Fixed issues
Splunk Enterprise 9.1.0.2
Splunk Enterprise 9.1.0.2 was released on July 31, 2023. It delivers the update described in
https://advisory.splunk.com/advisories/SVD-2023-0606.
Splunk Enterprise 9.1.0.1
Splunk Enterprise 9.1.0.1 was released on July 6, 2023. This release fixes the following issue:
| Date filed
|
Issue number
|
Description
|
| 2023-06-08 |
SPL-240758, SPL-241690, SPL-241691, SPL-241704, SPL-241705, SPL-241706 |
"File Integrity checks found 4281 files that did not match the system-provided manifest." shows in message but does not appear in the "Integrity Check of Installed Files" dashboard.
Workaround:
Clear the notification to dismiss the error and it will not appear again.
|
Splunk Enterprise 9.1.0
Splunk Enterprise 9.1.0 was released on June 28, 2023. This release includes fixes for the following issues.
Issues are listed in all relevant sections. Some issues might appear more than once.
Data input issues
| Date resolved
|
Issue number
|
Description
|
| 2023-04-12 |
SPL-235416 |
Case sensitive sourcetypes in Ingest Actions UI preview won't fetch results
|
Search issues
| Date resolved
|
Issue number
|
Description
|
| 2024-05-17 |
SPL-255737 |
Version 2 of the stats command can't distinguish prestats and non-prestats data in summary index at the event level.
|
| 2023-05-05 |
SPL-239409 |
The 'sendemail' command no longer honors the field order from search results
|
| 2023-01-24 |
SPL-227018, SPL-241609, SPL-242656 |
In rare cases in some buckets, searches can return some empty field values or missing events for indexed fields when the bucket contains small metadata files (between 4-8KB) leading to "not all cwpairs were found" in search.log
|
| 2022-11-11 |
SPL-232477, SPL-224816 |
Transparent mode tstats with prestats and no reporting commands show timeline results
|
| 2022-11-09 |
SPL-224816, SPL-232036, SPL-232477 |
Standard mode federated searches of accelerated data models with 'tstats' fail or produce unexpected behavior when 'prestats=t'
|
| 2022-10-06 |
SPL-227547 |
Fix hash algorithm for numbers and handle hash collisions for lookups
|
| 2022-09-30 |
SPL-230091, SPL-231852 |
Search can use large amount of memory on large/malformed events that (look like) XML
|
| 2022-09-13 |
SPL-229278 |
Search crashes with "StatsBuffer found inconsistent row" after upgrading
|
| 2022-07-05 |
SPL-205436, SPL-208943 |
in batch mode, on distributed search, addtotals with wildcard that matches more than 50 fields populates the _time field with other field's value (like the sourcetype, index, splunk_server) for result above 50
|
| 2022-06-20 |
SPL-223897, SPL-226446, SPL-226447 |
Mstat breaks with multivalue "asset" dimension,
|
Federated search issues
| Date resolved
|
Issue number
|
Description
|
| 2023-05-04 |
SPL-239362, SPL-237883 |
Transparent Mode federated search - Using table and stats in the same federated search causes the search to return empty results , when run in smart or fast mode
|
| 2023-02-08 |
SPL-225826 |
Transparent mode federated searches over accelerated data model datasets cannot return remote results because their summaries are not present on the RSH
|
| 2022-11-11 |
SPL-232477, SPL-224816 |
Transparent mode tstats with prestats and no reporting commands show timeline results
|
| 2022-11-09 |
SPL-224816, SPL-232036, SPL-232477 |
Standard mode federated searches of accelerated data models with 'tstats' fail or produce unexpected behavior when 'prestats=t'
|
| 2022-05-12 |
SPL-220289, SPL-245017 |
Federated Search Transparent Mode: Commands that have subsearches like join and append may result in failures on RSH due to missing application context
|
Charting, reporting, and visualization issues
| Date resolved
|
Issue number
|
Description
|
| 2023-03-01 |
SPL-236548, SPL-237216, SPL-236740 |
SXML dashboards without the "version=" stanza in the search app may have <set>..</set> tags changed to <set /> when upgrading to 9.0.3 or 9.0.4
|
| 2023-02-27 |
SPL-234045 |
"Invalid value" for earliest/latest in time token in "Advanced" time range section
|
| 2023-01-31 |
SPL-235340 |
Overlapping UI elements in Dashboard Studio when global banner with hyperlink is used
|
| 2023-01-31 |
SPL-235420 |
Link to Dashboard show first 30 apps
|
| 2022-12-06 |
SPL-233133, SPL-223193 |
"Open in Search" function doesn't work with chained searches in Dashboard Studio when the time range depends on an input/token, showing error "Invalid earliest_time"
|
| 2022-12-05 |
SPL-231930, SPL-233667 |
Refresh not working as expected when chunking is used
|
| 2022-12-01 |
SPL-228658, SPL-236371, SCP-57718 |
"Down Arrow" for chart legend scrolling does not work
|
| 2022-11-15 |
SPL-231315, SPL-214759, SPL-232576 |
Custom VIZ - data chunk duplication
|
| 2022-11-14 |
SPL-231838 |
Form fieldset input choice strings are not localized
|
| 2022-10-19 |
SPL-230678 |
"Dashboard not found" error after changing permissions
|
| 2022-10-03 |
SPL-217434, SPL-230995, SPL-230996 |
custom viz never receive meta.data.done = true with base post search
|
| 2022-09-20 |
SPL-230171, SPL-230364, SPL-240369, SPL-232173 |
Charts not showing in SimpleXML dashboard PDF export
|
| 2022-05-25 |
SPL-221382 |
Map visualizations are not supported in Dashboard Studio export
|
| 2022-05-05 |
SPL-223193, SPL-233133 |
"Open in Search" function doesn't work with chained searches in Dashboard Studio when the time range depends on an input/token, showing error "Invalid earliest_time"
|
Distributed search and search head clustering issues
| Date resolved
|
Issue number
|
Description
|
| 2022-06-13 |
SPL-225573, SPL-225560 |
Can't work around slow failure issues in SHC proxied /search/jobs requests because timeouts are not configurable.
|
Indexer and indexer clustering issues
| Date resolved
|
Issue number
|
Description
|
| 2023-02-02 |
SPL-235074, SPL-207384 |
Searches return incomplete results during addPeer/BatchAdding after Cluster Manager restart.
|
| 2022-10-13 |
SPL-228672, SPL-231396 |
validation of bundle returns "restart required" always on any app when there is a password field with encrypted bundles
|
Universal forwarder issues
| Date resolved
|
Issue number
|
Description
|
| 2023-10-27 |
SPL-246145, SPL-233334 |
Warnings "user splunk does not exist" observed while installing rpm builds
|
| 2023-10-27 |
SPL-246143, SPL-233334 |
Warnings "user splunk does not exist" observed while installing rpm builds
|
| 2023-10-27 |
SPL-246256, SPL-233334 |
Warnings "user splunk does not exist" observed while installing rpm builds
|
| 2023-02-15 |
SPL-232028, SPL-236165, SPL-236166 |
Windows Defender logs stop being forwarded but other Winevent logs continue to forward until UF is restarted
|
| 2022-11-02 |
SPL-231793 |
Crashing in TcpOutEloop thread with assertion_failure="_refCount > 0"
|
Monitoring Console issues
| Date resolved
|
Issue number
|
Description
|
| 2022-10-31 |
SPL-223475, SPL-190358 |
Monitoring console Index Usage for maxTotalDataSizeMB does not handle SmartStore
|
Splunk Web and interface issues
| Date resolved
|
Issue number
|
Description
|
| 2023-05-23 |
SPL-239623, SPL-220440 |
Global banner with hyperlink breaks UI layout.
|
| 2022-11-14 |
SPL-231838 |
Form fieldset input choice strings are not localized
|
Windows-specific issues
| Date resolved
|
Issue number
|
Description
|
| 2023-02-15 |
SPL-232028, SPL-236165, SPL-236166 |
Windows Defender logs stop being forwarded but other Winevent logs continue to forward until UF is restarted
|
| 2023-01-05 |
SPL-233007, SPL-234066 |
KV Store fails to find the private key for a given certificate on Windows. It searches for -sslCertificateSelector subject=US
|
Uncategorized issues
| Date resolved
|
Issue number
|
Description
|
| 2023-09-18 |
SPL-233858 |
Splunk kernel drivers have expired on existing Windows installations
|
| 2023-01-10 |
SPL-233484 |
Crash on SplunkConfigChangeWatcherThread - Splunkd crashing while config_change_tracker enabled and file changes happen on a disabled app
|
| 2022-06-22 |
SPL-204428, SPL-203620 |
AWS SDK log messages should not be turned on for on-prem builds
|
| 2022-06-13 |
SPL-225531, SPL-225490 |
Splunk's REST API HTTP server can be blocked for long periods of time by internally proxied "/search/jobs" requests.
|
Download manual
Feedback submitted, thanks!