Help Net Security
Help Net Security

Splunk 4.0.9 released

Splunk released version 4.0.9 of the Splunk IT search and analysis engine.

The following issues have been resolved in this release:

  • Some issues related to high memory consumption have been resolved.
  • A security issue involving passing absolute URIs has been resolved.
  • An issue related to the UTF-8 processor consuming too much memory has been resolved.
  • Excessive FileClassifierManager logging around UTF-8 and VISCII has been resolved.
  • An issue involving Splunk Web hanging when using SSL has been resolved.
  • Splunk Web will no longer generate an error when reloading the page during a search.
  • An issue with garbled WMI-collected Windows Event log messages on Windows 2008 has been resolved.
  • The number of global events indexed is now displayed correctly when using distributed search and multiple indexes.
  • Total events indexed and index sizes are now displayed for all indexes.
  • Event counts are now displayed correctly in the Search app Summary page.
  • The IIS source type now correctly extracts fields for IIS Web logs.
  • The default IIS log file format (the “W3C Extended” standard) is now automatically classified by Splunk.
  • The *Nix app now correctly loads the “Percent % Load by Host” graph.
  • An issue involving Splunk crashing at the login screen due to issues with older metadata files has been resolved.
  • An indexer crash involving HTTPRequestHandlerThread at shutdown has been resolved.
  • Splunk no longer arbitrarily closes standard TCP connections after 15 minutes when enableS2SHeartbeat is true
  • An issue involving correctly following directory paths in lookup scripts has been resolved.
  • Key-value extraction now works correctly on Fortinet log events.
  • An issue involving a crash resulting from very large strings in expanded searches has been resolved.
  • A cloned report now includes displayview information correctly.
  • An emailed report generated from a saved search now includes the correct chart formatting.
  • A WARN TcpInputFd – Closing socket errno=0 error will no longer be repeatedly written to splunkd.log.
  • An issue around lock files not being cleaned up and preventing an indexer from being restarted has been resolved.
  • Misconfigured forwarders (for example, accidentally configured to point to the splunkweb port instead of the receiving port) can now be shut down and restarted correctly once they are reconfigured.
  • Fields for reporting are now displayed correctly in Firefox 3.5.
  • All indexes are now listed correctly in Manager across all distributed search heads.
  • Back slashes are no longer added to saved search strings.
  • Saved searches with NOTs in them now have correctly escaped quotation marks.
  • All AD monitoring-related fields are now available in the fields picker.
  • Accessing the _bump endpoint now correctly reloads configs and does not generate a 500 error.
  • Values removed from pages in Manager (such as the Roles page) now remain empty when the page is saved.
  • An issue with forwarders losing a single event when restarted has been resolved.

Featured news

Resources

Don't miss