Release Notes 2.2.6

Release Notes 2.2.6

Date of Release: June 27, 2007

Splunk 2.2.6 resolves multiple issues surrounding authentication.

Versions 2.2.4 and 2.2.5 were releases limited to specific customers. Version 2.2.6 is the cumulative release and includes all of the functionality introduced in those releases.

To install Splunk 2.2.6, see the Installation Manual for full instructions.

New Features

There are no new features in this release

Resolved Issues

• Splunk Servers older than 2.2.3 had problems authenticating users in LDAP when those users map to more then one Splunk role or when a user is a member of multiple groups and only one group maps to a Splunk role. Splunk Server 2.2.6 solves this problem and provides more information about user mapping when debug logging is in effect.
• Splunk Servers older than 2.2.3 configured to use an LDAP server that accepts anonymous binds allowed a user to login to Splunk without a password. Splunk Server 2.2.6 blocks all attempts at login without as password.
• Splunk Servers older than 2.2.3 had a problem where Splunk's password file could become corrupted if edits were made and more than 10 users existed. Splunk Server 2.2.6 fixes this problem and will not corrupt the password file when there are more than 10 users.

Known Issues

• The View all is missing from the homepage.
• The name of the FreeBSD native package has been changed. The version changed from 5.4 to 6.1. It will still function on 5.4. The revised installer has the same compatibility requirements as 5.4.
• If the Splunk Server is configured to use LDAP authentication, the amount of time required for Splunk to successfully start will be in direct relation to the number of users stored in the LDAP. Startup can take anywhere between 45-60 seconds.
• LDAP authentication should not use SSL.
• When participating in distributed search the report::[ ] operator will need to be enclosed in quotes.
• The GroupDN cannot contain an ampersand (&) character if you are configuring LDAP from the GUI. The workaround is to edit the auth.conf file directly.
• In auth.conf, the authSettings value and associated configuration stanza name should not contain a space. For example, ActiveDirectory, not Active Directory.
• Restarting Splunk before a Live Splunk runs for the first time will result in 12/31/1969 being displayed as the Next Run date. This is purely cosmetic, the Live Splunk will run at the scheduled interval.
• Some XML reserved characters in the user's Splunk password (e.g., "ch&ngeme") cause an authorization failure for Live Splunks. If you intend to use Live Splunks, choose a password without &, <, ' or ".
• We have seen issues migrating 2.1.x users on FreeBSD to 2.2.3. If you are running Splunk on FreeBSD and lose your users on upgrade please contact Splunk Support for assistance in recovering your users.
• If you edit the passwd file (in $SPLUNK_HOME/etc) by hand (not generally recommended, but occasionally useful) ensure you maintain the sequential order of entries by user id.
• Some Linux users (particularly SUSE 10.x) are not getting typeahead results when typing in search terms. See this forum post for details: http://www.splunk.com/base/forum:SplunkGeneral/656/2452
• Splunk-2-Splunk configuration changes via the GUI incorrectly update the conf files, causing forwarding to stop. The workaround is to edit props.conf and regexes.conf directly. Contact support for sample configuration files.