Splunk 4.0.10 released

Splunk released version 4.0.10 of the Splunk IT search and analysis engine.

The following issues have been resolved in this release:

  • As of Splunk version 4.0.10, summary index searches do not count towards your indexed data volume.
  • Events generated by the internal auditing feature, which creates events for user-actions such as fired searches are no longer counted against the license.
  • Summary indexing now works if var/run/splunk and var/spool/splunk are on different filesystems.
  • Summary index searches that are suspended due to exceeding disk or concurrent search quotas now resume when the quota is available again, and do not require a restart to resume.
  • Splunk search is no longer limited to lists of OR terms around 415 long, eg “1 OR 2 OR 3…. OR 415”.
  • Deploying apps that do not contain a local directory will no longer cause Splunk to crash on the client.
  • Recovery from hitting srchDiskQuota limit or max concurrent searches no longer requires that Splunk be restarted in order for scheduled searches to resume.
  • Quotes in saved searches are now correctly being escaped and are no longer returning zero results.
  • Show Source is now available for monitor inputs specified as a UNC path on a remote volume.
  • Accessing a search from a link sent in an email alert will no longer display an error.
  • Searches with NOT field=”value” are now correctly escaped.
  • An issue with LDAP anonymous bind and squashing of uppercase characters in the failsafe username has been resolved.
  • Indexing memory leaks have been addressed.
  • The string “head 1” no longer gets converted to “head true” in search.
  • The tailing_proc_speed setting is now available in limits.conf. Refer to limits.conf.spec for details.
  • An issue with stats/chart/timechart values of min/max/first when calculated using summary index data generated using sistats/sichart/sitimechart has been resolved.
  • An error is no longer generated when disabling/clearing Windows Event Log inputs.
  • A STOP exception related to converting the _time field to non-epochTime in Windows evt files has been resolved.