Splunk® Enterprise

Release Notes

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Welcome to Splunk Enterprise 7.1

If you are new to Splunk Enterprise, read the Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk Enterprise 7.1 Overview app from Splunkbase.

For system requirements information, see the Installation Manual.

Before proceeding, review the Known Issues for this release.

Splunk Enterprise 7.1 was released in April, 2018.

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk Enterprise, read How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.

See About upgrading: READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.

The Deprecated features topic lists computing platforms, browsers, and features for which Splunk has deprecated or removed support in this release.

What's New in 7.1

New Feature or Enhancement Description
Splunk Web user interface update Significant visual updates to Splunk Web, the interactive graphical user interface for Splunk software.
User Preferences dialog The Account menu on the Splunk bar has a new option, "Preferences", where users can change global and SPL Editor settings, such as using the Full mode with the Search Assistant, turning on line numbers and auto-format in the Search Bar, and selecting a different color theme.
Upgrades to internal Splunk password capabilities The admin user must specify a non-default password when installing Splunk Enterprise. See updated installation procedures for your platform in the Installation Manual.


Admins can configure user lockout after a specified number of failed login attempts and can set custom requirements for password length, complexity, and expiration. See Configure a Splunk password policy in Securing Splunk Enterprise.

Upgrade indexer clusters and search head clusters with minimal search disruption Rolling upgrade of indexer clusters and search head clusters with minimal search disruption. See Use rolling upgrade and Restart the search head cluster in Distributed Search, and Use rolling upgrade and Use rolling restart in Managing Indexers and Clusters of Indexers.
Manual detention of search head cluster members Ability to place a search head cluster member in detention. This is useful for maintenance operations such as Splunk Enterprise upgrades, hardware fault diagnosis, and operating system upgrades. See Put a search head cluster member into detention in Distributed Search.
Simplified monitoring of Splunk software components with REST endpoints Simplified monitoring of Splunk software component health with REST endpoints. Version 7.1 includes the core framework for this capability and the ability to monitor indexer clustering. See About proactive Splunk component monitoring in Monitoring Splunk Enterprise.
Metrics Improvements in metrics storage and query. See mstats in Search Reference.
Parallel reduce search processing New multi-threaded reducer framework and redistribute command allow parallel processing of search results in distributed search environments. See redistribute in Search Reference.
mcollect and meventcollect commands Two new search commands allow you to convert event data into metric data. See mcollect and meventcollect in Search Reference
Diag UI Ability to generate diagnostic files for customer support from Splunk Web, for specific nodes or an entire deployment. See Generate a diagnostic file in the Troubleshooting Manual.
Telemetry scheduling Ability to schedule telemetry collection during off-peak hours. See the "Schedule instrumentation collection" section of Share data in Splunk Enterprise in the Admin Manual.
SAML improvements Improvements to the user interface, conf file settings, and certificate handling in SAML.
KV store live backup and restore Backup and restore the KV store without first shutting down the instance that hosts it. See Back up KV store in the Admin Manual.
Data models Improved data model drilldown.

REST API updates

This release includes these new and updated REST API endpoints.

New endpoints:

Updated endpoints:

The REST API Reference Manual describes the endpoints.

  NEXT
Known issues

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters