Fixed issues
Splunk Enterprise 9.4.1 was released on January 26, 2025. This release includes fixes for the following issues.
Issues are listed in all relevant sections. Some issues might appear more than once.
Charting, reporting, and visualization issues
| Date resolved | Issue number | Description |
|---|---|---|
| 2024-11-18 | SPL-265872, SPL-265697 | Studio web vitals data telemetry is logging PII via urls |
Universal forwarder issues
| Date resolved | Issue number | Description |
|---|---|---|
| 2024-11-20 | SPL-265908, SPL-254532 | UF 9.1.2 Windows Security events stop forwarding when Windows event log service is restarted |
| 2024-11-19 | SPL-265068, SPL-266372, SPL-266374, SPL-266375, SPL-266377 | UF Windows installer re-grant user privileges during upgrade |
| 2024-11-06 | SPL-265633, SPL-265630 | Windows Universal Forwarder high cpu where Splunk user does not have read access to all of the files in the monitored directory |
| 2024-11-06 | SPL-259202, SPL-265630 | Windows Universal Forwarder high cpu where Splunk user does not have read access to all of the files in the monitored directory |
Windows-specific issues
| Date resolved | Issue number | Description |
|---|---|---|
| 2024-11-08 | SPL-265859, SPL-265863, SPL-265864, SPL-265865, SPL-265866 | A missing CloseHandle() can lead to memory leaks |
| 2024-11-06 | SPL-259217, SPL-265734, SPL-265735, SPL-265736, SPL-265737 | Denylist is not working (blacklist1 = EventCode="4662" Message="Account Name:(?!\s*admin1)") |
| 2024-11-06 | SPL-259202, SPL-265630 | Windows Universal Forwarder high cpu where Splunk user does not have read access to all of the files in the monitored directory |
Last modified on 26 February, 2025
| Field alias behavior change | Deprecated and removed in version 9.4 |
This documentation applies to the following versions of Splunk® Enterprise: 9.4.1
Download manual
Feedback submitted, thanks!