Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Where did Splunk 7.3.1 go?

eden881
Path Finder
‎09-13-2019 04:13 PM

I need the installation RPM of Splunk 7.3.1 specifically, in order to be version-compatible with another 7.3.1 instance that I already have.
However, the official download page only gives me 7.3.0 now.
In the older releases page, I can only find versions 7.2.x and below.

Where did 7.3.1 go?
I can't seem to find any information about critical issues with 7.3.1 which requires reverting back to 7.3.0...

Reply
1 Solution
Solved! Jump to solution
Solution

claudio_manig
Communicator
‎09-16-2019 03:46 AM

Feedback from Splunk Support: They decided to take it from the web as there is a bug in it, asking for a more verbose feedback on this bug i got this:

On-prem customers on Splunk Enterprise
7.3.1 using SmartStore are vulnerable to an issue that may impact data
durability under certain conditions.

This issue is triggered during
SmartStore migration, upgrade, rolling
restart or indexer offline operations
in 7.3.1 with active on-going
searches. Under such conditions, a
bucket which recently transitioned
from hot to warm with active searches,
is inadvertently considered as frozen
and discarded leading to loss of the
bucket contents.

I just upgraded a production environment last friday to 7.3.1 and this is far off being helpful- i strongly expect splunk to
-communicate this bug to all users
-Releasing the fix asap as i dont revert to 7.3.0

##UPDATE 17.09.2019##
After reaching out to my splunk contacts i learned that:

  • 7.3.1 was removed from download due to a critical exposure that was found
  • The 7.3.1.1 patch will be released on Wednesday
  • 7.3.2 will likely be released the following week
  • The most current version available now is 7.3.0
  • The critical exposure is affecting smart store
  • Splunk Legal is working on a public communication of this issue

Hope that helps others-

View solution in original post

Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎09-19-2019 08:05 AM

It's back now, patched as 7.3.1.1 and available from the download page.

Reply
Solved! Jump to solution

maciep
Champion
‎09-16-2019 08:30 AM

I reached out to our account team to share my frustration and disappointment with how Splunk is handling this and asked that they share it with their management. If you can, I suggest you do the same. Maybe if enough of us make noise, they'll change their ways....but won't get my hopes up.

Reply
Solved! Jump to solution

KevinMurray
Explorer
‎09-16-2019 04:07 AM

Dear Splunk,

Since most of us Splunk Architects/Admins have to work weekends to upgrade our installations, and mostly without pay or TOIL, it would be prudent for Splunk to inform the customer base when app releases are rescinded so we are not wasting our weekends doing unnecessary work, and in this case jeopardizing the accuracy of data ingested.

Reply
Solved! Jump to solution
Solution

claudio_manig
Communicator
‎09-16-2019 03:46 AM

Feedback from Splunk Support: They decided to take it from the web as there is a bug in it, asking for a more verbose feedback on this bug i got this:

On-prem customers on Splunk Enterprise
7.3.1 using SmartStore are vulnerable to an issue that may impact data
durability under certain conditions.

This issue is triggered during
SmartStore migration, upgrade, rolling
restart or indexer offline operations
in 7.3.1 with active on-going
searches. Under such conditions, a
bucket which recently transitioned
from hot to warm with active searches,
is inadvertently considered as frozen
and discarded leading to loss of the
bucket contents.

I just upgraded a production environment last friday to 7.3.1 and this is far off being helpful- i strongly expect splunk to
-communicate this bug to all users
-Releasing the fix asap as i dont revert to 7.3.0

##UPDATE 17.09.2019##
After reaching out to my splunk contacts i learned that:

  • 7.3.1 was removed from download due to a critical exposure that was found
  • The 7.3.1.1 patch will be released on Wednesday
  • 7.3.2 will likely be released the following week
  • The most current version available now is 7.3.0
  • The critical exposure is affecting smart store
  • Splunk Legal is working on a public communication of this issue

Hope that helps others-

Reply
Solved! Jump to solution

lakromani
Builder
‎09-16-2019 08:25 AM

Why in the world not just post this at their home page and download page???
As its now, I still do upgrade of my big enterprise solution since it no warning any place, no information that anything its wrong. I did found out that it was missing when was looking for the wget download to install directly on some remote server, and did not found 7.3.1. This is not good enough Splunk!!!!

Reply
Solved! Jump to solution

jlucius
Explorer
‎09-16-2019 06:53 AM

Thanks for posting this information. Any more info if it is save to use 7.3.0 or if it is save to use 7.3.1 when not using SmartStore?

0 Karma
Reply
Solved! Jump to solution

xpac
SplunkTrust
SplunkTrust
‎09-17-2019 05:46 AM

If you're not using SmartStore, this issue shouldn't affect you.

0 Karma
Reply
Solved! Jump to solution

claudio_manig
Communicator
‎09-17-2019 05:59 AM

I would not recommend to use a buggy version at all, since this problem may just be the "top of the iceberg"

Reply
Solved! Jump to solution

jlucius
Explorer
‎09-19-2019 03:45 AM

I was asking, because I already updated one system to 7.3.1 and I urgently needed to update another system because of another bug, which I have updated to 7.3.0 now. I need to update all indexers beginning of next week and I am still waiting for a version to do so. Still waiting for 7.3.1.1 or 7.3.2.

0 Karma
Reply
Solved! Jump to solution

eden881
Path Finder
‎09-19-2019 04:30 AM

Splunk 7.3.1.1 is now released.

0 Karma
Reply
Solved! Jump to solution

lakromani
Builder
‎09-18-2019 10:54 AM

Where does Splunk tell me that I should not use 7.3.1 that I have downloaded? They have just removed it. No information at all posted anywhere. Only I found was this post. 7.3.1.1 Still not posted.

0 Karma
Reply
Solved! Jump to solution

maciep
Champion
‎09-17-2019 06:08 AM

it may also result in the first step in troubleshooting anything with support to be to upgrade to something newer.

0 Karma
Reply
Solved! Jump to solution

lakromani
Builder
‎09-16-2019 02:30 AM

This just shows how bad Splunk is to communicate with their users. Removing 7.3.1 and no information at all on their page.

0 Karma
Reply
Solved! Jump to solution

maciep
Champion
‎09-14-2019 07:32 AM

well that's a good question...hopefully it was an accident and not a severe bug or anything...we planned to upgrade to 7.3.1 next week

0 Karma
Reply
Solved! Jump to solution

jlucius
Explorer
‎09-16-2019 02:01 AM

I also wanted to update to 7.3.1 this week because of another bug that has been fixed in 7.3.x. No clue what is happening here, but the communication is not very good.

0 Karma
Reply
Solved! Jump to solution

KevinMurray
Explorer
‎09-14-2019 07:18 AM

I am also waiting for an answer for this.

0 Karma
Reply
Solved! Jump to solution

KevinMurray
Explorer
‎09-14-2019 07:20 AM

When I downloaded it on Thursday, the links on the website gave me 7.2.1, not 7.3.1. I have opened a case with Splunk support, but they have not responded as of yet.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...