- What's New
- Known Issues
- Issues Fixed in Advanced Analytics i54.5 (General Availability)
- Issues Fixed in Advanced Analytics i54.6
Issues Fixed in Advanced Analytics i54.5 (General Availability)
There was an error adding a worker node to clusters with three or more nodes, where at least one of the nodes is a Log Ingestion Messaging Engine (LIME) node and the cluster has a Hadoop Distributed File System (HDFS) High Availability (HA) setup; specifically, clusters with:
The inventory files that list the nodes in the NameNode and JournalNode groups were incorrectly changed and moved to a different host. Now, if a cluster already has three or more nodes and an HDFS HA setup, the inventory file isn't changed.
In some environments, the Analytics Engine couldn't begin processing because some connection threads to the MongoDB database expired while the Analytics Engine was initializing. The MongoDB database loaded models in parallel to maximize efficiency, but while doing this, surpassed the number of concurrent connection requests it could make to the Analytics Engine. Now, the MongoDB database limits the concurrent connections it uses to load models in parallel.
Abnormal first access-type rules triggered incorrectly, when a user's activity was normal. The corresponding model wasn't trained correctly because a parameter in the model definition was miscalculated. The calculation for that parameter has been corrected and tuned.
Under certain conditions, the anomaly factor wasn't calculated and inflated risk scores because of other Data Science (DS) server issues. These issues have been resolved.
Some pages, like Health Alerts settings, Account Lockouts watchlist, and some user Smart Timelines™, were slow or failed to load because parallel processes in Advanced Analytics Restful Web Services inefficiently queried the MongoDB database multiple times. We reduced or batched these queries to optimize the time they take to run.
For some deployments, the MongoDB database ran out of disk space because it failed to automatically purge data when it reached 85 percent capacity or after the 180 day default retention period. The database failed to identify data it should purge because of a missing database index. Now, the database ensures that the index exists before purging.
If a user executed a Windows account switch, the accounts they switched to didn't appear next to their name in their profile because Advanced Analytics Restful Web Services fetched account information from the incorrect MongoDB database collection. Now, Advanced Analytics Restful Web Services fetches from the correct collection.
A user's account usernames didn't appear next to their name in their profile because Advanced Analytics Restful Web Services fetched account information from the incorrect MongoDB database collection. Now, Advanced Analytics Restful Web Services fetches from the correct collection.
When you navigated from Splunk to Advanced Analytics, the Home page couldn't load because Advanced Analytics was fetching configurations it couldn't access from Splunk. These configurations have been moved to a file that Advanced Analytics can access wherever it loads.
Issues Fixed in Advanced Analytics i54.5.1 (First Customer Shipment)
In some environments, it was possible that Advanced Analytics didn't display new data because of a deadlock that occurs when ingesting data.
A Log Ingestion and Messaging Engine (LIME) service,
Issues Fixed in Advanced Analytics i54.5.2
Some Advanced Analytics pages were vulnerable to cross-site scripting attacks, which used specially crafted event logs to execute scripts. This issue has been resolved.