What's new in Splunk 3.1
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
What's new in Splunk 3.1
Form search
Search strings can now contain variables that are rendered as form elements in the SplunkWeb interface. When used with Saved searches, inexperienced users can search efficiently without knowing the details of the search language. This feature simplifies searching by asking the user to input exactly the parameters he is looking for, instead of a complete and potentially complex search.
Search language simplification
As part of a general effort to simplify the search language, equal signs can now be used where double colons were required. In prior releases, search field syntax required a double colon but extracted field syntax required an equal sign. For example, host::splunker for the host search field and myfield=value for the extracted field myfield. Now search and extracted fields can both be used with equal signs in searches.
Archiving
With the introduction of enhanced archiving and export, customers now have the capability to flexibly archive their Splunk data based on time and size, critical for large and long-term data storage issues common with compliance mandates. This data can be easily resurrected back into Splunk for historical searches, and data can be exported simply and easily to put Splunk-gathered data anywhere an operator desires.
This documentation applies to the following versions of Splunk: 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.