This documentation does not apply to the most recent version of Splunk Stream™.
For documentation on the most recent version, go to the latest release.
Known issues
Known issues in Splunk App for Stream 6.6.0:
| Publication date | Issue number | Description |
|---|---|---|
| 2016-12-12 | STREAM-3494 | streamfwd symlink does not get installed on Linux 64-bit platforms. |
| 2016-11-10 | STREAM-2362 | False positive TOR classification |
| 2016-10-18 | STREAM-3408 | n the Configure Stream UI, some links to documentation are broken. |
| 2016-10-16 | STREAM-3186 | DNS "query" emits as multivalued field. This is not compatible with the CIM Network Resolution (DNS) data model, which expects a single query value field, and can cause Splunk Enterprise Security dashboards to not populate correctly. |
| 2016-10-10 | STREAM-3375 | When running Stream version 6.6.x and ITSI version 2.4.0 on the same search head, an empty browser screen appears when attempting to create a new stream or configure an existing stream in the Configure Streams UI. Workaround: Install splunk_app_stream on a different search head than the one running ITSI. |
| 2016-10-16 | STREAM-3363 | On Distributed Forwarder Management page, "Create new group" button does not work. |
| 2016-08-16 | STREAM-3274 | Aggregated events based on historical pcap files incorrectly get systime timestamp. |
| 2016-07-28 | STREAM-3211 | Unable to process pcap traffic using dedicated mode via independent streamfwd. |
| 2016-07-26 | STREAM-3193 | SmtpProtocolHandler does not concatenate content blocks. |
| 2016-07-25 | STREAM-3185 | RTP events missing timestamp for some data fields. |
| 2016-07-25 | STREAM-3165 | Stream incorrectly calculates time_taken for http request. |
| 2016-07-22 | STREAM-3181 | Splunk_TA_stream/linux_x86_64/bin/streamfwd symlink is not extracted correctly on app install. Workaround: Delete the bogus 0-length streamfwd file and create a "streamfwd" symlink pointing to the streamfwd-rhel5 file. |
| 2016-07-22 | STREAM-3164 | Service streamfwd does not start because /var/run/streamfwd (home directory) is not created for user. Workaround: Create home directory manually. For example:
sudo mkdir /var/run/streamfwd |
| 2016-07-19 | STREAM-3166 | Adding trailing spaces after entries in streamfwd.conf causes streamfwd to fail on start. |
| 2016-07-19 | STREAM-2945 | Aggregation only picks the first value of a multi-value key field. |
| 2016-06-02 | STREAM-3029 | When running splunk_app_stream in Splunk cloud, the app generates an incorrect curl command for independent stream forwarder installation. |
| 2016-05-05 | STREAM-2945 | Aggregation only picks the first value of a multi-value key field. |
| 2016-04-26 | STREAM-2918 | Problem with URL encoding of m_splunk_index and m_splunk_host. |
| 2015-10-13 | Events are created from TNS stream containing incorrect user field. | |
| 2015-03-04 | STREAM-1565 | SMTP does not extract multiple recipients properly when there is more than one recipient contained in the email. |
| 2015-03-04 | STREAM-1312 | Stream represents multi-part MIME messages incorrectly. |
| 2015-03-04 | STREAM-1311 | Stream does not consistently merge attributes extracted in chunks into a single term value. |
Last modified on 12 December, 2016
| Resolved issues | Credits |
This documentation applies to the following versions of Splunk Stream™: 6.6.0
Download manual
Feedback submitted, thanks!