Known issues
Version 7.1.2 of Splunk Stream contains the following known issues.
If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2020-01-06 | STREAM-4301, STREAM-4409 | Windows: Capture stops with "pcap_loop returned error code -1 read error: PacketReceivePacket failed; network capture stopped" and isn't restarted Workaround: Re-configure one of the streams assigned to the forwarder in the Stream app, for example, you can add/enable a dummy stream and disable it again later, or change on of the configuration options for an existing Stream https://docs.splunk.com/Documentation/StreamApp/latest/User/ConfigureStreamsMetadata or restarting Splunk Forwarder service in Windows, for example through services.msc Sample scenario where you might run into this:
Reconfiguration of the NIC while Stream is running (for example, changing the flow control mode in our testing) |
| 2019-04-09 | STREAM-4052 | When splunkd and splunk web has SSL enabled ephemeral streams will not populate Workaround: Work around for this issue:- Make sure that in web.conf under [settings] , this param "enableSplunkWebSSL" has values in this format - [settings] enableSplunkWebSSL = <boolean> e.g.
[settings]
enableSplunkWebSSL = true
OR
[settings]
enableSplunkWebSSL = false |
| 2019-03-13 | STREAM-4029 | DNS "txt_vals" should not be enabled in DNS OOB aggregated streams |
| 2019-01-31 | STREAM-3970 | Splunk_SSLActivity should be tagged with certificate |
| 2018-12-18 | STREAM-3887 | src_content and dest_content fields are truncated during stream data ingestion |
| 2018-10-31 | STREAM-3876 | Performance of cherryPy exposed REST endpoints streamforwardergroups locks up and cant tell why |
| 2018-10-23 | STREAM-3873 | Splunk can't receive DNS log with stream TA |
| 2018-08-29 | STREAM-3855, STREAM-3870 | Streamfwd crashing on the server causing segfault Workaround: Install the latest patch build of Stream. Contact Splunk support to get the latest patch build. Or, turn off these two fields for all db protocol streams: "affected_tables" and "sql_statement." The following are the db protocol streams: mysql, postgres, Splunk_MySQL, Splunk_Postgres, Splunk_Tds, Splunk_Tns, td, and tns. |
| 2018-07-31 | STREAM-3852 | Stream Netflow data ingestion is being dropped Workaround: Install the latest patch build of Splunk Stream. Contact Splunk support to get the latest patch build. |
| 2018-06-21 | STREAM-3847 | When adding around 4000 PEN elements for IPFIX netflow. Stream has problems accessing KV store |
| 2017-03-20 | STREAM-3659 | DROP DATABASE Postgres query is not parsed |
| 2014-09-23 | STREAM-1312 | Stream extracts multi-part MIME messages incorrectly |
| Fixed issues | Boost C++ |
This documentation applies to the following versions of Splunk Stream™: 7.1.2
Download manual
Feedback submitted, thanks!