Splunk Stream

Release Notes

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Known issues

Known issues in Splunk App for Stream 6.3.1:

Publication date Defect number Description
2015-11-16 STREAM-2532 Stream events are timestamped with index time in distributed Splunk Enterprise environment.
2015-10-27 STREAM-2512 On El Capitan (OSX 10.11), Splunk_TA_stream folder is not created in etc/apps/ folder.
2015-10-24 STREAM-2446 In the Distributed Forwarder Management UI, when you click Contains Streams > "more" for a particular group, the list of streams is not alphabetized.
2015-10-21 STREAM-2367 Incorrect CIM mapping for DHCP data.
2015-10-21 STREAM-2285 streamfwd does not keep track of bytes/events count.
2015-10-21 STREAM-2277 Back button does not show warning for unsaved changes. This can cause you to lose edits when modifying a stream.
2015-10-21 STREAM-2268 imap "password" field is missing.
2015-10-21 STREAM-2262 Aggregated streams don't emit "endtime field.
2015-10-21 STREAM-2259 Saving stream with addToDefaultGroup=false fails.
2015-10-21 STREAM-2230 Stream events are not accurately timestamped.
2015-10-21 STREAM-2229 DNS query types do not resolve to their respective names.
2015-10-21 STREAM-2222 Stream tries to open pcap adapter on inactive interface.
2015-10-21 STREAM-2193 The stream id (labeled 'Name' in the Configure Streams UI) is case sensitive. This lets you create a stream with the same name as a default stream, for example, id "HTTP", which you can confuse with the default stream id "http."
2015-10-21 STREAM-2190 Stream Forwarder skips IP packets with zero length (ip.len==0) in the IP header.
2015-10-21 STREAM-2183 request_time, reply_time, and response_time flow metrics are not populated for all protocols.
2015-10-21 STREAM-2179 Sparkline in Configure Streams UI under certain circumstances incorrectly shows zero traffic volume for protocols.
2015-10-21 STREAM-2169 SSL key stored in local/directory.
2015-10-21 STREAM-2156 streamfwd process may exhibit unbounded memory growth when running on Splunk Universal Forwarder instance that is unable to forward events, most commonly because of incorrect tcpout parameters in outputs.conf configuration.
2015-10-21 STREAM-2097 The default bitrate is unlimited when reading pcap files from the command line. This causes "Event Queue Overlow" errors if the pcap file contains more than 10,000 events (the MaxEventQueue size).
2015-10-21 STREAM-2089 When modifying the regex rule for an existing Distributed Forwarder Management (DFM) group, the DFM UI does not update properly.
2015-10-21 STREAM-2063 Improper validation of IP Address List.
2015-10-21 STREAM-2018 When editing an ephemeral stream configuration from the command line, there is no validation to ensure createDate is earlier than expireDate.
2015-10-21 STREAM-2014 Network Metrics dashboard shows incorrect bandwidth values.
2015-10-21 STREAM-2011 Configure Streams page headers do not display correctly in Splunk Enterprise version 6.3. Workaround: Upgrade Splunk App for Stream to version 6.4.0 or later.
2015-10-21 STREAM-1956 When Stream Examples App is installed with Splunk App for Stream, switching between "Estimate" (Stat only) mode and "Enable" mode opens the wrong modal.
2015-10-21 STREAM-1873 Some SMB events trigger off the MaxEventAttributes stop limit, which causes repetitive attributes/multiple events to pile up in SMB protocol events.
2015-10-21 STREAM-1848 Typo in error message that appears when cloning a stream with a duplicate ID of the existing protocol.
2015-10-21 STREAM-1834 Inefficient captured packet queueing.
2015-08-07 STREAM-2190 SDSSL skips IP packets with zero length (ip.len==0) in the IP header.
2015-08-07 STREAM-2179 Sparkline in Streams Config UI incorrectly shows zero traffic for tns protocol.
2015-08-07 STREAM-2156 SplunkLogAppender continues to add log queue events, even after the splunkd mod input's stdout forwarding buffer is full and streamfwd starts to drop events. Adding log events after event delivery is completely blocked can cause unbounded memory growth over time.
2015-06-12 STREAM-1956 When the Stream Examples App is installed along with Splunk App for Stream, if you switch from "Stats-only" to "Enable," or vice versa, on the Streams Config page, an incorrect error message appears, which states that the app cannot execute the operation, but the app still executes the operation.
2015-03-04 STREAM-1785 stream:log and stream:stats events have incorrect timestamp.
2015-03-04 STREAM-1595 Some filter comparison fields do not appear in the UI.
2015-03-04 STREAM-1565 SMTP does not extract multiple recipients properly when there is more than one recipient contained in the email.
2015-03-04 STREAM-1312 Stream represents multi-part MIME messages incorrectly.
2015-03-04 STREAM-1311 Stream does not consistently merge attributes extracted in chunks into a single term value.
Last modified on 03 December, 2015
  Fixed Issues

This documentation applies to the following versions of Splunk Stream: 6.3.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters