Fixed issues
Splunk Enterprise 7.3.3 was released on November 18, 2019. This release includes fixes for the following issues.
Issues are listed in all relevant sections. Some issues might appear more than once. To check for additional security issues related to this release, visit the Splunk Security Portal.
Authentication and authorization issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-09 |
SPL-177706, SPL-174145 |
CSRF token failure on timeout, multiple browser tabs constantly reauthenticating
|
| 2019-09-26 |
SPL-172753, SPL-172789 |
Index Selection for roles only shows 100 indexes
|
| 2019-09-12 |
SPL-176114, SPL-172111 |
Real-Time Search Options Disabled for user role but still accessible in WebUI
|
Data input issues
| Date resolved
|
Issue number
|
Description
|
| 2019-11-07 |
SPL-178915, SPL-171961 |
The datetime.xml timestamp recognition file does not recognize two-year dates after 2019 or Unix epoch-time seconds higher than 1599999999 (12:26:39 UTC 13 Sep 2020)
|
| 2019-10-23 |
SPL-175805, SPL-147902 |
(7.3.x) - Frequent renaming of splunkd.pid.tmp to splunkd.pid causing D state for process runner.
|
Search issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-29 |
SPL-177410, SPL-176123 |
Subsearch getting executed during summayId generation causing an additional run of the same subsearch
|
| 2019-10-28 |
SPL-171904, SPL-167934 |
Different Search Result Between 7.2.x and 6.6.x
|
| 2019-10-25 |
SPL-177850, SPL-164106 |
export results function in the UI produces "Invalid latest_time: latest_time must be after earliest_time" message
|
| 2019-10-22 |
SPL-177844, SPL-177971, SPL-178245, SPL-178625 |
"tostring" function doesn't add a leading zero when using the duration format in 7.2.x
|
| 2019-10-18 |
SPL-174005, SPL-182156, SPL-175325 |
Search crashes on indexer in ChunkedCSVLineReader::initReader due to empty kvstore lookup folder in the bundle
|
| 2019-10-03 |
SPL-176557, SPL-173492 |
scheduled saved search delay significantly with with number of subsearches increasing
|
| 2019-10-03 |
SPL-176357, SPL-172516 |
UI is showing the incorrect endTime for tstat search
|
| 2019-10-02 |
SPL-174221, SPL-173445 |
rest query that contains a NOT no longer works in 7.3.0 but worked in 7.2.5.1.
|
| 2019-10-01 |
SPL-176008, SPL-166728 |
Alert email spacing issue
|
| 2019-09-15 |
SPL-173895, SPL-173452 |
search time increases exponentially or factorially with number of subsearches
|
| 2019-09-15 |
SPL-176270, SPL-176023 |
Lookup wildcards cannot match empty string
|
| 2019-09-15 |
SPL-174871, SPL-173458 |
Crash from multisearch command causing splunkd to crash.
|
| 2019-09-12 |
SPL-176114, SPL-172111 |
Real-Time Search Options Disabled for user role but still accessible in WebUI
|
Saved search, alerting, scheduling, and job management issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-25 |
SPL-175380, SPL-175815, SPL-177312, SPL-177564 |
When alert condition is not met, scheduled searches are deferred, leading to skip searches
|
| 2019-10-18 |
SPL-176477, SPL-177264, SPL-177933 |
action.email.pdf.logo_path in savedsearches.conf doesn't work
|
| 2019-10-14 |
SPL-177868, SPL-175886 |
Creating report from alert also copies alert trigger condition settings
|
| 2019-10-10 |
SPL-169478, SPL-165259 |
Splunkd CMIndexID lock contention due to DispatchManager::getDiskUsage populating batch-retry map
|
| 2019-10-03 |
SPL-176557, SPL-173492 |
scheduled saved search delay significantly with with number of subsearches increasing
|
| 2019-10-01 |
SPL-176008, SPL-166728 |
Alert email spacing issue
|
| 2019-09-06 |
SPL-175484, SPL-170981 |
Running jobs should not be marked as expired
|
Charting, reporting, and visualization issues
| Date resolved
|
Issue number
|
Description
|
| 2019-09-12 |
SPL-176114, SPL-172111 |
Real-Time Search Options Disabled for user role but still accessible in WebUI
|
Indexer and indexer clustering issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-25 |
SPL-176730, SPL-172102 |
Real Time search does not warn about disconnected peers which may lead to incomplete search results
|
| 2019-10-08 |
SPL-176163, SPL-168257 |
Indexers are flapping (up or pending) due to "non-streaming failure"
|
Distributed search and search head clustering issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-25 |
SPL-177530, SPL-174796 |
dispatch folder with cancel file not getting reaped
|
| 2019-10-25 |
SPL-176730, SPL-172102 |
Real Time search does not warn about disconnected peers which may lead to incomplete search results
|
| 2019-10-24 |
SPL-178241, SPL-176796 |
Corrupted Raft entry files crashes SH instance node
|
| 2019-10-21 |
SPL-176036, SPL-160828 |
DistributedPeerManager::handleConflicts needs to be improved
|
| 2019-09-30 |
SPL-175412, SPL-173768 |
phased_execution_mode=multithreaded causes overall search performance to decrease 20% - 25%, impacting mostly larger deployments having 3k+ indexers.
