Fixed issues
Splunk Enterprise 8.2.3.3
Splunk Enterprise 8.2.3.3 was released on December 17, 2021. This release includes version 2.16.0 of Apache Log4j to address the issues described in Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046).
Splunk Enterprise 8.2.3.2
Splunk Enterprise 8.2.3.2 was released on December 13, 2021. This release includes version 2.15.0 of Apache Log4j to address the issues described in Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046).
Splunk Enterprise 8.2.3
Splunk Enterprise 8.2.3 was released on October 25, 2021. This release includes fixes for the following issues.
Issues are listed in all relevant sections. Some issues might appear more than once.
Authentication and authorization issues
Date resolved
|
Issue number
|
Description
|
2021-10-07 |
SPL-213029, SPL-206833 |
ProxySSO broken on SH cluster after upgrading Splunk from 7.2.5 to 8.0.7. Web browser shows Bad request, HTTP Request was malformed.
|
2021-09-30 |
SPL-211028, SPL-212926 |
user not owning alert cannot remove triggered events (despite having r/w permissions)
|
Upgrade issues
Date resolved
|
Issue number
|
Description
|
2021-09-14 |
SPL-211749, SPL-207550 |
On linux, Splunk fails to start post install if a Dynatrace Agent exists
|
2021-09-13 |
SPL-212028 |
Upgrading Splunk Enterprise from 8.1.5 to 8.2.x fails on Windows
|
Data input issues
Date resolved
|
Issue number
|
Description
|
2021-10-05 |
SPL-213306, SPL-210455 |
Splunk 7.3.4 perfmon input recording impossible values
|
2021-09-17 |
SPL-210525, SPL-210809, SPL-211741, SPL-212006 |
splunkd crashing - thread: archivereader
|
Search issues
Date resolved
|
Issue number
|
Description
|
2021-10-06 |
SPL-211322, SPL-212246, SPL-212946, SPL-212947 |
search for timeformat=%Y-%m-%d returns error message on some instances of Splunk
|
2021-10-06 |
SPL-213154, SPL-207491 |
Avoid reloading lookup table
|
2021-10-05 |
SPL-208409, SPL-211434, SPL-212784 |
Different results are returned when pivot command includes FILTER with and without "spaces" in between the fields
|
2021-10-05 |
SPL-209823, SPL-212344, SPL-212343, SPL-212345 |
In 8.2 strftime(_time, "%Ez") returns incorrect output
|
2021-09-17 |
SPL-210417, SPL-194491, SPL-211694, SPL-211695 |
Spec file changes for Transforms.conf ? case_sensitive_match ?
|
2021-09-17 |
SPL-211742, SPL-209159 |
Search head crash on GenerationGrabberThread
|
2021-09-14 |
SPL-210674, SPL-211145, SPL-211146 |
Zero length content in double quotes for NOT search incorrectly excludes fields which contain values.
|
2021-09-09 |
SPL-205621, SPL-197309 |
asset_by_cidr running before asset_by_str intermittently causing incorrect src_category to be applied to some events
|
2021-08-25 |
SPL-209599, SPL-210072, SPL-228782, SPL-210070 |
Searches with hundreds of search commands can crash the main Splunk server, add explicit limit of 340 commands to prevent that.
|
2021-08-24 |
SPL-210554, SPL-204074 |
ERROR HTTPClient - Should have received at least 3 tokens in status line, while getting response code. Only got 0.
|
2021-08-04 |
SPL-208941 |
After upgrade to 8.2.1 every search with | timechart exactperc90 aggregation crashes
|
Saved search, alerting, scheduling, and job management issues
Date resolved
|
Issue number
|
Description
|
2021-09-30 |
SPL-211028, SPL-212926 |
user not owning alert cannot remove triggered events (despite having r/w permissions)
|
2021-08-24 |
SPL-210554, SPL-204074 |
ERROR HTTPClient - Should have received at least 3 tokens in status line, while getting response code. Only got 0.
|
Charting, reporting, and visualization issues
Date resolved
|
Issue number
|
Description
|
2021-08-04 |
SPL-208941 |
After upgrade to 8.2.1 every search with | timechart exactperc90 aggregation crashes
|
Data model and pivot issues
Date resolved
|
Issue number
|
Description
|
2021-10-05 |
SPL-208409, SPL-211434, SPL-212784 |
Different results are returned when pivot command includes FILTER with and without "spaces" in between the fields
|
Distributed search and search head clustering issues
Date resolved
|
Issue number
|
Description
|
2022-02-17 |
SPL-208259, SPL-210931, SPL-211811 |
splunk_essentials_8_2 app, part of Splunk Enterprise 8.2, is removed by deployer bundle pushes in an SHC, resulting in checksum validation failures.
|
Universal forwarder issues
Date resolved
|
Issue number
|
Description
|
2021-09-23 |
SPL-211911, SPL-210684 |
AIX UF not able to ingest json files after upgrade to 8.2.x
|
Distributed deployment, forwarder, deployment server issues
Date resolved
|
Issue number
|
Description
|
2021-09-14 |
SPL-211749, SPL-207550 |
On linux, Splunk fails to start post install if a Dynatrace Agent exists
|
Monitoring Console issues
Date resolved
|
Issue number
|
Description
|
2021-09-07 |
SPL-208937 |
Health Feature TCPOutAutoLB-0 reporting warnings post IDX reduction
|
Splunk Web and interface issues
Date resolved
|
Issue number
|
Description
|
2021-10-07 |
SPL-213029, SPL-206833 |
ProxySSO broken on SH cluster after upgrading Splunk from 7.2.5 to 8.0.7. Web browser shows Bad request, HTTP Request was malformed.
|
Windows-specific issues
Date resolved
|
Issue number
|
Description
|
2021-09-13 |
SPL-212028 |
Upgrading Splunk Enterprise from 8.1.5 to 8.2.x fails on Windows
|
REST, Simple XML, and Advanced XML issues
Date resolved
|
Issue number
|
Description
|
2021-09-08 |
SPL-211259, SPL-208295 |
Can't reassign objects with colons on All Configurations page
|
Admin and CLI issues
Date resolved
|
Issue number
|
Description
|
2021-09-08 |
SPL-211259, SPL-208295 |
Can't reassign objects with colons on All Configurations page
|
Uncategorized issues
Date resolved
|
Issue number
|
Description
|
2021-09-28 |
SPL-211787, SPL-210383 |
Search Head Clustering: Status and Configuration, Snapshots, Search Concurrency (Running Limit), metrics definitions unreadable after upgrade to 8.2.1
|
2021-09-28 |
SPL-210059, SPL-211301, SPL-212411 |
Unable to search hadoop archived data on S3 after upgrading Splunk Enterprise from 7.3.1 via 8.1.4 to Splunk 8.2.0 Upgrading apache Hadoop from 2.7.7 to 3.2.1
|
2021-09-21 |
SPL-212063, SPL-207198 |
transforms.conf regex for multi-line event with REPEAT_MATCH set to true causes crash
|
2021-09-21 |
SPL-204668, SPL-203922 |
Admission rule search_time_range=alltime does not respect time modifiers in search query and will filter all searches done via API
|
2021-08-24 |
SPL-210528, SPL-208338 |
When using a License Manager that has both ITSI and Hunk license installed, all connected Splunk instances are showing Hunk branding
|
Feedback submitted, thanks!