Splunk® Enterprise

Release Notes

Acrobat logo Download manual as PDF

Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

Welcome to Splunk Enterprise 6.5

If you are new to Splunk Enterprise, read the Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk Enterprise 6.5 Overview app from Splunkbase.

For system requirements information, see the Installation Manual.

Before proceeding, review the Known Issues for this release.

Splunk Enterprise 6.5 was released on September 27, 2016.

Planning to upgrade from an earlier version?

If you plan to upgrade from an earlier version of Splunk Enterprise to version 6.5, read How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.

See About upgrading to 6.5: READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.

The Deprecated features topic lists computing platforms, browsers, and features for which Splunk has deprecated or removed support in this release.

What's New in 6.5

New Feature or Enhancement Description
Datasets This release introduces datasets, collections of data that you can define and maintain for a specific business purpose. With the Datasets listing page you can view and manage CSV lookup datasets and data model datasets (formerly referred to as data model objects). The Datasets listing page replaces the Pivot listing page.

See Dataset types and usage in the Knowledge Manager Manual.
Splunk Datasets Add-on Install this add-on to design and curate table datasets, a new dataset type. Use the Table Editor to build sophisticated new table datasets without writing SPL queries. Investigate detailed analytical information about the fields in your table dataset with the Summarize Fields view. Open table datasets in Pivot to use them as the basis for visualization-rich reports. Share table datasets with other users and let them contribute to future iterations.

Splunk Cloud users will have this add-on installed by default. See About the Splunk Datasets Add-on in Install and Use the Splunk Datasets Add-on.
Enhanced search assistance Improved SPL readability, debugging, and assistance capabilities in the search editor, making it easier to write better searches.

See Help reading searches and Help building searches in the Search Manual.

Conditional table formatting Apply conditional color formatting to table columns. Highlight field values, add context, or show value distributions.

To learn more, see Format table visualizations in Dashboards and Visualizations.
Number formatting Add units and number formatting at the field level to improve readability of table cells. Formatted numbers can still be sorted by value.

To learn more, see Format table visualizations in Dashboards and Visualizations.
Table reporting Add summary statistics rows to show field totals or percentages.

To learn more, see Format table visualizations in Dashboards and Visualizations.
Dashboard preview You can now preview changes to dashboards and cancel to discard changes. An improved Simple XML source code editor helps you catch syntax errors before saving.

For more information, see Edit dashboards in Dashboards and Visualizations.
Dashboard display improvements Dashboards can now refresh with minimal flicker, resulting in an uninterrupted consumption experience. Users can now improve data density on the page by hiding or showing form inputs.

For more information, see Edit dashboards and the Simple XML reference in Dashboards and Visualizations.
Datamodel drilldown Optimize datamodel drilldown by filtering the datamodel data to remove unneeded evals and lookups.
Improved load-balancing on the
Universal Forwarder
If you use the load balancing feature on your universal forwarders, you can enable a special processor to help improve the distribution of data across the indexers where the forwarders send data.

See Configure improved load balancing with props.conf in the Universal Forwarder Manual.
Indexer cluster data rebalancing Rebalance indexer data across all available indexers to achieve even data distribution and optimal utilization of available physical resources.

See Rebalance the indexer cluster in Managing Indexers and Clusters of Indexers.
Indexer clustering improvements Persistent manual detention, improved recoverability with UI-driven actions to resync bucket state, rollover hot buckets, and delete corrupted buckets, fewer restarts on cluster bundle push, improved site decommissioning, and an option to validate the cluster bundle.

Search head clustering (SHC) improvements SHC health check in Monitoring Console dashboard, option to abstain a node from captain selection, improved recoverability from corrupted Raft state, and ability to quarantine a bad search peer.

See Use the monitoring console to view search head cluster status and troubleshoot issues, Specify captaincy preference, Handle Raft issues, and Quarantine a search peer in Distributed Search.
Licensing and tools Support for new licensing policies like unlimited usage, lighter license enforcement, dev/test licenses, and feature usage telemetry. See Types of Splunk software licenses and Share data in Splunk Enterprise in the Admin Manual.
Splunkbase User experience enhancements to Splunkbase and in-app browser.
Dynamic content in custom alert actions Custom alert actions can now include dynamic content.

For more information, see Dynamic input controls for custom alert actions in Developing Views and Apps for Splunk Web.
Monitoring console improvements Configurable health check assesses several aspects of a Splunk Enterprise deployment. See Access and customize health check in the Monitoring Splunk Enterprise manual.
Machine Learning Toolkit Extends Splunk platform functions and provides a guided modeling environment for Data Analysts and Data Scientists. See About the Machine Learning Toolkit in the Machine Learning Toolkit User Guide. The Machine Learning Toolkit is available as a separate download from Splunkbase.
Hadoop data roll Migrate historical data to Hadoop without loss of functionality.
Splunk Analytics for Hadoop The former Hunk standalone product is now a premium offering within Splunk Enterprise.
Customize the login page Customize the login page using your own background image, custom logo, or custom favicon.

To learn more, see Customize the login page in Developing Views and Apps for Splunk Web.
Two-factor authentication Added support for Duo Security two-factor authentication.
SAML authentication Added support for CA SiteMinder, OneLogin, and Optimal.
Diag upload You can upload a diag or other file directly to your open case using the diag command. See Generate a diag in the Troubleshooting Manual.

Documentation updates

Legacy app building documentation in Developing Views and Apps for Splunk Web has been revised, updated, and moved to the Splunk developer portal. See Develop apps using the Splunk Web framework for this new content.

REST API updates

This release includes the following new and updated REST API endpoints.

  • admin/Duo-MFA
  • admin/Duo-MFA/{name}
  • admin/ProxySSO-auth
  • admin/ProxySSO-auth/{proxy_name}
  • admin/ProxySSO-auth/{proxy_name}/disable
  • admin/ProxySSO-auth/{proxy_name}/enable
  • admin/ProxySSO-groups
  • admin/ProxySSO-groups/{group_name}
  • admin/ProxySSO-user-role-map
  • admin/ProxySSO-user-role-map/{user_name}
  • datamodel/model
  • datamodel/model/{name}
  • kvstore/status
  • messages
  • messages/{message_name}
  • replication/configuration/health
  • saved/searches
  • saved/searches/{name}
  • saved/searches/{name}/dispatch
  • search/jobs
  • server/info
  • server/status/installed-file-integrity
  • server/status/resource-usage/hostwide
  • server/sysinfo
  • services/collector
  • services/collector/raw
  • storage/passwords
  • storage/passwords/{name}

The REST API Reference Manual describes the endpoints.

Last modified on 27 January, 2020
Known issues

This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters