lantern.splunk.com Open in urlscan Pro
2600:9000:21f3:bc00:9:633f:12c0:93a1  Public Scan

Form analysis
1 forms found in the DOM

/Special:Search

<form action="/Special:Search">
  <input name="qid" id="mt-qid-skin" type="hidden" value="">
  <input name="fpid" id="mt-search-filter-id" type="hidden" value="230">
  <input name="fpth" id="mt-search-filter-path" type="hidden">
  <input name="path" id="mt-search-path" type="hidden" value="">
  <label class="mt-label" for="mt-site-search-input"> Search </label>
  <input class="mt-text mt-search search-field" name="q" id="mt-site-search-input" placeholder="How can we help you?" type="search">
  <button class="mt-button ui-button-icon mt-icon-site-search-button search-button" type="submit"> Search </button>
</form>

Text Content

Skip to main content
Lantern Home

Login
Documentation
Community
Training & Certification
Support Portal
User Groups
Login

Free Splunk

 



 1. Search site
    Search Search
    Go back to previous article
 2. 1. Sign in

Expand/collapse global hierarchy
 1. Home
 2. Platform
 3. Product Tips
 4. Enterprise
 5. Upgrading Splunk Enterprise
 6. Splunk 9.0.2 FAQ

Expand/collapse global location



SPLUNK 9.0.2 FAQ

 1. Applies To Splunk platform Article Type How-to

 1. Last updated Nov 2, 2022
 2. Save as PDF
 3. Share
     1. Share
     2. Tweet
     3. Share

 

 * Getting Started
   * Extracting insights from Cloud Platform
   * Extracting insights from Enterprise
   * Getting data into Cloud Platform
   * Getting data into Enterprise
   * Getting help with Cloud Platform
   * Getting help with Enterprise
   * Getting help with Splunk Mobile
   * Getting Started with Splunk Data Stream Processor
   * How to set up Splunk Mobile app
   * Implementing use cases in Cloud Platform
   * Implementing use cases in Enterprise
   * Managing your Enterprise deployment
   * Managing your Splunk Cloud Platform deployment
   * Using Splunk Mobile
 * Product Tips
   * Cloud Platform
     * Adding a heavy forwarder to Splunk Cloud Platform
     * Creating allows lists with the Splunk Cloud Platform Admin Configuration
       Service API
     * Managing configurations in Splunk Cloud Platform
     * Optimizing search in Splunk Cloud Platform
     * Preparing your Splunk Cloud Platform instance to upgrade to jQuery 3.5
     * Reducing skipped searches in Splunk Cloud Platform
     * Reviewing data buckets retrieved during restore job
     * Securing the Splunk Cloud Platform
     * Troubleshooting and investigating searches in Splunk Cloud Platform
     * Understanding workload pricing
     * Updating deprecated HTML dashboards in Splunk Cloud Platform
     * Upgrading Splunk Cloud Platform
       * Splunk 9.0.1 FAQ
   * Enterprise
     * Alerting on missing source types
     * Alerting on source type volume with machine learning
     * Following best practices for working with dashboards
     * Getting to know your data
     * Improving data pipeline processing in Splunk Enterprise
     * Merging common values from separate fields
     * Optimizing search in Splunk Enterprise
     * Organizing machine learning data flows
     * Preparing your Splunk Enterprise instance to upgrade to jQuery 3.5
     * Reducing event delay in Splunk Enterprise
     * Reducing low-value data ingestion to improve license usage
     * Reducing skipped searches in Splunk Enterprise
     * Scaling your Splunk Enterprise deployment
     * Understanding best practices for Splunk Connect for Syslog
       * Adding compliance data to syslog data in stream
       * Filtering syslog data to dev null
       * Routing syslog data to custom indexes
     * Updating deprecated HTML dashboards in Splunk Enterprise
     * Upgrading Splunk Enterprise
       * Splunk 9.0.1 FAQ
       * Splunk 9.0.2 FAQ
       * Splunk Enterprise 9.0.0 FAQ
   * Data Stream Processing
     * Converting logs into metrics
 * Data Application
   * Data Types
     * Antivirus data
     * APM tool data
     * Application server data
     * Authentication data
     * Automation, configuration, and deployment tool data
     * Backup data
     * Binary repositories data
     * Blockchain data
     * Build systems data
     * Business service data
     * Code management data
     * Container data
     * CRM, ERP, and other business application data
     * Custom application and debug data
     * Database data
     * Deep packet inspection data
     * DHCP data
     * DNS data
       * Installing and configuring Splunk Stream
     * Endpoint data
     * Firewall data
     * Intrusion detection and prevention data (IDS and IPS)
     * Load balancer data
     * Mail server data
     * Medical device data
     * Mobile device data
     * Network access control data
     * Network protocol data
     * Network router data
     * Network switch data
     * Patch log data
     * Physical card reader data
     * Point of sale data
     * Proxy data
     * RFID/NFC/BLE data
     * Smart meter data
     * SNMP data
     * Storage data
     * System log data
     * System performance data
     * Telephony data
     * Virtualization data
     * Virtual private network data
     * VoIP data
     * Vulnerability scanning data
     * Web server data
   * Data Sources
     * AWS: CloudTrail and CloudWatch
     * *nix: Security logs
     * *nix: Operating system logs
     * AWS: Lambda
     * AWS: VPC Flow Logs
     * Microsoft: Sysmon
     * Dell: EMC Isilon
     * Google: Kubernetes Engine (GKE)
     * Microsoft: Azure Active Directory audit data
     * Microsoft: Office 365
     * Microsoft: Office 365 Reporting
     * AppDynamics
     * Cisco: Adaptive Security Appliance
     * Cisco: Identity Services
     * Cisco: IOS
     * Cisco: Umbrella Investigate
     * Apache: Web Server
     * Apache: Hadoop
     * Atlassian: Bitbucket
     * Kubernetes
     * Carbon Black
     * Palo Alto Networks
     * Symantec: Endpoint Protection
     * Tenable.io
     * Tenable.sc
     * Salesforce
     * Microsoft: Windows event logs
     * Microsoft: Windows process launch
     * Microsoft: Windows security
     * Zscaler
     * Microsoft: Azure Event Hub
     * Google: Workspace
       * Google: Workspace configuration as a SAML IdP with Splunk Cloud
         Platform
     * Google: Cloud asset inventory
     * Apache: Kafka
     * AWS: Elastic Kubernetes Service
     * Zeek
     * Check Point
     * AWS: IAM
     * Crowdstrike
     * Zoom
     * Fortinet: FortiGate
     * Microsoft: IIS Web Server
     * GitHub
     * Microsoft: Azure Storage
     * Google: PubSub
     * Hyperledger: Besu
     * Hyperledger: Fabric
       * Getting started with Splunk Connect for Hyperledger Fabric
       * Getting started with the Splunk App for Hyperledger Fabric
     * Google: Cloud Platform
     * Websense
     * VMware
     * Syslog
       * Splunk Connect For Syslog (SC4S) installation notes for Windows
     * Microsoft: Azure with Data Manager
     * SAP
     * AWS: Migrating inputs to Data Manager
     * ConsenSys Quorum
     * Ethereum
       * Getting started with Splunk Connect for Ethereum
       * Getting started with the Splunk App for Ethereum
     * Corda
 * Splunk Cloud Platform Migration
   * Phase 1: Splunk Cloud Platform migration overview
   * Phase 2: Getting started with your Splunk Cloud Platform migration
   * Phase 3: Determining your readiness for Splunk Cloud Platform migration
   * Phase 4: Preparing for Splunk Cloud Platform migration
   * Phase 5: Migrating to the Splunk Cloud Platform
   * Phase 6: Validating Your Splunk Cloud Platform Deployment
   * Phase 7: Welcome to Splunk Cloud Platform!

