Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Any known issues when upgrading from 7.0.5 to 7.1.6?

ddrillic
Ultra Champion
‎03-06-2019 10:59 AM

We are planning to upgrade from 7.0.5 to 7.1.6 for our lower environment.

Are there any known issues with 7.1.6?

Labels (1)
Labels
Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎03-06-2019 12:01 PM

In some circumstances, (specifically with lookups and the dedup command), there were huge memory, performance and crashing issues.

I had cases open through many of the 7.1 -7.2x branches, all of which have cleared up with 7.2.4

I would encourage you to test 7.1 throughly to see if you will suffer from these issues, or consider jumping to the latest 7.2.4.2

If my comment helps, please give it a thumbs up!

View solution in original post

Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎03-13-2019 10:56 AM

Btw, ldap request paging is only available in Splunk 7.2.x.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎03-06-2019 12:45 PM

Did you see this?
https://docs.splunk.com/Documentation/Splunk/7.1.6/ReleaseNotes/Knownissues

Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎03-06-2019 12:01 PM

In some circumstances, (specifically with lookups and the dedup command), there were huge memory, performance and crashing issues.

I had cases open through many of the 7.1 -7.2x branches, all of which have cleared up with 7.2.4

I would encourage you to test 7.1 throughly to see if you will suffer from these issues, or consider jumping to the latest 7.2.4.2

If my comment helps, please give it a thumbs up!
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎03-07-2019 01:17 PM

Much appreciated @nickhillscpl

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎03-07-2019 06:37 AM

Support said -

-- What you were told in Answers is true!

There were quite a few issues with memory throughout 7.X -- the most stable release in all of 7.X would be indeed 7.2.4; If you are utilizing SmartStore(s2), then the .2 (7.2.4.2) patch is recommended as well.

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎03-07-2019 06:39 AM

Our Sales Engineer said -

That’s a really generic complaint. I’d need bug tracker numbers (usually SPL-XXXXXX) to find out.

Actually, I THINK I managed to find it. It was addressed by 7.1.4 and 7.2.0. You’re fine.

0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎03-07-2019 06:47 AM

My bugs were SPL-162166 and SPL-162548 (fixed in 7.2.4) and SPL-156444 which I think was patched out in 7.1.4 (although it escaped the release notes)

If my comment helps, please give it a thumbs up!
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎03-07-2019 07:02 AM

Very very kind @nickhillscpl !!!!

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎03-07-2019 07:54 AM

Interesting thing. Looking at https://docs.splunk.com/Documentation/Splunk/7.2.4/ReleaseNotes/Knownissues

And I don't see there SPL-162166 and SPL-162548. Where are they documented?

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎03-07-2019 08:23 AM

From Support -

It is in the known issues page for 7.2.0
https://docs.splunk.com/Documentation/Splunk/7.2.0/ReleaseNotes/Knownissues

and for the SPL mentioned in the email prior to your last (SPL-156444):
https://docs.splunk.com/Documentation/Splunk/7.1.4/ReleaseNotes/Fixedissues

From the Sales Engineer -

SPL-162166 only affects 7.2.x branches, 7.1.6 will be unaffected.
SPL-162548 only affects 7.2.x branches. 7.1.6 will be unaffected.

If 7.2.4 is not palatable, 7.1.6 looks like a solid release. Of course, extensive testing for your usecases is important with any deployment. Please let us know if you encounter unexpected issues.

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎03-07-2019 09:29 AM

As an aside https://docs.splunk.com/Documentation/Splunk/7.2.0/ReleaseNotes/Knownissues

SPL-162166, SPL-162548 gives this lovely search to find the largest lookups and in our environment, naturally the largest ones are ITSI's -

index=_* sourcetype=audittrail path=*lookups* size=* 
| stats max(size) AS size BY host, path 
| append 
    [| rest services/server/introspection/kvstore/collectionstats 
    | mvexpand data 
    | table splunk_server title data 
    | spath input=data 
    | fields splunk_server size ns ] 
| eval host=coalesce(host,splunk_server) 
| fields host path ns size 
| sort size
0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎03-07-2019 08:04 AM

They are in 'fixed' issues - not 'known' https://docs.splunk.com/Documentation/Splunk/7.2.4/ReleaseNotes/Fixedissues

2019-01-16 SPL-162166, SPL-162548 splunkd: /opt/splunk/src/search/processors/lookup/IndexedCsvDataProvider.cpp:165: virtual void IndexedCsvDataProvider::lookupBatch(UnpackedResults&, const SearchResultsInfo&, const LookupDefinition&): Assertion `!_parse_only' failed.

Although I have no idea what any of that means, and they were my bugs 🙂

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...