Splunk tells users to patch ‘Y2K-style’ flaw

Data analytics platform Splunk has told users to patch a flaw in the company’s platform that, starting next year, would cause all sorts of problems for people trying to read and search data.

The problem lies in how the data is timestamped on Splunk, which ingests information from a variety of sources. Starting Jan. 1, unpatched “instances” of the Spunk platform won’t recognize data that is stamped with a two-digit year.

The issue, which affects all iterations of the Splunk platform on any operating system, would keep users from getting accurate results when they query threat data for key information.

“As this is a critical update, there is no option to defer it,” the San Francisco-based company said in an advisory released this week.

To prevent those data problems, users can download an updated version of the file that helps the platform process timestamps, tweak the file itself, or upgrade their platform altogether.

“Left unpatched, the effect on customers could be far-reaching,” antivirus company Sophos said in a blog, comparing the Splunk flaw to computer glitches associated with the turn of the millennium.

Splunk, which has been valued at over $2 billion, went on a spree of acquisitions last year, buying analytics provider KryptonCloud, incident management service VictorOps, and the automation tool Phantom.