Splunk Enterprise

Where did Splunk 7.3.1 go?

eden881
Path Finder

I need the installation RPM of Splunk 7.3.1 specifically, in order to be version-compatible with another 7.3.1 instance that I already have.
However, the official download page only gives me 7.3.0 now.
In the older releases page, I can only find versions 7.2.x and below.

Where did 7.3.1 go?
I can't seem to find any information about critical issues with 7.3.1 which requires reverting back to 7.3.0...

1 Solution

claudio_manig
Communicator

Feedback from Splunk Support: They decided to take it from the web as there is a bug in it, asking for a more verbose feedback on this bug i got this:

On-prem customers on Splunk Enterprise
7.3.1 using SmartStore are vulnerable to an issue that may impact data
durability under certain conditions.

This issue is triggered during
SmartStore migration, upgrade, rolling
restart or indexer offline operations
in 7.3.1 with active on-going
searches. Under such conditions, a
bucket which recently transitioned
from hot to warm with active searches,
is inadvertently considered as frozen
and discarded leading to loss of the
bucket contents.

I just upgraded a production environment last friday to 7.3.1 and this is far off being helpful- i strongly expect splunk to
-communicate this bug to all users
-Releasing the fix asap as i dont revert to 7.3.0

##UPDATE 17.09.2019##
After reaching out to my splunk contacts i learned that:

  • 7.3.1 was removed from download due to a critical exposure that was found
  • The 7.3.1.1 patch will be released on Wednesday
  • 7.3.2 will likely be released the following week
  • The most current version available now is 7.3.0
  • The critical exposure is affecting smart store
  • Splunk Legal is working on a public communication of this issue

Hope that helps others-

View solution in original post

ChrisG
Splunk Employee
Splunk Employee

It's back now, patched as 7.3.1.1 and available from the download page.

maciep
Champion

I reached out to our account team to share my frustration and disappointment with how Splunk is handling this and asked that they share it with their management. If you can, I suggest you do the same. Maybe if enough of us make noise, they'll change their ways....but won't get my hopes up.

KevinMurray
Explorer

Dear Splunk,

Since most of us Splunk Architects/Admins have to work weekends to upgrade our installations, and mostly without pay or TOIL, it would be prudent for Splunk to inform the customer base when app releases are rescinded so we are not wasting our weekends doing unnecessary work, and in this case jeopardizing the accuracy of data ingested.

claudio_manig
Communicator

Feedback from Splunk Support: They decided to take it from the web as there is a bug in it, asking for a more verbose feedback on this bug i got this:

On-prem customers on Splunk Enterprise
7.3.1 using SmartStore are vulnerable to an issue that may impact data
durability under certain conditions.

This issue is triggered during
SmartStore migration, upgrade, rolling
restart or indexer offline operations
in 7.3.1 with active on-going
searches. Under such conditions, a
bucket which recently transitioned
from hot to warm with active searches,
is inadvertently considered as frozen
and discarded leading to loss of the
bucket contents.

I just upgraded a production environment last friday to 7.3.1 and this is far off being helpful- i strongly expect splunk to
-communicate this bug to all users
-Releasing the fix asap as i dont revert to 7.3.0

##UPDATE 17.09.2019##
After reaching out to my splunk contacts i learned that:

  • 7.3.1 was removed from download due to a critical exposure that was found
  • The 7.3.1.1 patch will be released on Wednesday
  • 7.3.2 will likely be released the following week
  • The most current version available now is 7.3.0
  • The critical exposure is affecting smart store
  • Splunk Legal is working on a public communication of this issue

Hope that helps others-

lakromani
Builder

Why in the world not just post this at their home page and download page???
As its now, I still do upgrade of my big enterprise solution since it no warning any place, no information that anything its wrong. I did found out that it was missing when was looking for the wget download to install directly on some remote server, and did not found 7.3.1. This is not good enough Splunk!!!!

jlucius
Explorer

Thanks for posting this information. Any more info if it is save to use 7.3.0 or if it is save to use 7.3.1 when not using SmartStore?

0 Karma

xpac
SplunkTrust
SplunkTrust

If you're not using SmartStore, this issue shouldn't affect you.

0 Karma

claudio_manig
Communicator

I would not recommend to use a buggy version at all, since this problem may just be the "top of the iceberg"

jlucius
Explorer

I was asking, because I already updated one system to 7.3.1 and I urgently needed to update another system because of another bug, which I have updated to 7.3.0 now. I need to update all indexers beginning of next week and I am still waiting for a version to do so. Still waiting for 7.3.1.1 or 7.3.2.

0 Karma

eden881
Path Finder

Splunk 7.3.1.1 is now released.

0 Karma

lakromani
Builder

Where does Splunk tell me that I should not use 7.3.1 that I have downloaded? They have just removed it. No information at all posted anywhere. Only I found was this post. 7.3.1.1 Still not posted.

0 Karma

maciep
Champion

it may also result in the first step in troubleshooting anything with support to be to upgrade to something newer.

0 Karma

lakromani
Builder

This just shows how bad Splunk is to communicate with their users. Removing 7.3.1 and no information at all on their page.

0 Karma

maciep
Champion

well that's a good question...hopefully it was an accident and not a severe bug or anything...we planned to upgrade to 7.3.1 next week

0 Karma

jlucius
Explorer

I also wanted to update to 7.3.1 this week because of another bug that has been fixed in 7.3.x. No clue what is happening here, but the communication is not very good.

0 Karma

KevinMurray
Explorer

I am also waiting for an answer for this.

0 Karma

KevinMurray
Explorer

When I downloaded it on Thursday, the links on the website gave me 7.2.1, not 7.3.1. I have opened a case with Splunk support, but they have not responded as of yet.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...