Changelog and Release Notes
- Drivers (Windows) [I459]: when programs are started from network file shares, file handles to the executables (EXEs or DLLs) might be kept open.
- There have been no changes to the Splunk apps or the macOS agent in this relese.
- Boot duration (Windows): the metrics
PostBootTimeMs cannot be determined for every system boot.
- Browsers/IE add-on (Windows): metrics are not collected on page reload.
- Browsers/IE add-on (Windows): metrics are collected incompletely for the configured start page.
- Browsers/IE add-on (Windows) monitoring does not work if IE is published from Citrix Virtual Apps. It does work from Citrix Virtual Desktops, however.
- Citrix ADC: in very rare cases the content of the Virtual Server Performance field
vServerName contains spaces in wrong places.
- Citrix site monitoring (Windows): data collection issue if the Citrix Remote Powershell SDK (required for Citrix Cloud monitoring) is installed on a CVAD controller.
- Citrix XA/XD Machines (Windows): when running the Citrix VDA on a Citrix Delivery Controller, some per-machine information is missing.
- Experience score [I377]: scheduled searches generate three warnings in Splunk’s
_internal index every 30 minutes. The messages look like the following:
DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event.. However, there is no impact on uberAgent’s functionality.
- GPU (Windows) [I33]: values for the fields
ComputeUsagePercentEngine0 and similar can be higher than 100 with Intel Iris GPUs on Windows Server 2016 1607.
- Kafka [I291]: in rare cases sending data to Kafka results in a SEC_E_BUFFER_TOO_SMALL error message in the logfile. This should have no affect; the transmission is repeated and succeeds on the second try.
- Performance [I372] (macOS): running uberAgent has a noticeable impact on I/O performance of small writes. As a workaround, the new config flag
DisableESFileSystemMonitoring has been added. If set, performance will not be impacted, but
ProcIOPSWrite will not be available in
- Update inventory (Windows): not all installed Windows updates may be reported due to API limitations.
- Volume inventory (macOS): the encryption status of mounted read-only APFS snapshots may not be reported due to API limitations. This includes the root directory volume in a default installation of macOS.