Table of contents
 1. Splunk Enterprise deployments
 2. Splunk Cloud Platform deployments

These frequently asked questions address the most commonly asked questions from
Splunk's November 2022 security advisories that can be addressed by upgrading to
Splunk Enterprise 9.0.2. For our Splunk Cloud Platform customers, Splunk will
address these fixes as applicable. See our Splunk Product Security page for the
most up-to-date information and subscribe to get timely updates.

 1. What products are affected by the vulnerabilities mentioned in the Security
    Advisories? 

The Splunk products that are affected by the identified vulnerabilities are
listed in each Security Advisory. See the Splunk Product Security page for the
list. The advisories released on November 2, 2022 affect Splunk Enterprise and
the Splunk Cloud Platform.

 2. Will Splunk release a patch for earlier supported versions of Splunk
    Enterprise and UF?  Do you plan to backport the security updates to Splunk
    8.1.x or 8.2.x versions?

Yes. Each advisory details the affected and fixed versions. See the Splunk
Product Security page for more information.

 3. What vulnerabilities were disclosed?

See the Splunk Product Security page for more information.

 4. Have the vulnerabilities been fully remedied? Are fixes available to
    customers?

Splunk released patches for Splunk Enterprise in the 9.0, 8.1, and 8.2 releases
where applicable. For Splunk Cloud Platform, the fixed versions are listed in
each advisory.

 5. Do I need to configure anything to remedy any of these advisories?

No, it requires no additional customer action other than upgrade for Splunk
Enterprise.

 6. How severe are the vulnerabilities?

These vulnerabilities range from low to high severity and should be carefully
evaluated. Review the individual advisories on the Splunk Product Security page
as well as any applicable mitigations listed in each advisory.

 7. Do the vulnerabilities affect Universal Forwarders?

Refer to the advisories on the Splunk Product Security page which lists the
components where applicable.

 8. Do the vulnerabilities affect heavy-weight forwarders (HWF)?

Refer to the advisories on the Splunk Product Security page which lists the
components where applicable.

 9. What can I do to detect the vulnerabilities?

Splunk provided detections through the Splunk Enterprise Security Content
Updates (ESCU) application to detect the potential exploitation of these
vulnerabilities in customer environments. Customers with ES will get ESCU update
notices, but detections will need to be enabled on their stack/tenant for these
notifications.

 9. Do the vulnerabilities affect older or unlisted versions of the Splunk
    platform?

Splunk has not tested or verified the impact of vulnerabilities on versions it
does not support. Review Splunk’s Support Policy for currently supported
versions.

 11. Are these vulnerabilities being actively exploited? Has Splunk identified
     any indication of a security incident, compromise/breach related to these
     vulnerabilities? Has Splunk identified any customers that have been
     affected by the vulnerabilities? How do I know Splunk/My Splunk Cloud
     deployment/My Enterprise host was not compromised by these vulnerabilities?

There is no evidence of exploitation of the vulnerabilities by any external
parties.

 12. Are there other vulnerabilities Splunk is aware of and has not disclosed?
     What is your disclosure policy?

Splunk follows industry best practices to discover and remedy vulnerabilities
before disclosure. For Splunk’s disclosure policy, see Product Security at
Splunk.

 13. Why is Splunk releasing the Security Advisories now?

For more information on the timing of vulnerability disclosures and security
advisories, refer to the Splunk Product Security page. 

 14. What procedures did Splunk conduct to evaluate the impact?

Splunk executed its standard threat and vulnerability management procedure,
which includes a comprehensive analysis for indications of potential
compromise. 

 15. Did Splunk change the design or implement enhanced measures in its secure
     product development practice as a result of identifying these
     vulnerabilities? 

No. Splunk did not change the design of its controls related to its secure
product development process, patch management, and deployment.

 16. Who identified these vulnerabilities?

Refer to the Acknowledgement section of each advisory on the Splunk Product
Security page.

 17. Where can I get more information?

If you need additional assistance, leverage your standard Splunk Customer
Support channels, create a new support case, or work with your account team.


SPLUNK ENTERPRISE DEPLOYMENTS

 1. What is the upgrade path? Do I need to already be on 9.0 to move to 9.0.2?

Refer to the upgrade path information for 9.0.x as described in the Installation
Manual in the Splunk Documentation.

 2. I can’t upgrade my Splunk Enterprise deployment right now. What are my
    mitigations?

Refer to the individual advisories on Splunk Product Security for any applicable
mitigations.

 3. How can I tell in Splunk Enterprise which version I am running?

For help with identifying your Splunk Enterprise version, refer to Determine
which version of Splunk Enterprise you're running.


SPLUNK CLOUD PLATFORM DEPLOYMENTS

 1. Is Splunk Cloud Platform affected by these vulnerabilities? 

Yes. Refer to the Splunk Product Security page for more information.

 2. When will Splunk update my Splunk Cloud Platform deployment and enable the
    fixes?

Due to the complexity and potential impact of fully remedying a deployment, roll
out requires careful planning and coordination as to not disrupt customers.
Check with your account team for current scheduling. Each advisory also lists
any applicable mitigations.

 3. How can I tell in Splunk Cloud Platform if I have been upgraded?

For help identifying your Splunk Cloud Platform version, refer to Determine
which version of Splunk Enterprise you're running.

 

 1. Back to top
 2. * Splunk 9.0.1 FAQ
    * Splunk Enterprise 9.0.0 FAQ


RECOMMENDED ARTICLES

 1. Splunk 9.0.1 FAQThis FAQ addresses the most commonly asked questions from
    Splunk's August 2022 security advisories that can be addressed by upgrading
    to Splunk Enterp...
 2. Splunk Enterprise 9.0.0 FAQThese frequently asked questions address the most
    commonly asked questions from Splunk's June 2022 security advisories that
    can be addressed by upgrad...
 3. Improving data pipeline processing in Splunk EnterpriseModifying splunkd
    using the props.conf and transforms.conf files can provide more meaningful
    information and redact certain information from the data.
 4. Reducing event delay in Splunk EnterpriseCauses of event delay typically
    fall into one of three main categories, all of which can be reduced to
    increase performance.

 1. Applies To Splunk platform Article Type How-to
 2. Tags This page has no tags.

 1. © Copyright 2022 Splunk Lantern
 2. Powered by CXone Expert ®

 * 
 * 
 * 
 * 
 * 


Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005-2021 Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks
or registered trademarks of Splunk Inc. in the United States and other
countries. All other brand names,product names,or trademarks belong to their
respective owners.

Sign In






THIS WEBSITE USES COOKIES

We use our own and third-party cookies to provide you with a great online
experience. We also use these cookies to improve our products and services,
support our marketing campaigns, and advertise to you on our website and other
websites. Some cookies may continue to collect information after you have left
our website. Learn more here ›

Cookies Settings › Accept Cookies


Give Feedback