4.2 Release Notes

Current version: 4.2.2


  • 13 Sep 2016 - 4.2.2 - GA
  • 09 Sep 2016 - 4.2.1 - Beta 2
  • 06 Sep 2016 - 4.2.0 - Beta 1

New features

  • Enhanced Insights - Additional functionality for automatic Insight creation based on anomalies that occur close in time, regardless of influencer. See Insight Monitor Configuration and Working with Insights.
  • Improved home page - See the top level view of your data, also with an embedded user configurable dashboard.
  • Email alerting - Troubleshoot on-the-go by receiving content-rich HTML emails when Insights are created or updated, containing a link to the Insight View and useful supporting information. See Alerts for more about how Insight email alerts compare to native Splunk alerts.
  • Periodic summary emails - Receive a regular summary of the Anomalies and Insights Anomaly Detective has found, containing links to the most important ones and support information. See Summary Email Configuration for details.
  • Role based security - The admin_all_objects capability is no longer required to manage anomaly searches and insight monitors. See Security Permissions for more details.

Breaking changes

  • The time format for the Event Feed functionality has changed from %Y-%m-%d %H:%M to %Y-%m-%d %H:%M %Z.
  • New capabilities prelert_write_autoinsight_config, prelert_write_fields_config, prelert_write_realtime_config and prelert_write_summary_config are required to administer Anomaly Detective. These are granted to the built-in Splunk admin role by default, but if you have configured other roles for Anomaly Detective users then these new capabilities need to be added.
  • Out-of-the-box only the admin, prelert_power and prelert_user roles can write to the Prelert KV store collections. This means that other users can no longer add/edit/delete comments, nor change insight status/score/description. You must change the permissions if you have different access requirements.
  • New anomaly searches and insight monitors may not have names that differ from existing anomaly searches or insight monitors only by the case of letters. This constraint is not enforced for existing anomaly searches and insight monitors, but results views may display mixed results when anomaly search or insight monitor names only differ by case.

Analytics Fixes

4.2.0 Beta 1

  • Influencer results are now created when counts go to zero and the influencer field is the partition field.

App Fixes

4.2.2 GA

  • Don’t allow “test” function for corrupt summary email configs.
  • Sort anomaly search list boxes alphabetically in insight monitor config.
  • Periodically clean up KV store progress entries for lookbacks that did not terminate gracefully.

4.2.1 Beta 2

  • Fixed scroll into view for config dialog errors for Firefox.
  • Allow users to view Anomaly Search/Insight Monitor configs read-only while LookBack is running.
  • Added a UI for configuring periodic summary emails.
  • Remember table order and search settings when reloading config lists.

4.2.0 Beta 1

  • Normalization quantiles are updated during Anomaly Search lookback.

See also

This page


You are here