Changelog for version 5.1.0#

Released 23 September 2022#

Web UI Changes#

Bug Fixes#

  • Cleaned up stale searches for live searches on dashboards.

  • Removed ingester cache alert, add ingester cache values to table/ingester view.

  • Cleared stale notifications.

  • Fixed an issue where admin user’s list of pivotable actions is unexpectedly long.

  • Fixed an issue where preferences could be reset.

  • Fixed an issue where current timeframe was not updated after locking it.

  • Fixed errors interface within timeframe component.

  • Fixed an issue where saved default coordinates were not respected.

  • Cleared table starred rows on search change.

  • Fixed issue where data calendar would not change on navigation.

  • Fixed an issue where query launch buttons don’t always show in playbooks.

  • Fixed 404ing ingesters on OEM builds.

  • Fixed autosizing description input on the action form.

  • Retained node inspector view on flow save.

  • Improved error message for username already taken.

  • Fixed an issue where kit archives incorrectly showed playbooks and resources as deleted.

  • Fixed an ambiguous error message for while changing admin password.

  • Fixed an issue where groups were not updating appropriately on the users view for admins.

  • Fixed an issue where timeframe types may be inaccessible in custom timeframe dialog.

  • Renamed ingestion calendar to data calendar. Provided extra “raw” tooltip text.

  • Fixed an issue where the Basic Details button within dashboard list page of kits didn’t work.

  • Fixed an issue where tables may not render in dashboards.

  • Fixed an issue where hidden custom time formats would show in “launch” menus.

  • Fixed an issue where pressing enter on Actionable form caused unexpected navigation.

  • Fixed an issue where images uploaded by non-admin will be “not found” for other users.

  • Fixed an issue where group list has groups user is not a member of.

  • Fixed an issue where “Open a URL” action substitution can be incorrect.

  • Fixed an issue where “Note” node’s label value does not reflect inspector form.

New Additions#

  • Re-work context menu headers while applying element filters.

  • Launch playbook queries in a new tab with middle click.

  • Add toolbar actions within Query Studio.

  • Add clickable words to raw text of entries.

  • Merge Data Explorer functionality into search.

  • Add detailed view to raw and text search results.

  • Add Stats & Data Analysis view to search results within Query Studio.

  • Rename “highlighted” table rows to “starred.”

  • Select substrings in element filter context menu.

  • Add documentation and icon for SplunkQuery flow node.

Backend Changes#

New Features#

  • Backup/restore now includes API tokens.

  • Improved triggering of acceleration in the grep module.

  • Webserver access logs now include the UID if the user is logged in.

  • Added the filetype module.

  • Improved container startup efficiency in the search agent.

Bug Fixes#

  • Fixed an issue where certain entries could cause the webserver to crash when using Data Explorer.

  • Fixed an issue that prevented regular expression acceleration from working when used in an autoextractor.

  • Fixed an issue that prevented the regular expression accelerator from engaging when using regular expressions that contain double quotes.

  • Fixed an issue where containers started by the search agent were started in the wrong directory.

  • Fixed an issue where both sort and entropy modules behaved incorrectly in cluster configurations.

  • Fixed an issue that prevented negative offsets in the slice module from working.

  • Improved handling of malformed BASE64 data in the base64 module.

  • Fixed and issue that caused incorrect wrapping of text in PDF output.

  • Fixed an issue that prevented JSON fields that contain special characters from being extracted.

Ingester Changes#

  • Added a corelight preprocessor.

Other Changes#

  • Updated the benchmark documentation on