Known issues
Known issues in Splunk App for Stream 6.3.0:
Publication date | Defect number | Description |
---|---|---|
2015-11-16 | STREAM-2532 | Stream events are timestamped with index time in distributed Splunk Enterprise environment. |
2015-10-27 | STREAM-2512 | On El Capitan (OSX 10.11), Splunk_TA_stream folder is not created in etc/apps/ folder. |
2015-10-24 | STREAM-2446 | In the Distributed Forwarder Management UI, when you click Contains Streams > "more" for a particular group, the list of streams is not alphabetized. |
2015-10-21 | STREAM-2367 | Incorrect CIM mapping for DHCP data. |
2015-10-21 | STREAM-2285 | streamfwd does not keep track of bytes/events count.
|
2015-10-21 | STREAM-2277 | Back button does not show warning for unsaved changes. This can cause you to lose edits when modifying a stream. |
2015-10-21 | STREAM-2268 | imap "password" field is missing. |
2015-10-21 | STREAM-2262 | Aggregated streams don't emit "endtime field. |
2015-10-21 | STREAM-2259 | Saving stream with addToDefaultGroup=false fails. |
2015-10-21 | STREAM-2230 | Stream events are not accurately timestamped. |
2015-10-21 | STREAM-2229 | DNS query types do not resolve to their respective names. |
2015-10-21 | STREAM-2222 | Stream tries to open pcap adapter on inactive interface. |
2015-10-21 | STREAM-2193 | The stream id (labeled 'Name' in the Configure Streams UI) is case sensitive. This lets you create a stream with the same name as a default stream, for example, id "HTTP", which you can confuse with the default stream id "http." |
2015-10-21 | STREAM-2190 | Stream Forwarder skips IP packets with zero length (ip.len==0) in the IP header. |
2015-10-21 | STREAM-2183 | request_time, reply_time, and response_time flow metrics are not populated for all protocols. |
2015-10-21 | STREAM-2179 | Sparkline in Configure Streams UI under certain circumstances incorrectly shows zero traffic volume for protocols. |
2015-10-21 | STREAM-2169 | SSL key stored in local/directory. |
2015-10-21 | STREAM-2156 | streamfwd process may exhibit unbounded memory growth when running on Splunk Universal Forwarder instance that is unable to forward events, most commonly because of incorrect tcpout parameters in outputs.conf configuration.
|
2015-10-21 | STREAM-2097 | The default bitrate is unlimited when reading pcap files from the command line. This causes "Event Queue Overlow" errors if the pcap file contains more than 10,000 events (the MaxEventQueue size). |
2015-10-21 | STREAM-2089 | When modifying the regex rule for an existing Distributed Forwarder Management (DFM) group, the DFM UI does not update properly. |
2015-10-21 | STREAM-2063 | Improper validation of IP Address List. |
2015-10-21 | STREAM-2018 | When editing an ephemeral stream configuration from the command line, there is no validation to ensure createDate is earlier than expireDate. |
2015-10-21 | STREAM-2014 | Network Metrics dashboard shows incorrect bandwidth values. |
2015-10-21 | STREAM-2011 | Configure Streams page headers do not display correctly in Splunk Enterprise version 6.3. Workaround: Upgrade Splunk App for Stream to version 6.4.0 or later. |
2015-10-21 | STREAM-1956 | When Stream Examples App is installed with Splunk App for Stream, switching between "Estimate" (Stat only) mode and "Enable" mode opens the wrong modal. |
2015-10-21 | STREAM-1873 | Some SMB events trigger off the MaxEventAttributes stop limit, which causes repetitive attributes/multiple events to pile up in SMB protocol events. |
2015-10-21 | STREAM-1848 | Typo in error message that appears when cloning a stream with a duplicate ID of the existing protocol. |
2015-10-21 | STREAM-1834 | Inefficient captured packet queueing. |
2015-08-07 | STREAM-2190 | SDSSL skips IP packets with zero length (ip.len==0) in the IP header. |
2015-08-07 | STREAM-2179 | Sparkline in Streams Config UI incorrectly shows zero traffic for tns protocol. |
2015-08-07 | STREAM-2156 | SplunkLogAppender continues to add log queue events, even after the splunkd mod input's stdout forwarding buffer is full and streamfwd starts to drop events. Adding log events after event delivery is completely blocked can cause unbounded memory growth over time.
|
2015-07-24 | STREAM-2122 | src and dest fields are not being populated.
|
2015-07-24 | STREAM-2088 | When upgrading to Stream version 6.3.0, the deploy_splunk_ta_stream.py scripted input overwrites any existing local/inputs.conf files, if an upgrade of Splunk_TA_stream is required. This affects the copies of Splunk_TA_stream in both etc/apps/ and etc/deployment-apps/ directories.
|
2015-07-24 | STREAM-2078 | When creating a new distributed forwarder management group, if the "Include Ephemeral Streams" option is enabled, the front end UI regex check and the backend regex check are not in sync (one checks for "contains" and the other checks for "exact-match"). |
2015-07-24 | STREAM-1988 | When searching on sourcetype=stream:tns the only streams visible are those generated by tnsping. Traffic generated by sqlplus or other Oracle client consumers is not decoded as TNS.
|
2015-06-12 | STREAM-1956 | When the Stream Examples App is installed along with Splunk App for Stream, if you switch from "Stats-only" to "Enable," or vice versa, on the Streams Config page, an incorrect error message appears, which states that the app cannot execute the operation, but the app still executes the operation. |
2015-03-04 | STREAM-1785 | stream:log and stream:stats events have incorrect timestamp. |
2015-07-24 | STREAM-1709 | Lack of support for substitution of TNS bind variables leads to limited information in SQL queries. |
2015-03-04 | STREAM-1595 | Some comparison fields of the filter do not appear in the UI. |
2015-03-04 | STREAM-1565 | SMTP does not extract multiple recipients properly when there is more than one recipient contained in the email. |
2015-07-24 | STREAM-1557 | In certain cases, TCP packets captured out-of-order might generate invalid TCP flow events and lead to excessive memory usage. |
2015-03-04 | STREAM-1312 | Stream represents multi-part MIME messages incorrectly. |
2015-03-04 | STREAM-1311 | Stream does not consistently merge attributes extracted in chunks into a single term value. |
Fixed Issues |
This documentation applies to the following versions of Splunk Stream™: 6.3.0
Feedback submitted, thanks!