Fixed issues

The following tables include information on key issues that have been fixed in releases of Splunk Enterprise Security.
Note: Detection versioning is turned off in this version of the release.

Splunk Enterprise Security 8.5.x fixed issues

A list of issues that are fixed in this version of Splunk Enterprise Security.

Splunk Enterprise Security 8.5.1 fixed issues

Following are some issues that are fixed or mitigated in Splunk Enterprise Security version 8.5.1:

Date resolved Issue number Description
2026-04-16 SECHELP-341

Environments with detection versioning turned on might result in the DA-ESS-ContentUpdate (ESCU) and other apps stuck "in-progress" for updating version information. This can prevent you from editing the detections in the UI. As a temporary workaround, detection versioning has been turned off while a permanent fix is developed.
2026-04-16 SECHELP-448

After upgrading to ES version 8.4 or ES version 8.5, ad-hoc searches that are launched from the ES app are run under the Mission Control app context, instead of the ES app context. Knowledge objects such as lookups are based on the search app context.

This can cause the following issues for any customer-configured ES knowledge object that is app-scoped, such as lookups:
  1. Failed inputlookup or other lookup-based searches
  2. Lookup table errors in the ES search bar
  3. Missing enrichment in search results
  4. Field extractions, macros, event types, field aliases, or saved search-related behavior might not work as expected
  5. Silent failures where the search runs but returns incomplete or inconsistent results
2026-04-16 SECHELP-363 Configuration settings in the local/savedsearches.conf file lost or changed after an ES 8.x upgrade. This patch release mitigates this issue with a workaround.

Splunk Enterprise Security 8.5.0 fixed issues

Following are some of the issues fixed in Splunk Enterprise Security version 8.5.0: