Splunk Stream

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Known issues

Version 7.1.2 of Splunk Stream contains the following known issues.

If no issues appear below, no issues have yet been reported.

Date filed Issue number Description
2020-01-06 STREAM-4301, STREAM-4409 Windows: Capture stops with "pcap_loop returned error code -1 read error: PacketReceivePacket failed; network capture stopped" and isn't restarted

Workaround:
Re-configure one of the streams assigned to the forwarder in the Stream app, for example, you can add/enable a dummy stream and disable it again later, or change on of the configuration options for an existing Stream

https://docs.splunk.com/Documentation/StreamApp/latest/User/ConfigureStreamsMetadata or restarting Splunk Forwarder service in Windows, for example through services.msc

Sample scenario where you might run into this: Reconfiguration of the NIC while Stream is running (for example, changing the flow control mode in our testing)

2019-04-09 STREAM-4052 When splunkd and splunk web has SSL enabled ephemeral streams will not populate

Workaround:
Work around for this issue:-

Make sure that in web.conf under [settings] , this param "enableSplunkWebSSL" has values in this format -

[settings] enableSplunkWebSSL = <boolean>

e.g.  [settings] enableSplunkWebSSL = true  OR  [settings] enableSplunkWebSSL = false

2019-03-13 STREAM-4029 DNS "txt_vals" should not be enabled in DNS OOB aggregated streams
2019-01-31 STREAM-3970 Splunk_SSLActivity should be tagged with certificate
2018-12-18 STREAM-3887 src_content and dest_content fields are truncated during stream data ingestion
2018-10-31 STREAM-3876 Performance of cherryPy exposed REST endpoints streamforwardergroups locks up and cant tell why
2018-10-23 STREAM-3873 Splunk can't receive DNS log with stream TA
2018-08-29 STREAM-3855, STREAM-3870 Streamfwd crashing on the server causing segfault

Workaround:
Install the latest patch build of Stream. Contact Splunk support to get the latest patch build.

Or, turn off these two fields for all db protocol streams: "affected_tables" and "sql_statement." The following are the db protocol streams: mysql, postgres, Splunk_MySQL, Splunk_Postgres, Splunk_Tds, Splunk_Tns, td, and tns.

2018-07-31 STREAM-3852 Stream Netflow data ingestion is being dropped

Workaround:
Install the latest patch build of Splunk Stream. Contact Splunk support to get the latest patch build.
2018-06-21 STREAM-3847 When adding around 4000 PEN elements for IPFIX netflow. Stream has problems accessing KV store
2017-03-20 STREAM-3659 DROP DATABASE Postgres query is not parsed
2014-09-23 STREAM-1312 Stream extracts multi-part MIME messages incorrectly
Last modified on 15 February, 2022
PREVIOUS
Fixed issues 		  NEXT
Boost C++

This documentation applies to the following versions of Splunk Stream: 7.1.2

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters