Related Answers
Download topic as PDF
Welcome to Splunk Enterprise 7.0
If you are new to Splunk Enterprise, see Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk Enterprise 7.0 Overview app from Splunkbase.
If you are installing Splunk Enterprise for the first time, see System requirements for use of Splunk Enterprise on-premises in the Installation Manual.
Before proceeding, review Known Issues for this release and Fixed issues.
Planning to upgrade from an earlier version?
If you plan to upgrade to this version from an earlier version of Splunk Enterprise, see How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.
See About upgrading to 7.0 READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.
Other helpful links:
- See Known issues for a list of known issues and workarounds that affect this release.
- See Fixed issues for a list of resolved issues in this release.
- See Deprecated features for computing platforms, browsers, and features for which Splunk has deprecated or removed support in version 7.0.
What's New in 7.0
| New feature or enhancement | Description |
|---|---|
| Metrics | Metrics: Ability to ingest and store metric measurements at scale. See Overview of metrics in Metrics. |
| New mstats command: SPL command equivalent to tstats for querying time series from metrics indexes. See mstats in Search Reference. | |
| New mcatalog command: SPL command for performing aggregations on values in metrics indexes. This command is experimental and subject to change. See mcatalog in Search Reference. | |
| Metrics catalog: REST API endpoints to list metrics, dimensions, and values from metrics indexes. See Metrics Catalog endpoint descriptions in REST API Reference Manual. | |
| Event annotations | Correlate logs and metrics in one view. Add additional event context to any time chart. See Event annotations for charts in Dashboards and Visualizations. |
| Chart enhancements | New options to the charting library that provide a better monitoring experience in dashboards. See Chart configuration reference in Dashboards and Visualizations. |
| Faster search performance | Improved data model acceleration performance through increased parallelism during disk writes. Various minor search optimization improvements. |
| Report actions | The custom alert actions selector has been added to the report schedule workflow, providing consistency and enhanced capabilities across the scheduler workflows. See Set up alert actions in the Alerting Manual. |
| Additional monitoring console panels | Additional panels in the Indexing Performance: Instance monitoring console dashboard make it possible to find the CPU time spent on Regex extraction based on source, source type, index, and host. See Indexing performance dashboards in Monitoring Splunk Enterprise. |
REST API updates
This release includes the following new and updated REST API endpoints.
- admin/metrics-reload/_metrics
- catalog/metricstore/metrics
- catalog/metricstore/dimensions
- catalog/metricstore/dimensions/{dimension-name}/values
- data/transforms/statsdextractions
- data/indexes
- data/indexes-extended
The REST API Reference Manual describes the endpoints.
|
NEXT Known issues |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11
Comments
What's changed in 7.0.2?
Sningune - here is the link to the fixed issues list for 7.0.1: http://docs.splunk.com/Documentation/Splunk/7.0.1/ReleaseNotes/Fixedissues. Those fixed issues are the difference between 7.0.0 and 7.0.1. Splunk delivers regular maintenance releases of its products, typically in a 6-8 week cycle, although that can vary.
Two questions...
1. What is difference between 7.0 and 7.0.1?
2. What is next planned release we can expect after 7.0.1?
Hi Russ--
The "Output to CSV" lookup alert action was actually added in 6.6.0, but in that release it was only available for scheduled reports. In 7.0.0 it was made available to alerts as well through the "Report Actions" feature in the above list. That may have made it seem like a new feature to some users.
However, the Output to CSV action wasn't mentioned in the 6.6.0 release notes, so I added something about it there: http://docs.splunk.com/Documentation/Splunk/6.6.0/ReleaseNotes/MeetSplunk
Also new in 7.0: http://docs.splunk.com/Documentation/Splunk/7.0.0/Alert/OutputToCSVLookup
PatG, 7.0.2 provides the additional fixes listed in the Fixed Issues topic for 7.0.2. This topic is located at http://docs.splunk.com/Documentation/Splunk/7.0.2/ReleaseNotes/Fixedissues.