3.2.5

3.2.5

The following issues have been resolved in 3.2.5:

• Reporting in distributed search now works correctly. (SPL-14152, SPL-14405
• Saved searches containing transforming operators now work correctly in distributed deployments. (SPL-14152)
• Scripted auth now runs scheduled searches as the correct user. (SPL-14157)
• A memory leak in the authentication and authorization module has been eliminated. (SPL-14251)
• A memory leak in the search module has been eliminated. (SPL-14250)
• Splunk now briefly caches the result of user authentication requests to reduce load on authentication servers. (SPL-13845)
• An issue with the forwarder not sending data to the second indexer in a round robin configuration when the first goes down has been resolved. (SPL-13673)
• An issue with urldecodingprocessor not respecting HTML codes for tab and whitespace has been resolved. (SPL-13336)
• Disabling access to Live Tail for a given user role no longer disables access to distributed search for that user role. (SPL-14303)
• Various Windows crashes have been resolved. (SPL-14182, SPL-14229, SPL-14149)
• You can now restrict the time window (the time range over which a search is run) for searches on a per user role basis. To use this capability, edit $SPLUNK_HOME/etc/bundles/local/authorize.conf and set srchTimeWin to reflect the maximum time span in seconds that a search by someone in this role is authorized to execute. Refer to the product documentation for more information about configuring roles. (SPL-13011)
• An issue with out of range timestamps in the index has been resolved. (SPL-14034, SPL-14042)
• Formerly, some distributed environments would experience an issue where the first 5-100 events that should have been returned by a search were intermittently missing. This issue has been resolved. (SPL-14294)