Known issues
Known issues in Splunk App for Stream 6.3.2:
Publication date | Defect number | Description |
---|---|---|
2015-11-16 | STREAM-2532 | Stream events are timestamped with index time in distributed Splunk Enterprise environment. |
2015-10-27 | STREAM-2512 | On El Capitan (OSX 10.11), Splunk_TA_stream folder is not created in etc/apps/ folder. |
2015-10-24 | STREAM-2446 | In the Distributed Forwarder Management UI, when you click Contains Streams > "more" for a particular group, the list of streams is not alphabetized. |
2015-10-21 | STREAM-2396 | Problems with "required_by" validation handling when attempting to delete streams in Configure Streams UI. |
2015-10-21 | STREAM-2367 | Incorrect CIM mapping for DHCP data. |
2015-10-21 | STREAM-2285 | streamfwd does not keep track of bytes/events count.
|
2015-10-21 | STREAM-2277 | Back button does not show warning for unsaved changes. This can cause you to lose edits when modifying a stream. |
2015-10-21 | STREAM-2268 | imap "password" field is missing. |
2015-10-21 | STREAM-2262 | Aggregated streams don't emit "endtime field. |
2015-10-21 | STREAM-2259 | Saving stream with addToDefaultGroup=false fails. |
2015-10-21 | STREAM-2230 | Stream events are not accurately timestamped. |
2015-10-21 | STREAM-2229 | DNS query types do not resolve to their respective names. |
2015-10-21 | STREAM-2222 | Stream tries to open pcap adapter on inactive interface. |
2015-10-21 | STREAM-2193 | The stream id (labeled 'Name' in the Configure Streams UI) is case sensitive. This lets you create a stream with the same name as a default stream, for example, id "HTTP", which you can confuse with the default stream id "http." |
2015-10-21 | STREAM-2190 | Stream Forwarder skips IP packets with zero length (ip.len==0) in the IP header. |
2015-10-21 | STREAM-2183 | request_time, reply_time, and response_time flow metrics are not populated for all protocols. |
2015-10-21 | STREAM-2179 | Sparkline in Configure Streams UI under certain circumstances incorrectly shows zero traffic volume for protocols. |
2015-10-21 | STREAM-2169 | SSL key stored in local/directory. |
2015-10-21 | STREAM-2156 | streamfwd process may exhibit unbounded memory growth when running on Splunk Universal Forwarder instance that is unable to forward events, most commonly because of incorrect tcpout parameters in outputs.conf configuration.
|
2015-10-21 | STREAM-2097 | The default bitrate is unlimited when reading pcap files from the command line. This causes "Event Queue Overlow" errors if the pcap file contains more than 10,000 events (the MaxEventQueue size). |
2015-10-21 | STREAM-2089 | When modifying the regex rule for an existing Distributed Forwarder Management (DFM) group, the DFM UI does not update properly. |
2015-10-21 | STREAM-2063 | Improper validation of IP Address List. |
2015-10-21 | STREAM-2018 | When editing an ephemeral stream configuration from the command line, there is no validation to ensure createDate is earlier than expireDate. |
2015-10-21 | STREAM-2014 | Network Metrics dashboard shows incorrect bandwidth values. |
2015-10-21 | STREAM-2011 | Configure Streams page headers do not display correctly in Splunk Enterprise version 6.3. Workaround: Upgrade Splunk App for Stream to version 6.4.0 or later. |
2015-10-21 | STREAM-1956 | When Stream Examples App is installed with Splunk App for Stream, switching between "Estimate" (Stat only) mode and "Enable" mode opens the wrong modal. |
2015-10-21 | STREAM-1873 | Some SMB events trigger off the MaxEventAttributes stop limit, which causes repetitive attributes/multiple events to pile up in SMB protocol events. |
2015-10-21 | STREAM-1848 | Typo in error message that appears when cloning a stream with a duplicate ID of the existing protocol. |
2015-10-21 | STREAM-1834 | Inefficient captured packet queueing. |
2015-03-04 | STREAM-1785 | stream:log and stream:stats events have incorrect timestamp. |
2015-03-04 | STREAM-1595 | Some filter comparison fields do not appear in the UI. |
2015-03-04 | STREAM-1565 | SMTP does not extract multiple recipients properly when there is more than one recipient contained in the email. |
2015-03-04 | STREAM-1312 | Stream represents multi-part MIME messages incorrectly. |
2015-03-04 | STREAM-1311 | Stream does not consistently merge attributes extracted in chunks into a single term value. |
Fixed Issues |
This documentation applies to the following versions of Splunk Stream™: 6.3.2
Feedback submitted, thanks!