• What's New
  • What's new in Splunk 3.2
    • Transaction search
    • Filesystem change monitoring
    • REST API
    • Windows platform support
    • Interactive event type learning
    • Interactive field extraction
    • Increased storage efficiency
    • Flexible roles
    • Auditing & signing
    • Transaction typing
    • New search features
    • Role-based search sharing
    • Live Tail
    • Dynamic event rendering
    • Universal field tagging
    • Pluggable authentication API
    • Event type templates
• Known Issues
  • Known Issues for release 3.2.3
    • General issues and considerations
    • Windows-specific considerations and known issues
    • Search issues, including deprecated commands
    • Distributed search issues and considerations
    • Splunk Web issues and considerations
    • Configuration considerations and issues
    • Splunk Toolbar considerations and issues
    • Scheduling a saved search with cron
• Changelogs by Version
  • 3.2
    • Resolved issues from 3.1.5
  • 3.2.1
    • Resolved issues from 3.2
  • 3.2.2
    • Resolved issues from 3.2.1
  • 3.2.3
    • Resolved security issues
• Credits
  • Credits
  • APSW
  • boost
  • elementree
  • expat
  • fpconst
  • gadfly
  • libarchive
  • libiconv
  • libxml2
  • libxslt
  • log4py
  • numeric
  • openLDAP
  • OpenSSL
  • pcre
  • popt1.7
  • pyopenssl
  • pysqlite
  • python
  • pyxml
  • SOAPppy 0.11.6
  • sqlite
  • twisted
  • xmlwrapp 0.5.0
  • zope
  • zlib

3.2.3

The following issues have been resolved in Splunk 3.2.3:

• An issue with incorrect timestamp offsets has been addressed: if you have configured timestamp offsets using pre-Splunk 3.2 POSIX instructions, you must reconfigure them using this information. If you do not do this, your timestamp information will be incorrect. If you have not configured timezone offsets, you can ignore this note.
• Saved searches now work correctly with scripted auth. (SPL-13016)
• You can now use wildcards on Windows when specifying paths to filenames in inputs.conf. You cannot, however, use backslashes within a regex in inputs.conf. For example, you can have C:\fflanda\path\to\*\logfile.log, but \fflanda\*\d\logfile.log will not work. (SPL-12679)
• Splunk now handles multi-line Windows events properly (multiple single line events or single multi-line events containing two or more actual events) when you specify the parsing queue on the indexer's TCP input. (SPL-12995)
• Installing Sparc package somewhere other than opt/splunk is now supported. (SPL-13187)
• You can now use a Unix deployment server to distribute configs to Windows clients. (SPL-12750, SPL-13124)
• Splunk Web now correctly validates alert cron schedules. (SPL-13328)

Resolved security issues

• A cross-site request forgery vulnerability has been resolved. (SPL-13318) Many thanks to aaron@vtty.com for identifying this issue.
• A security issue related to possible remote Denial of Service vulnerability of splunkd has been resolved. (SPL-13403) Many thanks to aaron@vtty.com for identifying this issue.
• The 3.2.3 release of Splunk includes a security fix that puts restrictions on how the splunkweb service acts. Some more unusual server configurations may experience unexpected behavior as a result. If your Splunk deployment includes a configuration that puts a Splunk server behind a rewriting proxy in an uncommon configuration (such as running multiple instances of Splunk server and exposing them all on the same domain), or routes a Splunk server through a rewriting proxy that modifies or filters HTTP cookie information, Splunk Web may not return search results. You will notice this immediately, as the default main dashboard will load empty frames. (SPL-13639)
• A security issue related to permissions on custom bundle directories has been resolved. (SPL-12861)