Splunk Cloud Platform

Release Notes

This documentation does not apply to the most recent version of Splunk Cloud Platform. For documentation on the most recent version, go to the latest release.

New features

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

See also the release notes for the Cloud Monitoring Console app and the Admin Configuration Service for their respective new features.


9.0.2209

New Feature or Enhancement Description
Dashboards - Deep Linking for Mobile Users will see a modal that connects to the Splunk Mobile app with a scannable QR code, auto registers the user, and displays their dashboard in the Splunk Mobile app on their mobile device.
Dashboard Studio - Enable Job Inspector Users can inspect the search jobs powering their visualizations in Dashboard Studio. The Job Inspector will show information such as the Search ID and performance information.
Dashboard Studio - Link to Drilldown enhancements Users can pass static tokens between Dashboard Studio dashboards and list all tokens on the target dashboard, including but not limited to input tokens.
Dashboards Trusted Domains List for External Domains Dashboards Trusted Domains List now lets admins limit which domains their users can import images from on their dashboards.
Update Search and Reporting v=null dashboards to v=1.1 Simple XML dashboards in the Search and Reporting app must have a version attribute. Simple XML dashboards in the Search and Reporting app without a specified version attribute will be automatically updated to version=1.1. This attribute specification does not apply to default dashboards in an app's /default/data/ui/views directory.
Show the new search experience from within the Search & Reporting app For customers with the New Search Experience (Preview) enabled, this feature provides an easy link for users to navigate to the new experience from their existing Splunk Cloud Platform Search & Reporting app.
Improved single sign-on experience Splunk Cloud Platform customers can now use their existing credentials and permissions to log in to Splunk cloud-native applications.
Limits.conf self-service UI (opt-in) Splunk Cloud Platform admins can now directly edit select limits.conf settings in Splunk Web, without assistance from Splunk Support.
Small Update to Splunk Secure Gateway App in Splunk Splunk Secure Gateway lets you manage your Connected Experiences (Splunk Mobile & Splunk AR) mobile app deployments and register devices to a Splunk instance. With the latest updates to Splunk Secure Gateway, we've made it easier to open dashboards from web on mobile, streamlined the onboarding flow and simplified the home page for admins.
Mobile Banner It's more convenient to browse Splunk on mobile devices using the Splunk Mobile app. Now users can easily navigate to the app when they try to open Splunk using a mobile browser.
Change to the search_listener parameter for the search/jobs endpoint The search_listener request parameter for the Splunk REST API search/jobs endpoint is disabled as of Splunk Cloud Platform version 9.0.2209.

9.0.2208

New Feature or Enhancement Description
jQuery v3.5 is shipped as default with Splunk Cloud Platform Splunk Cloud Platform now ships with jQuery 3.5 by default. Older jQuery versions are still supported and can be accessed via the jQuery toggle in the internal library settings by Splunk Admins. Splunk will be removing support for all older versions of jQuery in the near future.
Ingest Actions enhancements Set Index capability in Ingest Actions rulesets

