This documentation does not apply to the most recent version of Splunk Stream™.
For documentation on the most recent version, go to the latest release.
Fixed Issues
Fixed issues in Splunk App for Stream 6.1.0:
| Defect number | Description |
|---|---|
| STREAM-1443 | When upgrading from Stream 6.0.x to 6.1, stream configuration files in local/streams for built-in streams (such as http, tcp, etc.) might be in the unlocked state (locked:false). This causes the Aggregated check box and Delete button to appear in the Streams Config UI for the default stream. Because the aggregated function only works for clones of default streams, the aggregated function has no effect. Workaround: Click the Delete button to delete the Stream. This updates and locks the stream configuration file (locked:true) so that the Aggregated check box and Delete button do not appear in the Stream Config UI for that protocol.
|
| STREAM-1438 | The dssl session packet_time does not get updated as expected. This causes an incorrect value for the time_taken attribute.
|
| STREAM-1426 | Due to an invalid check for UDP header size, the app generates an invalid UDP packet, which causes the streamfwd binary to crash.
|
| STREAM-1421 | Tcp Reassemble Payload Size graph does not work with multiple processor threads. |
| STREAM-1409 | When user blacklists the specific IP address 173.255.123.123, an error appears stating the octet cannot be 255. |
| STREAM-1408 | User cannot modify XMPP protocol configuration due to absence of app=XMPP parameter. |
| STREAM-1400 | User can create a clone without a name, without error, but no stream appears. This produces a blank line in the Streams list upon Splunk restart. |
| STREAM-1397 | If you clone a stream without providing a description, a blank space appears in the Stream dropdown of the dialog box that opens when you click the "Clone Stream" button on the main Streams Config page. |
| STREAM-1369 | With ephemeral streams, using the stream name as sourcetype (sourcetype="protocol") breaks CIM mappings and causes searches to fail. Workaround: Use the revised syntax for source and sourcetype introduced in version 6.1. See About source and sourcetype syntax changes in 6.1.
|
| STREAM-1345 | Non-applicable flow terms (such as flow.protocol, flow.data-center-time, flow.ssl* and flow.rtt* ) appear in application-level vocabularies. |
| STREAM-1317 | In the Streams Config SMTP protocol UI, the "duration" field description incorrectly states "Duration of SMTP session in seconds." Should be microseconds. |
| STREAM-1297 | If you modify a built-in (default) stream, the stream displays as "CLONED" in the Streams Config UI. This enables the delete function, which in this case deletes the stream modifications and returns the stream to its original state. |
| STREAM-1294 | Missing events for IMAP protocol. |
| STREAM-1283 | Event reporting incorrect for POP3 protocol. |
| STREAM-1203 | Flow metrics calculations inaccurate for MAPI protocol. |
| STREAM-1185 | Stream might generates "empty" TCP flow events (sourcetype=stream:tcp) with bytes_in=0 bytes_out=0 packets_in=0 packets_out=0.
|
| STREAM-1181 | Missing events for Radius protocol. |
Last modified on 21 October, 2015
| Known issues | Credits |
This documentation applies to the following versions of Splunk Stream™: 6.1.0
Download manual
Feedback submitted, thanks!