Splunk 4.1.1 brings 60+ fixes

Splunk provides the ability for users to search, monitor and analyze live streaming IT data as well as terabytes of historical data, all from the same interface.

The following issues have been resolved in this release:

• File upload fails with an error when js_logger_mode=Server in web.conf.
• The crawl command returns binary files when it shouldn’t.
• A crawl input won’t pickup directories with capital letters in the name.
• Forwarding data to an index that does not exist on the indexer will drop the data.
• Show source option is unavailable when using pipe to fields.
• Migration failed on LDAP config with same base DN’s and improper group settings. Workaround is update groupMappingAttribute and groupMemberAttribute to a value that will be present in the user’s ldif entry (e.g. uid)
• LDAP implementations where groupMappingAttribute is assigned multiple values will not work. Splunk requires that groupMappingAttribute have a unique value.
• Drill-down does not work as expected with real-time search; will give zero results when expecting historical results.
• CTRL/Command click isn’t working for row clicks.
• Sometimes the header will contain the wrong event count from a previous search instead of the event count of the currently running search.
• Deleting a saved search job does not delete the associated dispatch directory.
• Jobs deleted from the Jobs Manager do not actually reclaim disk space.
• Scheduling a search doesn’t validate that an email address has been entered when you click “Send email”.
• PDF report of a scheduled search sometimes renders with a black bar on the timeline.
• Simple XML searchPostProcess doesn’t work with and .
• Line wrapping is broken in the simple XML form.
• Entering incorrect credentials in the Windows GUI installer produces a self-contradictory error message.
• Creating a WMI collection with a name that includes trailing nulls generates an error.
• Windows Event Log (.evt) files are not indexed before they are deleted when they are dropped into the spool directory.
• Deleting via the CLI across a distributed deployment does not work unless the can_delete capability is assigned to the user’s role on the indexer itself.
• Searching across a distributed system should not wait so long to decide one of the indexers is out of service before returning results.
• Splunk may crash when suspending in Mac OSX.
• Splunk now enforces a freespace check for the $SPLUNK_HOME/var/run/splunk/dispatch directory. This value is hardcoded to 2GB. Systems with less than 2 GB of freespace should symlink the directory to a partition with more space.
• Splunkd crash in typing thread.
• indexprocessor not initialized on startup.
• Limit number of buckets moved at once in-flights in BucketMover.
• Add a raw kb field for tcpin_connection in metrics.log.
• EntityLinkLister does not ever pass on its value when clicked on.
• Lookups descriptions are not internationalized.
• splunkd crash at HTTPRequestHandlerThread.
• No timestamps on flashtime when using IE8.
• Show source doesn’t work on Windows7.
• Field Extraction Wizard in Splunk Web doesn’t not work.
• Need migration message when using lookup defined in some other app.
• Running a report in flashtimeline, using a selected range on the timeline, certain interactions from there discard the timeline selection.
• NOT searches on lookup generated fields fails to yield expected results.
• splunk-optimize failed to start for index, need a better error message.
• PDF Server add-on does not work if supportSSLV3Only = true in web.conf.
• Saved searches created in 4.0.x with latest time +0s display in UI as “custom relative time range”.
• Creating saved search through Manager creates nonsense cron_schedule value.
• Inexplicable (and apparently benign) SSL_write errors in the logs.
• Shutdown on idle receiver takes minutes.
• Make disk quota checking faster.
• Summary popups in FieldPicker open offscreen and cant be closed.
• CLI login command on Win-32 build has been fixed.