Welcome to Splunk Enterprise 7.0
If you are new to Splunk Enterprise, see Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk Enterprise 7.0 Overview app from Splunkbase.
If you are installing Splunk Enterprise for the first time, see System requirements for use of Splunk Enterprise on-premises in the Installation Manual.
Before proceeding, review Known Issues for this release and Fixed issues.
Planning to upgrade from an earlier version?
If you plan to upgrade to this version from an earlier version of Splunk Enterprise, see How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.
See About upgrading to 7.0 READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.
Other helpful links:
- See Known issues for a list of known issues and workarounds that affect this release.
- See Fixed issues for a list of resolved issues in this release.
- See Deprecated features for computing platforms, browsers, and features for which Splunk has deprecated or removed support in version 7.0.
What's New in 7.0
| New feature or enhancement | Description |
|---|---|
| Metrics | Metrics: Ability to ingest and store metric measurements at scale. See Overview of metrics in Metrics. |
| New mstats command: SPL command equivalent to tstats for querying time series from metrics indexes. See mstats in Search Reference. | |
| New mcatalog command: SPL command for performing aggregations on values in metrics indexes. This command is experimental and subject to change. See mcatalog in Search Reference. | |
| Metrics catalog: REST API endpoints to list metrics, dimensions, and values from metrics indexes. See Metrics Catalog endpoint descriptions in REST API Reference Manual. | |
| Event annotations | Correlate logs and metrics in one view. Add additional event context to any time chart. See Event annotations for charts in Dashboards and Visualizations. |
| Chart enhancements | New options to the charting library that provide a better monitoring experience in dashboards. See Chart configuration reference in Dashboards and Visualizations. |
| Faster search performance | Improved data model acceleration performance through increased parallelism during disk writes. Various minor search optimization improvements. |
| Report actions | The custom alert actions selector has been added to the report schedule workflow, providing consistency and enhanced capabilities across the scheduler workflows. See Set up alert actions in the Alerting Manual. |
| Additional monitoring console panels | Additional panels in the Indexing Performance: Instance monitoring console dashboard make it possible to find the CPU time spent on Regex extraction based on source, source type, index, and host. See Indexing performance dashboards in Monitoring Splunk Enterprise. |
REST API updates
This release includes the following new and updated REST API endpoints.
- admin/metrics-reload/_metrics
- catalog/metricstore/metrics
- catalog/metricstore/dimensions
- catalog/metricstore/dimensions/{dimension-name}/values
- data/transforms/statsdextractions
- data/indexes
- data/indexes-extended
The REST API Reference Manual describes the endpoints.
| Known issues |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13
Download manual
Feedback submitted, thanks!