|
Universal forwarder issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-21 |
SPL-177715, SPL-173094 |
driver certificates for splknetdrv, splunkdrv, SplunkMonitorNoHandleDrv are all showing as not valid / expired in Windows UF
|
Monitoring Console issues
| Date resolved
|
Issue number
|
Description
|
| 2019-09-11 |
SPL-175396, SPL-173618 |
Servers with Custom groups in DMC are not saved to distsearch.conf
|
Splunk Web and interface issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-01 |
SPL-176008, SPL-166728 |
Alert email spacing issue
|
| 2019-09-26 |
SPL-172753, SPL-172789 |
Index Selection for roles only shows 100 indexes
|
| 2019-09-24 |
SPL-176234, SPL-176350, SPL-176739 |
Lookup file Permissions displays the csv filename instead of app name
|
| 2019-09-12 |
SPL-176114, SPL-172111 |
Real-Time Search Options Disabled for user role but still accessible in WebUI
|
| 2019-09-06 |
SPL-175725, CV-462 |
Custom Visualizations Formatter Label Broken
|
PDF issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-23 |
SPL-175903, SPL-170982 |
Can not export pdf from dashboard when using wider time range
|
Admin and CLI issues
| Date resolved
|
Issue number
|
Description
|
| 2019-09-11 |
SPL-176180, SPL-159600 |
Clone dialog in Searches, Reports, and Alerts manager page is listing internal apps as target
|
Uncategorized issues
| Date resolved
|
Issue number
|
Description
|
| 2019-10-28 |
SPL-176491 |
sessions.py HTTPDate error following upgrade to 7.2.7 on Windows 2012
|
| 2019-10-24 |
SPL-166696, SPL-163851 |
Bugcheck due to splunkdrv (WinRegMon driver)
|
| 2019-10-24 |
SPL-175930, SPL-172448 |
Added UI message for "Failed to localize" in splunkd.log
|
| 2019-10-18 |
SPL-174494, SPL-172641 |
regex_cpu_profiling not generating events on WIndows instance
|
| 2019-10-18 |
SPL-176538, SPL-174948 |
Indexers in Cluster having problems utilizing AWS storage gateway for cold storage
|
| 2019-10-17 |
SPL-176190, SPL-176640, SPL-178138 |
Count option is not working when it is set with a token
|
| 2019-10-17 |
SPL-177659, SPL-177953, SPL-178124 |
Embedding base64 image in dashboard is not displayed
|
| 2019-10-03 |
SPL-175600, SPL-172097 |
instrumentation IOStats in resource_usage.log is not being collected for some paths.
|
| 2019-09-25 |
SPL-171600, SPL-167453 |
Replicated bucket in indexer cluster is timestamped with earliest time 0 (January 1970) if its last slice is empty.
|
| 2019-09-15 |
SPL-174902, SPL-168635 |
S2: Disabling index does not roll hot buckets prior to disabling the index preventing bucket upload
|
| 2019-09-11 |
SPL-175398, SPL-170416 |
Misleading error message when uploading a bundle via Deployer
|
| 2019-09-04 |
SPL-175768, SPL-171220 |
Frequent restarting of real-time searches and bundle replication can cause memory growth in splunkd mothership
|
| 2019-09-04 |
SPL-175617, SPL-170099 |
Indexers are crashing on merging thread with CowPipelineData::appendAndReset
|
| 2019-08-26 |
SPL-175273, SPL-174634 |
$message$ token is not working for <fail> search event handler
|
Download manual
Feedback submitted, thanks!