Meet Splunk 5.0
Contents
- Known issues and changelogs for the current version
- Planning to upgrade from an earlier version?
- Index replication
- Report acceleration
- Integrated PDF generation
- Dynamic drilldown
- Modular inputs
- REST API versioning and JSON support
- Splunk JavaScript SDK integrated into core
- JSChart enhancements
- New search commands
- Documentation improvements
Meet Splunk 5.0
Welcome to Splunk 5.0!
Read on for information and links into the documentation for all the great new features in this version. You can also watch the introductory video.
For system requirements information, see the Installation Manual.
Known issues and changelogs for the current version
We publish a list of known issues for each version of Splunk, and a changelog of resolved issues for each maintenance release:
- Known Issues for this release
- To see the known issues for a different version, select that version from the Version drop-down menu above and to the right of this topic.
- Changelog for 5.0.1
- Changelog for 5.0.2
Planning to upgrade from an earlier version?
If you plan to upgrade from an earlier version of Splunk to version 5.0, be sure to read "About Upgrading to 5.0 - READ THIS FIRST" in the Installation Manual for important things you'll need to know before you upgrade.
Index replication
Splunk indexers can now be grouped together to replicate each other’s data, maintaining multiple copies of all data – preventing data loss and delivering highly available data for Splunk search. Using index replication, if one or more indexers fail, incoming data continues to get indexed and indexed data continues to be searchable. For more information about index replication, see:
- "About clusters and index replication" in the Managing Indexers and Clusters Manual.
Report acceleration
Accelerating search for reporting over large datasets is now as easy as clicking a checkbox and setting a time range. Summaries are stored on the indexers rather than the search head to allow map reduce parallelism for any search that uses reporting and/or streaming commands. You can enable report acceleration for an eligible search when you save it or add it to a dashboard in the Splunk Web UI. You can also enable report acceleration for an eligible search in Manager > Searches and Reports. For more information about report acceleration summaries, see
- "About report acceleration and summary indexing" in the Knowledge Manager Manual.
Integrated PDF generation
You can now create PDF files from your simple XML dashboards, views, searches, or reports on any OS running on an Intel-compatible platform. All PDF features in Splunk Web work without the need to install the PDF Report Server app. Non-UI PDF reporting functionality also uses Integrated PDF generation. For more information about integrated PDF generation, see:
- "Upgrade PDF printing for Splunk Web" in the Installation Manual.
Dynamic drilldown
Create custom drilldown behavior for any simple XML table or chart. Specify custom drilldown behavior on a per-field basis. Drill down within one dashboard, from a dashboard to form, or to any third-party tool that accepts URLs. Form searches built in simple XML also accept drilldown information so you can connect one form to send information to another. For more information, see:
- "Dynamic drilldown in dashboards and forms" in the Splunk Data Visualizations Manual.
Modular inputs
Enable any data inputs installed by a Splunk App, making them easier to manage and deploy. Inputs appear automatically on the Splunk Manager > Data Inputs page and are accessible from REST API endpoints for advanced management. For more information, see:
- "Modular inputs overview" in Developing Views and Apps for Splunk Web.
REST API versioning and JSON support
Beginning with this release, the REST API is fully versioned, so that if developers embed the version number in a URL, they are guaranteed a particular endpoint behavior. In addition, REST endpoints optionally can now return JSON instead of XML.
Splunk JavaScript SDK integrated into core
The Splunk JavaScript SDK is now completely integrated into the core Splunk product and no longer requires a separate download.
JSChart enhancements
JSChart now supports more configurations, so you can build more charts that show up on iOS devices. Configure custom colors for charts using SeriesColors, rearrange fields in a legend, and more. Additional enhancements increase browser performance. For more information, see:
- "Custom chart configuration reference" in the Working with Splunk Data Visualizations Manual.
New search commands
This release includes some new search commands:
- fieldsummary returns a summary of values for all or a subset of fields.
- multisearch runs multiple searches at the same time.
- predict uses forecasting algorithms to predict future values of fields.
- x11 removes a seasonal pattern so that you can see the trend.
Documentation improvements
The Splunk documentation set has been reorganized for the 5.0 release. This reorganization makes the tutorial a stand-alone document, gives more visibility to key product areas (indexing, search, visualization, alerting, and security), provides better browsing structure in the tables of contents, and creates tighter context for search results. The new content design reflects new Splunk features and addresses customer feedback we have received via doc comments, email, and IRC.
The following table provides details about the reorganization:
| 4.3 title | Organization in Splunk 5.x |
|---|---|
| Installation Manual | Includes architecture information and what gets installed. Capacity planning information has been split, with some material moving to the Distributed Deployment Manual. The storage requirements topics moved to the Managing Indexers and Clusters manual. |
| User Manual | Now four separate manuals:
Some additional topics moved to the Knowledge Manager Manual and the Admin Manual. |
| Admin Manual | Indexing and clustering topics moved into the Managing Indexers and Clusters manual. SSL and security topics move to the Securing Splunk manual. |
| Developing Dashboards, Views, and Apps for Splunk Web | Topics about simple XML moved to Splunk Data Visualizations Manual. The Developing Dashboards, Views, and Apps for Splunk Web manual was retitled to Developing Views and Apps for Splunk Web, which includes advanced XML information, app development topics, and information about scripted and modular inputs. |
| Distributed Deployment Manual | No major changes. Some capacity planning information has moved here from the Installation Manual. |
| Release Notes (this manual) | No major changes |
| Getting Data In | No major changes |
| Troubleshooting Manual | No major changes |
| Search Reference | No major changes |
| REST API Reference | No major changes |
| SDK References | No major changes |
This documentation applies to the following versions of Splunk: 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.