Welcome to Splunk Enterprise 7.0
If you are new to Splunk Enterprise, read the Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk Enterprise 7.0 Overview app from Splunkbase.
For system requirements information, see the Installation Manual.
Before proceeding, review the Known Issues for this release.
Splunk Enterprise 7.0 was released on September 26, 2017.
Planning to upgrade from an earlier version?
If you plan to upgrade to this version from an earlier version of Splunk Enterprise, read How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.
See About upgrading: READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.
The Deprecated features topic lists computing platforms, browsers, and features for which Splunk has deprecated or removed support in this release.
What's New in 7.0
|New Feature or Enhancement||Description|
|Metrics||Metrics: Ability to ingest and store metric measurements at scale. See Overview of metrics in Metrics.|
|New mstats command: SPL command equivalent to tstats for querying time series from metrics indexes. See mstats in Search Reference.|
|New mcatalog command: SPL command for performing aggregations on values in metrics indexes. This command is experimental and subject to change. See mcatalog in Search Reference.|
|Metrics Catalog: REST API endpoints to list metrics, dimensions, and values from metrics indexes. See Metrics Catalog endpoint descriptions in REST API Reference Manual.|
|Event Annotations||Correlate logs and metrics in one view. Add additional event context to any time chart. See Event annotations for charts in Dashboards and Visualizations.|
|Chart Enhancements||New options to the charting library that provide a better monitoring experience in dashboards. See Chart configuration reference in Dashboards and Visualizations.|
|Faster Search Performance||Improved data model acceleration performance through increased parallelism during disk writes. Various minor search optimization improvements.|
|Report Actions||The custom alert actions selector has been added to the report schedule workflow, providing consistency and enhanced capabilities across the scheduler workflows. See Set up alert actions in the Alerting Manual.|
|Additional monitoring console panels||Additional panels in the Indexing Performance: Instance monitoring console dashboard make it possible to find the CPU time spent on Regex extraction based on source, source type, index, and host. See Indexing performance dashboards in Monitoring Splunk Enterprise.|
REST API updates
This release includes the following new and updated REST API endpoints.
The REST API Reference Manual describes the endpoints.
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2