Gives Role Index Edit Ability
2018-11-07 SPL-161688, SPL-159552 SAML - "role" not parsing comma separated list

Data input issues

Date resolved Issue number Description
2018-09-11 SPL-143236 Custom sourcetype is not displayed on sourcetype menu

Search issues

Date resolved Issue number Description
2019-05-09 SPL-160881, SPL-161173, SPL-161174, SPL-170371, SPL-170372 eventstats on an event search can create duplicate events in some scenarios
2019-02-27 SPL-162655, SPL-164505 Add ASNEW keyword to FIELDALIAS to support non-overriding version of aliasing
2019-02-13 SPL-163932, SPL-164894 Disabling case_sensitive_match in transforms.conf not working for WILDCARD type lookups
2019-02-01 SPL-155648, SPL-169611, SPL-169612, SPL-185656 New phased_execution_mode is spawning extra processes for custom search commands
2019-01-30 SPL-163006 Bug in an Error message for SearchProcessMemoryTracker for killed job (swapped values)
2019-01-24 SPL-164718, SPL-165363, SPL-166562 limits.conf "phased_execution_mode = singlethreaded" causes issue with field ordering, for example _time showing in legend for a | timechart
2019-01-17 SPL-164112 Characters with accents not substituting properly with sed mode
2018-12-18 SPL-163825, SPL-153566, SPL-164144, SPL-164145, SPL-164146 Search process management may fail on race conditions resulting in spurious status as in SPL-152541.
2018-12-04 SPL-163319, ITSI-3045, SPL-163454 Despite the forceCsvResults parameter not existing in the configuration for a saved search with summary indexing enabled, the summarized data is improperly populated with this parameter.
2018-12-03 SPL-162339 Duplicate fields defined in |table or |fields command causes incorrect data to be assigned to a field in the Statistics tab
2018-11-20 SPL-162433, SPL-163887, SPL-163888 Precision may be truncated in accum, addtotals, addcoltotals commands based on event ordering
2018-11-07 SPL-162294, SPL-162500, SPL-162506 File-based lookup performance has dropped after upgrading from version 7.1- to 7.2/7.2.1 with very high cardinality lookups
2018-10-11 SPL-156141, SPL-146147 Search crashes when using lookup tables that are frequently updated

Saved search, alerting, scheduling, and job management issues

Date resolved Issue number Description
2019-01-08 SPL-164210, SPL-164242 A search scheduled to run monthly or weekly may run daily. "Next Scheduled Time" is incorrect due to cron parsing issue
2019-01-02 SPL-161721, SPL-157118 invisible datamodels /data/models/._*.json files are causing the manager to fail finding the datamodel definition
2018-12-04 SPL-163319, ITSI-3045, SPL-163454 Despite the forceCsvResults parameter not existing in the configuration for a saved search with summary indexing enabled, the summarized data is improperly populated with this parameter.

Data model and pivot issues

Date resolved Issue number Description
2019-01-02 SPL-161721, SPL-157118 invisible datamodels /data/models/._*.json files are causing the manager to fail finding the datamodel definition

Indexer and indexer clustering issues

Date resolved Issue number Description
2019-03-22 SPL-152168 Batch-mode retry can return more or less events than it should due to reordering from thread pool processing.
2018-11-30 SPL-156164, SPL-162309, SPL-162310, SPL-162311 Shutdown sequence does not begin after master has instructed peer to restart during rolling restart phase of a bundle push

Distributed search and search head clustering issues

Date resolved Issue number Description
2019-02-15 SPL-159461, SPL-159052 SH is not making use of the latest bundle info from the indexer, during the bundle replication.

Data Fabric Search issues

Date resolved Issue number Description
2019-03-08 SPL-158950 Federated searches auto-cancel if the remote deployment is DFS. Thus, the dfsjob command cannot be used in federated search.
2018-12-12 SPL-157613 A DFS search using the join command does notreturn the same event count as a standard searchbecause the default value for the "max" join optionis set to 1.

Splunk Web and interface issues

Date resolved Issue number Description
2018-10-22 SPL-145546, SPL-154871, SPL-161441, SPL-161442, SPL-161629, SPL-162435, SPL-156316 When assigning indexes to roles, indexes defined on the indexer tier are not displayed

Windows-specific issues

Date resolved Issue number Description
2019-05-02 SPL-169289, SPL-155149 Registry changes under SYSTEM\CurrentControlSet are not being read by WinRegMon
2019-02-06 SPL-152109, SPL-166104, SPL-166108 Windows Security Events getting truncated and missed with multiple blacklists.
2019-02-04 SPL-162659, SPL-80589 On Windows Server 2012 and Server 2012 R2, an external bug causes the %_Processor_Time counter to display 100 for multiple processes, even when the number of available CPU cores precludes that possibility.
2018-10-18 SPL-160391, SPL-158197 splunk-regmon - failed to start the driver due to permission issue

Admin and CLI issues

Date resolved Issue number Description
2019-02-27 SPL-162655, SPL-164505 Add ASNEW keyword to FIELDALIAS to support non-overriding version of aliasing

Uncategorized issues

Date resolved Issue number Description
2019-05-13 SPL-164837 'enable boot-start' should handle group ownership with systemd
2019-03-15 SPL-167179, SPL-164859 Error in 'summaryindex' command: You have insufficient privileges to run this command.
2019-02-15 SPL-162894 Abrupt termination of s2s client application using old s2s protocol can cause resource (memory) leak
2018-06-29 SPL-131164 Upgrade Causing Indexing Queue to Block 6.4 to 6.5 due to ldap authentication on indexers.
Last modified on 09 February, 2022
Timestamp recognition of dates with two-digit years fails beginning January 1, 2020   Deprecated and removed in version 7.3

This documentation applies to the following versions of Splunk® Enterprise: 7.3.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters