On This Page

v.4.12.2 Release

PRODUCTDATERELEASEADDITIONAL RESOURCES
Search2025-06-18MaintenanceKnown Issues, Cribl Lake Release Notes

Cribl Search 4.12.2 enables you to run Lakehouse-speed searches against multiple Datasets at once, speeds up Amazon S3 searches with Splunk SmartStore Partitioning, brings new and updated Packs, and includes numerous corrections.

Important Changes

These changes to Cribl Search might require you to check or modify existing queries, or other configuration, especially on saved searches.

Deprecation Notice: Dataset Acceleration

Cribl has deprecated the Dataset Acceleration feature and removed it from this release. We invite you to explore Cribl Lakehouses as a new option to speed up searches on designated Datasets. Please continue to report Dataset Acceleration issues through normal Cribl support channels, but assistance for this deprecated feature might be limited.

New Features

This release adds the following new capabilities.

Multiple-Dataset Lakehouse Searches

A query against multiple Lakehouse-assigned Datasets can now run at Lakehouse speed (before, the Lakehouse performance boost worked only with one Dataset at a time).

Beyond the Lakehouse assignment, your query must also meet one of these conditions:

If neither of the above conditions is met, or if your query includes non-Lakehouse Datasets, the search will run at standard speed.

Faster S3 Searches with Splunk SmartStore Partitioning

When you configure an Amazon S3 Dataset with Splunk SmartStore partitioning, a new Advanced section enables you to define a retrospective Time range over which searches will be sped up.

Packs

This release includes new and updated Packs:

Corrections

This release includes numerous fixes to various areas of Cribl Search, most notably:

IDDescription
SEARCH-10174
Known Issue
Search Members with the User Permission can again see saved searches that they created, or to which they were given access.
SEARCH-10157
Known Issue		Search Members with the Editor Permission can again see Cribl Search Packs and their contents.
SEARCH-9497
Known Issue		The week_of_year function now properly follows the ISO standard for weekdays. All edge cases work properly now (for example, early dates in years starting after Thursday are no longer counted as the last week of the prior year).
SEARCH-10017Names of lookup files can now include whitespaces. To reference these lookups, surround their file names with quotes. For example: lookup "foo bar" on baz.
SEARCH-10254The lookup operator now supports file extensions in lookup filenames. For example, lookup foo.csv on bar now works with no error.
SEARCH-8651The datetime() function now supports quotes, as documented. For example, datetime(2022-10-14) now works the same as datetime("2022-10-14").
SEARCH-8592When passed an object, the tostring() function now properly returns a string with the object’s JSON representation. Before, the function returned [object Object].
SEARCH-9692Scheduled searches using the “local timezone” option are no longer incorrectly interpreted as UTC.
SEARCH-10050The send operator now properly records the URL of the Cribl Stream Worker Group to which it sent the data. Before, search logs always indicated that the data was sent to the default Group, even though it was correctly sent to the Group configured by the group parameter.
SEARCH-7350The $vt_results virtual table now correctly displays result sets of more than 10,000 events.
SEARCH-10204Clicking Open in Search in a Dashboard scheduled search now always opens the last run of the search, as intended. Before, in certain cases, it re-ran the search.
LAKE-868Cribl Search now returns results, as intended, for DDSS-formatted Cribl Lake Datasets populated using Direct Access.

See also corrections in the Cribl Lake Release Notes.