This documentation does not apply to the most recent version of Splunk Stream™.
For documentation on the most recent version, go to the latest release.
Known issues
Known issues in Splunk App for Stream 6.1.0:
| Publication date | Defect number | Description |
|---|---|---|
| 2015-11-16 | STREAM-2532 | Stream events are timestamped with index time in distributed Splunk Enterprise environment. |
| 2015-10-21 | STREAM-2268 | imap "password" field is missing. |
| 2015-10-21 | STREAM-2262 | Aggregated streams don't emit "endtime field. |
| 2015-10-21 | STREAM-2259 | Saving stream with addToDefaultGroup=false fails. |
| 2015-10-21 | STREAM-2222 | Stream tries to open pcap adapter on inactive interface. |
| 2015-10-21 | STREAM-2193 | The stream id (labeled 'Name' in the Configure Streams UI) is case sensitive. This lets you create a stream with the same name as a default stream, for example, id "HTTP", which you can confuse with the default stream id "http." |
| 2015-10-21 | STREAM-2190 | Stream Forwarder skips IP packets with zero length (ip.len==0) in the IP header. |
| 2015-10-21 | STREAM-2183 | request_time, reply_time, and response_time flow metrics are not populated for all protocols. |
| 2015-10-21 | STREAM-2179 | Sparkline in Configure Streams UI under certain circumstances incorrectly shows zero traffic volume for protocols. |
| 2015-10-21 | STREAM-2169 | SSL key stored in local/directory. |
| 2015-10-21 | STREAM-2156 | streamfwd process may exhibit unbounded memory growth when running on Splunk Universal Forwarder instance that is unable to forward events, most commonly because of incorrect tcpout parameters in outputs.conf configuration.
|
| 2015-10-21 | STREAM-1834 | Inefficient captured packet queueing. |
| 2015-08-07 | STREAM-2190 | SDSSL skips IP packets with zero length (ip.len==0) in the IP header. |
| 2015-04-19 | STREAM-1913 | Splunkd does not reliably shut down streamfwd process. |
| 2015-04-19 | STREAM-1909 | SNMP events not returning key pieces of data due to lack of parsing from original binary format. |
| 2015-03-31 | STREAM-1864 | Incorrect multicast DNS request/response matching leads to unbounded event size build-up. |
| 2015-03-31 | STREAM-1846 | Dashboard searches fail for time periods greater than 60 minutes. |
| 2014-12-18 | STREAM-1589 | Some protocol events map to incorrect name. This occurs because Splunk_TA_stream 6.1.x reuses conflicting transforms.conf stanza names from Splunk_TA_nix.
|
| 2014-12-14 | STREAM-1550 | After manually deleting the splunk_app_stream and Splunk_TA_stream folders without stopping Splunk and then installing or upgrading the app, the Wire Data input stops working. Workaround: See this troubleshooting item.
|
| 2014-12-06 | STREAM-1532 | High DroppedPackets sniffer stats on Linux can manifest in high memory utilization, TCP overflows, and related issues.
|
| 2014-12-05 | STREAM-1527 | The filters dialog does not let you enter values when using Firefox browser on OSX. |
| 2014-12-05 | STREAM-1522 | Stream Forwarder (streamfwd) freezes when adding random IP address to blacklist.
|
| 2014-12-05 | STREAM-1495 | Splunk Web UI freezes and does not save entries when trying to save multiple IP addresses to Whitelist filter. |
| 2014-12-05 | STREAM-1489 | Configuration window for Blacklist and Whitelist filters disappears after entering approximately 25+ entries. |
| 2014-11-05 | STREAM-1482 | If you enable a protocol in the Streams Config UI without first enabling the Wire Data modular input in Setting > Data Inputs > Wire Data, that particular stream gets stuck in the "loading" state. |
| 2014-11-05 | STREAM-1467 | tag=instance is missing from TA_stream database events.
|
| 2014-11-06 | STREAM-1443 | When upgrading from Stream 6.0.x to 6.1, stream configuration files in local/streams for built-in streams (such as http, tcp, etc.) might be in the unlocked state (locked:false). This causes the Aggregated check box and Delete button to appear in the Streams Config UI for the default stream. Because the aggregated function only works for clones of default streams, the aggregated function has no effect. Workaround: Click the Delete button to delete the Stream. This updates and locks the stream configuration file (locked:true) so that the Aggregated check box and Delete button do not appear in the Stream Config UI for that protocol.
|
| 2014-11-05 | STREAM-1440 | The text flow in the Enable/Disable Stream confirmation dialog box is incorrect. |
| 2014-11-05 | STREAM-1436 | Two local streams with same ID should cause an error. Instead, only one stream is displayed, but it receives some attributes from the other stream. |
| 2014-10-30 | STREAM-1369 | With ephemeral streams, using the stream name as sourcetype (sourcetype="protocol") breaks CIM mappings and causes searches to fail. Workaround: Use the revised syntax for source and sourcetype introduced in version 6.1. See About source and sourcetype syntax changes in 6.1.
|
| 2014-10-30 | STREAM-1289 | "Hide credit card" feature does not allow custom configuration. |
| 2014-10-30 | STREAM-1282 | Unexplained "DPI error processing stream data" messages appear in streamfwd.log.
|
Last modified on 03 December, 2015
| New Features | Fixed Issues |
This documentation applies to the following versions of Splunk Stream™: 6.1.0
Download manual
Feedback submitted, thanks!