New health report indicator: S3 Output

Upgrade Readiness App version 4.0.4 The 4.0.4 version of the Upgrade Readiness App includes minor bug fixes.
AWS PrivateLink support Customers in regulated environments with an AWS presence can send data (Forwarder and HEC traffic) to their Splunk Cloud stack over private endpoints. Private connectivity is available as an opt-in connectivity option with PCI, HIPAA, IRAP, and FedRAMP Moderate subscriptions.
Small Update to Splunk Secure Gateway App in Splunk Splunk Secure Gateway lets you manage your Connected Experiences (Splunk Mobile & Splunk AR) mobile app deployments and register devices to a Splunk instance. With the latest updates to Splunk Secure Gateway, we've fixed encoded character rendering bugs and improved the user experience by adding support for Trellis & Maps in reports.
Federated Search Standard mode enhancements Support for wildcard search in Standard mode.
Theming Support for Search & Reporting App Users can now choose between default systems setting, dark and light mode in the Search and Reporting App.
Phase II - EC Audit Improvements For Knowledge Objects This feature is the continuation of the the enhancement "EC Audit Improvements For Knowledge Objects" that was included in the 8.2.2203 release. In this release, we are addressing more knowledge objects which includes event types, tags and data model.
Updated external content warning messages in Dashboard Studio Users will see updated external content warning messages in Dashboard Studio. By working with the user's administrator, external content must now have its domains added to the Dashboards Trusted Domains List.
External content warnings in Classic Simple XML dashboards Users will see a warning modal regarding external content in their Classic Simple XML dashboards. To remove the warning, users can work with their administrators to add the external content domains to the Dashboards Trusted Domains List. For more details, see Configure Dashboards Trusted Domains List and Content Security Policy setting.
Add Warning for use of S2S V3 (or less) Users will be shown a warning log when old and unsupported version of forwarders (below v6.0) is being used, or if an older Splunk-to-Splunk (S2S) protocol is in use. To remove the warning log messages, users can update their forwarders. Warning messages can also be turned off via log configuration.
Macros now replicate by default to search peers Macros used in apps are now replicated by default to search peers as part of the knowledge bundle in Splunk deployments. As a result of this change, searches that previously failed now run successfully, which could impact downstream performance.

If you don't want to replicate macros for your apps, you can suppress replication in one of the following ways:

    • Install an upgraded version of the app that uses the macro. The app must add the replicate.macros = false setting to the [replicationSettings:refineConf] stanza in the Splunk distsearch.conf file.
    • If your macro is in an app that you don't manage or that can't be updated for other reasons, request help from Splunk Support. If you have a support contract, file a new case using the Splunk Support Portal at Support and Services. Otherwise, contact Splunk Customer Support.

Be aware that disabling distribution of macros might negatively impact your search results.

9.0.2205

New Feature or Enhancement Description
Dashboard Studio: Updated Search Status and Messages Improved search status messaging provides clearer information about search status or errors.
Upgrade Readiness App version 4.0.1 Upgrade Readiness App version 4.0.1 includes Splunk Platform Readiness checks and fixes for minor bugs.
Small Update to Splunk Secure Gateway App in Splunk Splunk Secure Gateway lets you manage your Connected Experiences (Splunk Mobile and Splunk AR) mobile app deployments and register devices to a Splunk instance. With the latest updates to Splunk Secure Gateway, we've given all Splunk users the ability to activate mobile experiences on their instance. We now also support reports on Splunk Mobile.
Dashboards: Warn users when they are leaving Splunk via custom URL drilldown For improved security, users are now prompted to acknowledge any time they're being redirected to a link outside of their deployment.
Granular RBAC for Lookups and KV collections KV Store now provides the ability to configure granular write permissions on KV Store collections for various users and roles. The granular write permissions are broken down into insert, update, and delete permissions.
SHC server-side session invalidation on logout Splunk Search Head (SH) does not invalidate session cookies on all SH peers when a user logs out. With this release, at user logout, all user session cookies on all SH peers are invalidated.
The etc/searchscripts directory Support for the etc/searchscripts directory has been removed, as of version 8.2.2201. All search commands must now be declared in the commands.conf file.

8.2.2203

New Feature or Enhancement Description
App installation workflow improvements The app installation workflow for Splunkbase apps and private apps has been streamlined to make app installation and upgrade easier on Victoria Experience and Classic Experience.
Audit improvements for knowledge objects This feature enhances the existing Splunk Cloud Platform auditing framework to provide customers with insights on the lifecycle of knowledge objects saved search, reports, and alerts through clear audit loggings that provides who created, updated, or deleted the knowledge object, and other details, such as when and how a knowledge object was modified.
Dashboard Studio Dashboard Studio has several enhancements this release, such as setting tokens from search results or search job status, passing tokens from one dashboard to the next, and new cluster maps. For a comprehensive list of new features and enhancements, see What's new in Dashboard Studio in the Splunk Dashboard Studio manual.
Dashboards - Block access to inline style sheets Users now receive a message to reference external style sheets instead of inline styles in SimpleXML dashboards for improved maintainability.
Disabled audit search command The previously deprecated audit search command is now disabled for all customers as of 8.2.2203.
Disabled createrss command The previously deprecated createrss command is now disabled for all customers as of 8.2.2203.
Federated search Standard mode enhancements Support for wildcard search and input lookup in Standard mode.
Federated search Consent UI plan Enables customers to leverage federated search with compliant environments. Added a section to the UI to explain that administrators who enable federated search from deployments with lower compliance to deployments with higher compliance might compromise their compliance. This section includes an checkbox to indicate the administrator has read this message and accepts the risk. For more information, see Define a federated provider.
Federated search command enhancements for standard mode Support for search modes (Fast, Smart, and Verbose) in Standard mode.
Federated search Standard mode enhancements Support for wildcard search and input lookup in Standard mode.
Federated search support for DMAs and TSTATS Provides the capability to run federated searches on data models and DMAs using the TSTATS command. Splunk Cloud Platform administrators can now gain insights from ingested data that is geographically dispersed across multiple Splunk Cloud Platform deployments.
Federated search UI enhancements This release includes the following enhancements to the Federated Search UI:
  • Removed the ability to enable or disable local knowledge objects for standard mode federated providers. The functionality to manage local knowledge objects for standard or transparent mode federated providers is now handled internally.
  • Updated the related application short name functionality, which now only works in standard mode.

If you used Local knowledge objects in an earlier version of Splunk Cloud Platform, see Custom knowledge object coordination for standard mode federated providers.

FedRamp support for federated searches Enables customers to leverage federated search across compliant environments.
Manage limits.conf configurations using the ACS API Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to edit, view, and reset default values for select limits.conf settings programmatically.

For more information, see Manage limits.conf configurations in Splunk Cloud Platform.

Replacement of existing MMDB file shipped with Splunk Cloud Platform With the release of Splunk Cloud Platform version 8.2.2203, the default provider and associated lookup file for the iplocation search command has changed. If you use the iplocation command with the allfields=true option, you will see a difference in the output fields. Both Timezone and MetroCode fields are removed. As an alternative, customers who are using Splunk Cloud Platform 8.2.2106 and higher may upload and use their self-licensed MMDB file, provided it is in a compatible format of MMDB.
Restriction of jQuery 2 libraries Splunk Cloud Platform administrators can now restrict vulnerable jQuery libraries using a toggle available in the Settings UI. Note that restricting these libraries does not require a Splunk restart.
Restriction of unsupported hotlink imports Splunk Cloud administrators can now use a toggle to restrict or unrestrict unsupported hotlink imports. Unsupported hotlink imports are dependencies in Simple XML Custom JS Extensions that directly reference code in Splunk products. These imports are unsupported by Splunk and can introduce breaking changes. Note that restricting these imports does not require a Splunk restart.
Set Studio Dashboard as home dashboard Users can now set Studio dashboards as their home page dashboard.
Support for ingest actions in Victoria Experience - Routing to S3 Enables Splunk Cloud Platform administrators to leverage a UI when configuring AWS S3.
Update to Splunk Secure Gateway App Splunk Secure Gateway lets you manage your Connected Experiences (Splunk Mobile & Splunk AR) mobile app deployments and register devices to a Splunk instance. With the latest updates to Splunk Secure Gateway, we've given you the ability to unlock admin insights, configure your region and highly customize your mobile experience. In addition, we've made it even easier to register and manage your connected devices.
Upgrade Readiness App version 4.0.0 The 4.0.0 version of the Upgrade Readiness App includes fixes for minor bugs.
Webhook allow list UI This security enhancement lets Splunk Cloud Platform administrators restrict the URL endpoints to which webhook alert actions can send HTTP post requests.

For more information, see Configure webhook allow list in Splunk Web.

The etc/searchscripts directory Support for the etc/searchscripts directory has been removed, as of version 8.2.2201. All search commands must now be declared in the commands.conf file.

8.2.2202

New Feature or Enhancement Description
Dashboard Studio Tokens Improvements Users can now specify default token values when configuring drill-down actions. Token values selected through multiselect dropdown can now be individually wrapped with quotes.
Dashboards - Bulk migration from viz.<type> to splunk.<type> Users can now update their dashboard visualizations with one click. These updated visualizations provide greater flexibility and configurability.
Disabled file command The previously deprecated filecommand is now disabled for all customers as of 8.2.2202.
New *_objects capabilities This enhancement helps to ensure that users who are authenticated into Splunk Cloud Platform but hold roles with no capabilities can't read and modify configuration setting REST endpoints. The following two new capabilities have been assigned to the admin, power, sc_admin, and user roles:
  • edit_own_objects: Lets a user edit the objects they own.
  • list_all_objects: Lets a user list all objects.

Note: Custom Splunk roles that do not inherit from default roles, or that have no capabilities at all, will not have these capabilities. If a user receives an error message similar to the following, assign them the appropriate capability:

{"messages":[{"type":"ERROR","text":"You do not have permission to perform this operation (requires capability: list_all_objects)."}]}

Workload management: Enhanced wildcard support in workload rules This enhancement gives Splunk Cloud Platform administrators more flexibility when creating workload rules and admission rules by adding wildcard support to the following predicates: index and role. For example, you can now create rules such as index=prod* or role=support_*.

For more information, see Configure workload rules.

The etc/searchscripts directory Support for the etc/searchscripts directory has been removed, as of version 8.2.2201. All search commands must now be declared in the commands.conf file.

8.2.2201

Splunk Cloud Platform 8.2.2201 introduces general enhancements and service improvements.

New Feature or Enhancement Description
The tstats command now uses Bloom filters The tstats command now uses Bloom filters to exclude buckets from being searched, which speeds up searches for rare terms. This enhancement is the result of Splunk Ideas EID-I-903.
Victoria Experience - Self service Index deletion Enable users to perform self service index deletion.
Federated Search command enhancements for Standard mode Support for lookup command in Standard mode for Federated search.
Updates to Splunk Secure Gateway App in Splunk Splunk Secure Gateway lets you configure your Connected Experiences mobile app deployment and register devices to a Splunk instance.

This release of Splunk Secure Gateway includes the latest optimizations and bug fixes. For more information, see the Splunk Secure Gateway release notes.

Upgrade Readiness App - 3.1.0 Upgrade (includes unshipped updates from v3.0.2) The Upgrade Readiness App now provides further jQuery checks, admin control settings for email notifications, and minor bug fixes.
Updated experience for v1.0 and v1.1 dashboards With the impending removal of jQuery 2.x libraries, we want to ensure that users are well aware of the upcoming change. These changes will reflect firmer messaging and will not allow users to dismiss warnings about v1.0 dashboards.
Updated tokens support for Dashboard Studio Enhanced token support for using dynamic values in Link to Custom URL and the ability to set default token values in source.
Updated visualizations in Studio All Studio visualizations (except maps) now have updated versions which provide enhanced flexibility in dashboard building. We have also added new options to markdown (font color and background color) and table (show internal fields). Single Value Radial has also gotten a refreshed UX and you can now specify a max value other than 100.
IP allow list management UI Splunk Cloud Platform admins on deployments that use AWS can now view and edit IP allow lists, including search head API access, indexer ingestion, and more, on a self-service basis, using the IP allow list management page in Splunk Web. This capability is dependent on Admin Config Service (ACS) and ACS does not currently support FedRAMP Moderate environments.

For more information, see Configure IP allow lists using Splunk Web.
The etc/searchscripts directory Support for the etc/searchscripts directory has been removed, as of version 8.2.2201. All search commands must now be declared in the commands.conf file.

8.2.2112

Splunk Cloud Platform 8.2.2112 introduces general enhancements and service improvements.

New Feature or Enhancement Description
Automated private app vetting Private app installation updates to remove manual app vetting requirements. For more information, see Manage private apps on your Splunk Cloud Platform deployment.

8.2.2111

Splunk Cloud Platform 8.2.2111 introduces general enhancements and service improvements.

8.2.2109

New Feature or Enhancement Description
Dashboard Studio: New and updated visualizations Splunk.* visualizations are available for Area, Bar, Bubble, Column, Ellipse, Image, Line, Markdown, Pie, Rectangle, Scatter. Splunk.* visualizations will support the ability to set a token on click. Two new visualizations are also added: Sankey and Parallel Coordinates.
Ability to set a token by clicking on a Dashboard Studio visualization Most splunk.* visualizations now support the ability to set predefined tokens by clicking the visualization.
Enable usage of global environment tokens in Dashboard Studio Global environment tokens are now available to use in Dashboard Studio.
Scheduled Export from Splunk Cloud Platform for Studio Dashboards The Scheduled PDF Email Export for Dashboard Studio functionality is now available to select Splunk Cloud Platform customers as a Limited Availability Release.

For more information see the Limited Availability Release program page and contact your Splunk account representative.

Dashboard Studio Tutorial The Dashboard Studio tutorial is a step-by-step guide for creating a dashboard with visualizations that display updated revenue and purchasing trends. For more details, see About the Splunk Dashboard Studio tutorial.
Package Splunk Secure Gateway App with Splunk Splunk Secure Gateway lets you configure your Connected Experiences mobile app deployment and register devices to a Splunk instance.

The release includes a small change in the removal of device name as a field.

Manage private apps using the Admin Config Service (ACS) API Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to install, upgrade, and uninstall private apps and add-ons programmatically.

For more information, see Manage private apps in Splunk Cloud Platform in the Admin Config Service Manual.

Manage indexes using the Admin Config Service (ACS) API Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to create, update, and delete indexes programatically on Victoria Experience.

For more information, see Manage indexes in Splunk Cloud Platform in the Admin Config Service Manual.

Integrate jQuery into Upgrade Readiness App The Upgrade Readiness App now provides jQuery and Python 3 support to keep all apps working appropriately in future Splunk versions when old libraries are deprecated. Splunk Cloud Platform admins can request new default Python versions within the Upgrade Readiness App. The Upgrade Readiness App is the newest version of the Python Upgrade Readiness App shipped in previous releases.
Splunk Product Guidance app Splunk Product Guidance (SPG) is an in-product app aimed at providing context-driven guidance to assist Splunk Cloud Platform customers with answers to their Search and Data Onboarding use cases and tasks.

For more information see Manage the Splunk Product Guidance app on your Splunk Cloud Platform deployment in the Splunk Cloud Platform Admin Manual.

8.2.2107

New Feature or Enhancement Description
Federated search enhancements for migration from hybrid search Transparent mode provides existing hybrid search customers with a smooth transition to federated search.

For more information see About federated search.

Risky commands restrictions New run_custom_command, run_dump, and run_sendalert capabilities have been added to restrict the execution of risky commands to selected roles. See SPL safeguards for risky commands in Securing Splunk Cloud.
Produce events from a JSON array New format and data options for the makeresults command to more efficiently generate events from inline JSON/CSV data.

For more information see the makeresults topic.

Python Upgrade Readiness App The Splunk Python Upgrade Readiness App now supports Splunk Cloud Platform. Use the app to identify remediation actions you must take to ensure that your public and private apps are compatible with Python version 3, which will soon become the default Python version in Splunk software.

For more information, see About the Splunk Python Upgrade Readiness App.

Removal of biased language Removal of biased language from the knowledge bundle replication workflow.

8.2.2106

New Feature or Enhancement Description
Dashboard Studio enhancements Dashboard Studio enhancements:
  • Usability improvements including relocation of the Save button for intuitive access and warning messages for unsaved changes
  • Ability to create view-only dashboards with hide button features
  • Markdown visualization option for grid layout
  • Point-and-click UI for adding data sources to inputs
Private app validation on Victoria Experience Deployments on Victoria Experience now support private app upload with integrated AppInspect validation via Splunk Web, making it easier for admins to manage apps. Limited availability release: Contact your account team to request early access.

For more information, see Install private apps on Splunk Cloud Platform.

Offload UI state from SHC conf The ability for Apps to specify custom user interface preferences via ui-prefs.conf such as time picker has been removed. This means that application specific UI preferences will not be applied. Users will still be able to set their UI preferences.
Last modified on 21 June, 2023
Welcome to Splunk Cloud Platform   Known and fixed issues for

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2209


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters