Splunk® Enterprise

Release Notes

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Fixed issues

Splunk Enterprise 8.2.4 was released on December 21, 2021. This release includes version 2.16.0 of Apache Log4j to address the issues described in Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046).

This release also includes fixes for the following issues. Issues are listed in all relevant sections. Some issues might appear more than once.

Data input issues

Date resolved Issue number Description
2021-11-19 SPL-213290, SPL-209519 8.2.x dedicatedIOthreads is not respected, causing HEC performance problems

Search issues

Date resolved Issue number Description
2021-12-01 SPL-213173 Search process crashes at BatchSearch and RunDispatch after upgrade .
2021-11-03 SPL-213808, SPL-213975, SPL-214217, SPL-214221 Search process crashing on thread phase1 when performing eval on multivalue field (startSetMultiValWithDelim)
2021-11-03 SPL-213714, SPL-214178 Splunk crashes with "Assertion `components == StatsConstants::SparklineArg' failed."
2021-10-22 SPL-206635, SPL-210969 tstats "fillnull_value" only works for results from tsidx (accelerated DM) but not from unaccelerated results (fallback search)

Indexer and indexer clustering issues

Date resolved Issue number Description
2021-12-30 SPL-214933, SPL-215394 Cluster Manager with `rolling_restart=searchable` crashes when peer with different bundle is added.
2021-11-22 SPL-213903, SPL-206510 CM issues fixup tasks for "frozen in cluster" clustered buckets
2021-11-12 SPL-214177, SPL-208136 Multisite indexer cluster - duplicated events returned when using assign_primaries_to_all_sites=false

Distributed search and search head clustering issues

Date resolved Issue number Description
2021-11-12 SPL-214177, SPL-208136 Multisite indexer cluster - duplicated events returned when using assign_primaries_to_all_sites=false

Monitoring Console issues

Date resolved Issue number Description
2021-11-17 SPL-214379, SPL-215268, SPL-215269 The Bucket Health Report can inherit the severity from another index, and misreport the severity for a different index

REST, Simple XML, and Advanced XML issues

Date resolved Issue number Description
2021-11-17 SPL-214286, SPL-213950 EPS drops after upgrade as a result of default 50k export cap in limits.conf

Admin and CLI issues

Date resolved Issue number Description
2021-11-16 SPL-210691, SPL-213807 cli-command-completion.sh fails with error and breaks splunk command auto-completion

Uncategorized issues

Date resolved Issue number Description
2021-11-17 SPL-208777, SPL-209630 Splunk 8.2 fails to run scheduled searches to populate summary indexes due to StatsFileWriterLz4 file open failed
Last modified on 20 January, 2022
PREVIOUS
Timestamp recognition of dates with two-digit years fails beginning January 1, 2020
  NEXT
Deprecated and removed in version 8.2

This documentation applies to the following versions of Splunk® Enterprise: 8.2.4


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters