Splunk Stream

Release Notes

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Known issues

Known issues in Splunk App for Stream 6.2.2:

Publication date Defect number Description
2015-11-16 STREAM-2532 Stream events are timestamped with index time in distributed Splunk Enterprise environment.
2015-10-21 STREAM-2285 streamfwd does not keep track of bytes/events count.
2015-10-21 STREAM-2277 Back button does not show warning for unsaved changes. This can cause you to lose edits when modifying a stream.
2015-10-21 STREAM-2268 imap "password" field is missing.
2015-10-21 STREAM-2262 Aggregated streams don't emit "endtime field.
2015-10-21 STREAM-2259 Saving stream with addToDefaultGroup=false fails.
2015-10-21 STREAM-2230 Stream events are not accurately timestamped.
2015-10-21 STREAM-2229 DNS query types do not resolve to their respective names.
2015-10-21 STREAM-2222 Stream tries to open pcap adapter on inactive interface.
2015-10-21 STREAM-2193 The stream id (labeled 'Name' in the Configure Streams UI) is case sensitive. This lets you create a stream with the same name as a default stream, for example, id "HTTP", which you can confuse with the default stream id "http."
2015-10-21 STREAM-2190 Stream Forwarder skips IP packets with zero length (ip.len==0) in the IP header.
2015-10-21 STREAM-2183 request_time, reply_time, and response_time flow metrics are not populated for all protocols.
2015-10-21 STREAM-2179 Sparkline in Configure Streams UI under certain circumstances incorrectly shows zero traffic volume for protocols.
2015-10-21 STREAM-2169 SSL key stored in local/directory.
2015-10-21 STREAM-2156 streamfwd process may exhibit unbounded memory growth when running on Splunk Universal Forwarder instance that is unable to forward events, most commonly because of incorrect tcpout parameters in outputs.conf configuration.
2015-10-21 STREAM-2097 The default bitrate is unlimited when reading pcap files from the command line. This causes "Event Queue Overlow" errors if the pcap file contains more than 10,000 events (the MaxEventQueue size).
2015-10-21 STREAM-2089 When modifying the regex rule for an existing Distributed Forwarder Management (DFM) group, the DFM UI does not update properly.
2015-10-21 STREAM-1956 When Stream Examples App is installed with Splunk App for Stream, switching between "Estimate" (Stat only) mode and "Enable" mode opens the wrong modal.
2015-10-21 STREAM-1873 Some SMB events trigger off the MaxEventAttributes stop limit, which causes repetitive attributes/multiple events to pile up in SMB protocol events.
2015-10-21 STREAM-1848 Typo in error message that appears when cloning a stream with a duplicate ID of the existing protocol.
2015-10-21 STREAM-1834 Inefficient captured packet queueing.
2015-08-07 STREAM-2190 SDSSL skips IP packets with zero length (ip.len==0) in the IP header.
2015-08-07 STREAM-2156 SplunkLogAppender continues to add log queue events, even after the splunkd mod input's stdout forwarding buffer is full and streamfwd starts to drop events. Adding log events after event delivery is completely blocked can cause unbounded memory growth over time.
2015-06-12 STREAM-1932 RADIUS AVP field is missing "Acct-Input-Octets" and "Acct-Output-Octets" attributes.
2015-06-12 STREAM-1870 DNS protocol does not recognize RFC 1886 extension (AAAA) query type.
2015-03-04 STREAM-1785 stream:log and stream:stats events have incorrect timestamp.
2015-03-04 STREAM-1708 TNS traffic does not include INSERT statements.
2015-03-04 STREAM-1595 Some comparison fields of the filter do not appear in the UI.
2015-03-04 STREAM-1565 SMTP does not extract multiple recipients properly when there is more than one recipient contained in the email.
2015-03-04 STREAM-1312 Stream represents multi-part MIME messages incorrectly.
2015-03-04 STREAM-1311 Stream does not consistently merge attributes extracted in chunks into a single term value.
Last modified on 03 December, 2015
  Fixed Issues

This documentation applies to the following versions of Splunk Stream: 6.2.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters