Splunk® Enterprise Security

Release Notes

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Acrobat logo Download topic as PDF

Release Notes for Splunk Enterprise Security

This version of Splunk Enterprise Security is compatible only with specific versions of the Splunk platform. See Splunk Enterprise system requirements in the Installation and Upgrade Manual.

Because the navigation now respects your local changes, you might need to make changes to the navigation menu bar after upgrading. See Configure > General > Navigation to see which views are upgraded, new, or deprecated.

What's New

Splunk Enterprise Security version 5.1.0 includes the following enhancements.

New Feature or Enhancement Description
Back up and restore Splunk Enterprise Security on a search head cluster Splunk Enterprise Security provides detailed document how to install in a search head cluster environment and perform the backup and restore operations. See Install Splunk Enterprise Security in a search head cluster environment.
Splunk Web enhancements and version compatibility Splunk Web for Splunk 7.1.0 and Splunk Enterprise Security 5.1.0 provides an updated look and feel. As a result, these two releases of the Splunk platform and Splunk Enterprise Security are only supported with each other.
Sending usage data to Splunk Splunk Enterprise Security 5.1.0 integrates with existing Splunk Enterprise telemetry capabilities to send anonymized user data to Splunk. See Sending usage data to Splunk for Splunk Enterprise Security.

Deprecated features

There are no deprecated features in this version of Splunk Enterprise Security.


Technology-specific add-ons are supported differently than the add-ons that make up the Splunk Enterprise Security framework. See Support for Splunk Enterprise Security and provided add-ons in the Release Notes manual.

Add-on deprecation

The automatic inclusion of add-ons listed in Technology-specific add-ons provided with Enterprise Security is deprecated. In a future release, Splunk Enterprise Security will no longer include all of these add-ons in the Splunk Enterprise Security package. Instead, you can download the add-ons that you need directly from Splunkbase. This change improves the performance of Splunk ES by reducing the number of unnecessary enabled add-ons, and allows you to install the most appropriate and updated versions of add-ons when you install Splunk ES.

Also in a future release, Splunk Enterprise Security will no longer selectively import apps and add-ons based on the name of the app or add-on. After this change, knowledge objects in apps and add-ons installed on the same search head as Splunk Enterprise Security and exported to other apps or globally will be visible in Splunk Enterprise Security.

Updated add-ons

Last modified on 14 May, 2018
Fixed Issues for Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 5.1.0, 5.1.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters