Splunk 4.0.9 released
Splunk released version 4.0.9 of the Splunk IT search and analysis engine.
The following issues have been resolved in this release:
- Some issues related to high memory consumption have been resolved.
- A security issue involving passing absolute URIs has been resolved.
- An issue related to the UTF-8 processor consuming too much memory has been resolved.
- Excessive FileClassifierManager logging around UTF-8 and VISCII has been resolved.
- An issue involving Splunk Web hanging when using SSL has been resolved.
- Splunk Web will no longer generate an error when reloading the page during a search.
- An issue with garbled WMI-collected Windows Event log messages on Windows 2008 has been resolved.
- The number of global events indexed is now displayed correctly when using distributed search and multiple indexes.
- Total events indexed and index sizes are now displayed for all indexes.
- Event counts are now displayed correctly in the Search app Summary page.
- The IIS source type now correctly extracts fields for IIS Web logs.
- The default IIS log file format (the “W3C Extended” standard) is now automatically classified by Splunk.
- The *Nix app now correctly loads the “Percent % Load by Host” graph.
- An issue involving Splunk crashing at the login screen due to issues with older metadata files has been resolved.
- An indexer crash involving HTTPRequestHandlerThread at shutdown has been resolved.
- Splunk no longer arbitrarily closes standard TCP connections after 15 minutes when enableS2SHeartbeat is true
- An issue involving correctly following directory paths in lookup scripts has been resolved.
- Key-value extraction now works correctly on Fortinet log events.
- An issue involving a crash resulting from very large strings in expanded searches has been resolved.
- A cloned report now includes displayview information correctly.
- An emailed report generated from a saved search now includes the correct chart formatting.
- A WARN TcpInputFd – Closing socket errno=0 error will no longer be repeatedly written to splunkd.log.
- An issue around lock files not being cleaned up and preventing an indexer from being restarted has been resolved.
- Misconfigured forwarders (for example, accidentally configured to point to the splunkweb port instead of the receiving port) can now be shut down and restarted correctly once they are reconfigured.
- Fields for reporting are now displayed correctly in Firefox 3.5.
- All indexes are now listed correctly in Manager across all distributed search heads.
- Back slashes are no longer added to saved search strings.
- Saved searches with NOTs in them now have correctly escaped quotation marks.
- All AD monitoring-related fields are now available in the fields picker.
- Accessing the _bump endpoint now correctly reloads configs and does not generate a 500 error.
- Values removed from pages in Manager (such as the Roles page) now remain empty when the page is saved.
- An issue with forwarders losing a single event when restarted has been resolved.