Overview

Recently, Splunk announced a critical vulnerability that will affect most customers starting on 1 January 2020.
We are recommending that all Gemini Data customers patch or upgrade their Splunk instances immediately.

The Problem

Please read details regarding the official problem and solution statement from Splunk here:

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

The Impact

Data with a timestamp that includes a year greater than 2019 will potentially be incorrectly indexed or will NOT be indexed at all.

Clearly, this could result in a loss of data, or the need to re-index or to incorrect data in reports, dashboards, and alerts.

The Fix

Splunk's solution statement outlines the short and long term fixes for this issue.
For your convenience however, Gemini has created a patch for users of Gemini Appliances. Please note that this patch only affects Splunk instances on Gemini nodes, and does not deploy on forwarders.

Download the patch from the Gemini support portal, and add to each appliance that is running Splunk, using the Settings / System Update menu. A confirmation message similar to that below will appear on completion.

Notes:

  • This will stop the Splunk service for a short while during the update
  • In exceptional circumstances, Universal Forwarders may also need to be updated. Ensure you have read and understood the solution statement from Splunk.

Please contact the support team at support@geminidata.com for assistance if required.

Gemini Care

As a general reminder, Gemini’s professional services team is available to help with all of your Splunk management, configuration, and usage issues. To engage with our team of Splunk experts, please contact your sales representative or send an email to contact@geminidata.com