Splunk released version 4.0.10 of the Splunk IT search and analysis engine.
The following issues have been resolved in this release:
- As of Splunk version 4.0.10, summary index searches do not count towards your indexed data volume.
- Events generated by the internal auditing feature, which creates events for user-actions such as fired searches are no longer counted against the license.
- Summary indexing now works if var/run/splunk and var/spool/splunk are on different filesystems.
- Summary index searches that are suspended due to exceeding disk or concurrent search quotas now resume when the quota is available again, and do not require a restart to resume.
- Splunk search is no longer limited to lists of OR terms around 415 long, eg “1 OR 2 OR 3…. OR 415”.
- Deploying apps that do not contain a local directory will no longer cause Splunk to crash on the client.
- Recovery from hitting srchDiskQuota limit or max concurrent searches no longer requires that Splunk be restarted in order for scheduled searches to resume.
- Quotes in saved searches are now correctly being escaped and are no longer returning zero results.
- Show Source is now available for monitor inputs specified as a UNC path on a remote volume.
- Accessing a search from a link sent in an email alert will no longer display an error.
- Searches with NOT field=”value” are now correctly escaped.
- An issue with LDAP anonymous bind and squashing of uppercase characters in the failsafe username has been resolved.
- Indexing memory leaks have been addressed.
- The string “head 1” no longer gets converted to “head true” in search.
- The tailing_proc_speed setting is now available in limits.conf. Refer to limits.conf.spec for details.
- An issue with stats/chart/timechart values of min/max/first when calculated using summary index data generated using sistats/sichart/sitimechart has been resolved.
- An error is no longer generated when disabling/clearing Windows Event Log inputs.
- A STOP exception related to converting the _time field to non-epochTime in Windows evt files has been resolved.