Splunk® Enterprise

Release Notes

Acrobat logo Download manual as PDF


Splunk Enterprise version 8.2 is no longer supported as of September 30, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Fixed issues

Splunk Enterprise 8.2.3.3

Splunk Enterprise 8.2.3.3 was released on December 17, 2021. This release includes version 2.16.0 of Apache Log4j to address the issues described in Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046).

Splunk Enterprise 8.2.3.2

Splunk Enterprise 8.2.3.2 was released on December 13, 2021. This release includes version 2.15.0 of Apache Log4j to address the issues described in Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046).


Splunk Enterprise 8.2.3

Splunk Enterprise 8.2.3 was released on October 25, 2021. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once.

Authentication and authorization issues

Date resolved Issue number Description
2021-10-07 SPL-213029, SPL-206833 ProxySSO broken on SH cluster after upgrading Splunk from 7.2.5 to 8.0.7. Web browser shows Bad request, HTTP Request was malformed.
2021-09-30 SPL-211028, SPL-212926 user not owning alert cannot remove triggered events (despite having r/w permissions)

Upgrade issues

Date resolved Issue number Description
2021-09-14 SPL-211749, SPL-207550 On linux, Splunk fails to start post install if a Dynatrace Agent exists
2021-09-13 SPL-212028 Upgrading Splunk Enterprise from 8.1.5 to 8.2.x fails on Windows

Data input issues

Date resolved Issue number Description
2021-10-05 SPL-213306, SPL-210455 Splunk 7.3.4 perfmon input recording impossible values
2021-09-17 SPL-210525, SPL-210809, SPL-211741, SPL-212006 splunkd crashing - thread: archivereader

Search issues

Date resolved Issue number Description
2021-10-06 SPL-211322, SPL-212246, SPL-212946, SPL-212947 search for timeformat=%Y-%m-%d returns error message on some instances of Splunk
2021-10-06 SPL-213154, SPL-207491 Avoid reloading lookup table
2021-10-05 SPL-208409, SPL-211434, SPL-212784 Different results are returned when pivot command includes FILTER with and without "spaces" in between the fields
2021-10-05 SPL-209823, SPL-212344, SPL-212343, SPL-212345 In 8.2 strftime(_time, "%Ez") returns incorrect output
2021-09-17 SPL-210417, SPL-194491, SPL-211694, SPL-211695 Spec file changes for Transforms.conf ? case_sensitive_match ?
2021-09-17 SPL-211742, SPL-209159 Search head crash on GenerationGrabberThread
2021-09-14 SPL-210674, SPL-211145, SPL-211146 Zero length content in double quotes for NOT search incorrectly excludes fields which contain values.
2021-09-09 SPL-205621, SPL-197309 asset_by_cidr running before asset_by_str intermittently causing incorrect src_category to be applied to some events
2021-08-25 SPL-209599, SPL-210072, SPL-228782, SPL-210070 Searches with hundreds of search commands can crash the main Splunk server, add explicit limit of 340 commands to prevent that.
2021-08-24 SPL-210554, SPL-204074 ERROR HTTPClient - Should have received at least 3 tokens in status line, while getting response code. Only got 0.
2021-08-04 SPL-208941 After upgrade to 8.2.1 every search with | timechart exactperc90 aggregation crashes

Saved search, alerting, scheduling, and job management issues

Date resolved Issue number Description
2021-09-30 SPL-211028, SPL-212926 user not owning alert cannot remove triggered events (despite having r/w permissions)
2021-08-24 SPL-210554, SPL-204074 ERROR HTTPClient - Should have received at least 3 tokens in status line, while getting response code. Only got 0.

Charting, reporting, and visualization issues

Date resolved Issue number Description
2021-08-04 SPL-208941 After upgrade to 8.2.1 every search with | timechart exactperc90 aggregation crashes

Data model and pivot issues

Date resolved Issue number Description
2021-10-05 SPL-208409, SPL-211434, SPL-212784 Different results are returned when pivot command includes FILTER with and without "spaces" in between the fields

Distributed search and search head clustering issues

Date resolved Issue number Description
2022-02-17 SPL-208259, SPL-210931, SPL-211811 splunk_essentials_8_2 app, part of Splunk Enterprise 8.2, is removed by deployer bundle pushes in an SHC, resulting in checksum validation failures.

Universal forwarder issues

Date resolved Issue number Description
2021-09-23 SPL-211911, SPL-210684 AIX UF not able to ingest json files after upgrade to 8.2.x

Distributed deployment, forwarder, deployment server issues

Date resolved Issue number Description
2021-09-14 SPL-211749, SPL-207550 On linux, Splunk fails to start post install if a Dynatrace Agent exists

Monitoring Console issues

Date resolved Issue number Description
2021-09-07 SPL-208937 Health Feature TCPOutAutoLB-0 reporting warnings post IDX reduction

Splunk Web and interface issues

Date resolved Issue number Description
2021-10-07 SPL-213029, SPL-206833 ProxySSO broken on SH cluster after upgrading Splunk from 7.2.5 to 8.0.7. Web browser shows Bad request, HTTP Request was malformed.

Windows-specific issues

Date resolved Issue number Description
2021-09-13 SPL-212028 Upgrading Splunk Enterprise from 8.1.5 to 8.2.x fails on Windows

REST, Simple XML, and Advanced XML issues

Date resolved Issue number Description
2021-09-08 SPL-211259, SPL-208295 Can't reassign objects with colons on All Configurations page

Admin and CLI issues

Date resolved Issue number Description
2021-09-08 SPL-211259, SPL-208295 Can't reassign objects with colons on All Configurations page

Uncategorized issues

Date resolved Issue number Description
2021-09-28 SPL-211787, SPL-210383 Search Head Clustering: Status and Configuration, Snapshots, Search Concurrency (Running Limit), metrics definitions unreadable after upgrade to 8.2.1
2021-09-28 SPL-210059, SPL-211301, SPL-212411 Unable to search hadoop archived data on S3 after upgrading Splunk Enterprise from 7.3.1 via 8.1.4 to Splunk 8.2.0 Upgrading apache Hadoop from 2.7.7 to 3.2.1
2021-09-21 SPL-212063, SPL-207198 transforms.conf regex for multi-line event with REPEAT_MATCH set to true causes crash
2021-09-21 SPL-204668, SPL-203922 Admission rule search_time_range=alltime does not respect time modifiers in search query and will filter all searches done via API
2021-08-24 SPL-210528, SPL-208338 When using a License Manager that has both ITSI and Hunk license installed, all connected Splunk instances are showing Hunk branding
Last modified on 08 February, 2023
PREVIOUS
Field alias behavior change 		  NEXT
Deprecated and removed in version 8.2

This documentation applies to the following versions of Splunk® Enterprise: 8.2.3

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters