Splunk® Enterprise

Release Notes

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Meet Splunk 5.0

Welcome to Splunk 5.0!

Read on for information and links into the documentation for all the great new features in this version. You can also watch the introductory video.

For system requirements information, see the Installation Manual.

Splunk 5.0 was released on October 30, 2012.

Known issues and changelogs for the current version

We publish a list of known issues for each version of Splunk, and a changelog of resolved issues for each maintenance release:

  • Known Issues for this release
    • To see the known issues for a different version, select that version from the Version drop-down menu above and to the right of this topic.
  • To see the list of issues that have been fixed in maintenance releases of 5.0, click Changelogs (what's been fixed) by version in the menu on the left and select a version from the list.

Planning to upgrade from an earlier version?

If you plan to upgrade from an earlier version of Splunk to version 5.0, be sure to read "About Upgrading to 5.0 - READ THIS FIRST" in the Installation Manual for important things you'll need to know before you upgrade.

Index replication

Splunk indexers can now be grouped together to replicate each other’s data, maintaining multiple copies of all data – preventing data loss and delivering highly available data for Splunk search. Using index replication, if one or more indexers fail, incoming data continues to get indexed and indexed data continues to be searchable. For more information about index replication, see:

Report acceleration

Accelerating search for reporting over large datasets is now as easy as clicking a checkbox and setting a time range. Summaries are stored on the indexers rather than the search head to allow map reduce parallelism for any search that uses reporting and/or streaming commands. You can enable report acceleration for an eligible search when you save it or add it to a dashboard in the Splunk Web UI. You can also enable report acceleration for an eligible search in Manager > Searches and Reports. For more information about report acceleration summaries, see

Integrated PDF generation

You can now create PDF files from your simple XML dashboards, views, searches, or reports on any OS running on an Intel-compatible platform. All PDF features in Splunk Web work without the need to install the PDF Report Server app. Non-UI PDF reporting functionality also uses Integrated PDF generation. For more information about integrated PDF generation, see:

Dynamic drilldown

Create custom drilldown behavior for any simple XML table or chart. Specify custom drilldown behavior on a per-field basis. Drill down within one dashboard, from a dashboard to form, or to any third-party tool that accepts URLs. Form searches built in simple XML also accept drilldown information so you can connect one form to send information to another. For more information, see:

Modular inputs

Enable any data inputs installed by a Splunk App, making them easier to manage and deploy. Inputs appear automatically on the Splunk Manager > Data Inputs page and are accessible from REST API endpoints for advanced management. For more information, see:

REST API versioning and JSON support

Beginning with this release, the REST API is fully versioned, so that if developers embed the version number in a URL, they are guaranteed a particular endpoint behavior. In addition, REST endpoints optionally can now return JSON instead of XML.

Splunk JavaScript SDK integrated into core

The Splunk JavaScript SDK is now completely integrated into the core Splunk product and no longer requires a separate download.

JSChart enhancements

JSChart now supports more configurations, so you can build more charts that show up on iOS devices. Configure custom colors for charts using SeriesColors, rearrange fields in a legend, and more. Additional enhancements increase browser performance. For more information, see:

New search commands

This release includes some new search commands:

  • fieldsummary returns a summary of values for all or a subset of fields.
  • multisearch runs multiple searches at the same time.
  • predict uses forecasting algorithms to predict future values of fields.
  • x11 removes a seasonal pattern so that you can see the trend.

Documentation improvements

The Splunk documentation set has been reorganized for the 5.0 release. This reorganization makes the tutorial a stand-alone document, gives more visibility to key product areas (indexing, search, visualization, alerting, and security), provides better browsing structure in the tables of contents, and creates tighter context for search results. The new content design reflects new Splunk features and addresses customer feedback we have received via doc comments, email, and IRC.

The following table provides details about the reorganization:

4.3 title Organization in Splunk 5.x
Installation Manual Includes architecture information and what gets installed. Capacity planning information has been split, with some material moving to the Distributed Deployment Manual. The storage requirements topics moved to the Managing Indexers and Clusters manual.
User Manual Now four separate manuals:

Some additional topics moved to the Knowledge Manager Manual and the Admin Manual.

Admin Manual Indexing and clustering topics moved into the Managing Indexers and Clusters manual. SSL and security topics move to the Securing Splunk manual.
Developing Dashboards, Views, and Apps for Splunk Web Topics about simple XML moved to Splunk Data Visualizations Manual. The Developing Dashboards, Views, and Apps for Splunk Web manual was retitled to Developing Views and Apps for Splunk Web, which includes advanced XML information, app development topics, and information about scripted and modular inputs.
Distributed Deployment Manual No major changes. Some capacity planning information has moved here from the Installation Manual.
Release Notes (this manual) No major changes
Getting Data In No major changes
Troubleshooting Manual No major changes
Search Reference No major changes
REST API Reference No major changes
SDK References No major changes
  NEXT
Known issues

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18


Comments

It's a wonderful program

Proriseindustries
September 20, 2013

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters