Known issues

The following tables include issues and workarounds for releases of Splunk Enterprise Security. Issues are listed in all relevant sections. Some issues appear more than once.

Splunk Enterprise Security 8.3.0 known issues

Date filed Issue number Description
03-09-2026 SECHELP-341

Environments with detection versioning turned on might result in the DA-ESS-ContentUpdate (ESCU) and other apps stuck "in-progress" for updating version information. This can prevent you from editing the detections in the UI.

Splunk Cloud workaround: Detection versioning is turned off for impacted customers. This action reverts detection management to a non-versioned status until a permanent fix is provided.

On-premises workaround:
  1. Disable detection versioning on each of the search heads by disabling the CMS modular input using the API: curl -k -X POST https://{STACK_URL}/servicesNS/nobody/SA-ContentVersioning/data/inputs/cms_parser/main/disable
  2. Restart Splunk.
  3. Disable detection versioning: curl -k https://{STACK_URL}:8089/servicesNS/nobody/SA-ContentVersioning/properties/feature_flags/general \ -X POST \ -d versioning_init="0" \ -d versioning_activated="0"