Splunk® Enterprise

Release Notes

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Welcome to Splunk Enterprise 7.0

If you are new to Splunk Enterprise, see Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk Enterprise 7.0 Overview app from Splunkbase.

If you are installing Splunk Enterprise for the first time, see System requirements for use of Splunk Enterprise on-premises in the Installation Manual.

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk Enterprise, see How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.

See About upgrading to 7.0 READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.

Other helpful links:

  • See Known issues for a list of known issues and workarounds that affect this release.
  • See Fixed issues for a list of resolved issues in this release.
  • See Deprecated features for computing platforms, browsers, and features for which Splunk has deprecated or removed support in version 7.0.

What's New in 7.0

New feature or enhancement Description
Metrics Metrics: Ability to ingest and store metric measurements at scale. See Overview of metrics in Metrics.
New mstats command: SPL command equivalent to tstats for querying time series from metrics indexes. See mstats in Search Reference.
New mcatalog command: SPL command for performing aggregations on values in metrics indexes. This command is experimental and subject to change. See mcatalog in Search Reference.
Metrics catalog: REST API endpoints to list metrics, dimensions, and values from metrics indexes. See Metrics Catalog endpoint descriptions in REST API Reference Manual.
Event annotations Correlate logs and metrics in one view. Add additional event context to any time chart. See Event annotations for charts in Dashboards and Visualizations.
Chart enhancements New options to the charting library that provide a better monitoring experience in dashboards. See Chart configuration reference in Dashboards and Visualizations.
Faster search performance Improved data model acceleration performance through increased parallelism during disk writes. Various minor search optimization improvements.
Report actions The custom alert actions selector has been added to the report schedule workflow, providing consistency and enhanced capabilities across the scheduler workflows. See Set up alert actions in the Alerting Manual.
Additional monitoring console panels Additional panels in the Indexing Performance: Instance monitoring console dashboard make it possible to find the CPU time spent on Regex extraction based on source, source type, index, and host. See Indexing performance dashboards in Monitoring Splunk Enterprise.

REST API updates

This release includes the following new and updated REST API endpoints.


The REST API Reference Manual describes the endpoints.

Retrieved from "https://docs.splunk.com/index.php?title=Documentation:Splunk:ReleaseNotes:MeetSplunk:Minty&oldid=915264"
  NEXT
Known issues

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8

Comments

PatG, 7.0.2 provides the additional fixes listed in the Fixed Issues topic for 7.0.2. This topic is located at http://docs.splunk.com/Documentation/Splunk/7.0.2/ReleaseNotes/Fixedissues.

Andrewb splunk, Splunker
February 1, 2018

What's changed in 7.0.2?

PatG
January 31, 2018

Sningune - here is the link to the fixed issues list for 7.0.1: http://docs.splunk.com/Documentation/Splunk/7.0.1/ReleaseNotes/Fixedissues. Those fixed issues are the difference between 7.0.0 and 7.0.1. Splunk delivers regular maintenance releases of its products, typically in a 6-8 week cycle, although that can vary.

Cgales splunk, Splunker
December 4, 2017

Two questions...
1. What is difference between 7.0 and 7.0.1?
2. What is next planned release we can expect after 7.0.1?

Sningune
December 4, 2017

Hi Russ--
The "Output to CSV" lookup alert action was actually added in 6.6.0, but in that release it was only available for scheduled reports. In 7.0.0 it was made available to alerts as well through the "Report Actions" feature in the above list. That may have made it seem like a new feature to some users.

However, the Output to CSV action wasn't mentioned in the 6.6.0 release notes, so I added something about it there: http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/MeetSplunk

Mness, Splunker
October 29, 2017

Also new in 7.0: http://docs.splunk.com/Documentation/Splunk/7.0.0/Alert/OutputToCSVLookup

Ruman splunk, Splunker
October 26, 2017

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters