Splunk® Enterprise

Release Notes

Splunk Enterprise version 7.1 is no longer supported as of October 31, 2020. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Welcome to Splunk Enterprise 7.1

If you are new to Splunk Enterprise, read the Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk 7.1 Overview app from Splunkbase.

For system requirements information, see the Installation Manual.

Before proceeding, review Known Issues for this release and Fixed issues.

Splunk Enterprise 7.1 was released in April, 2018.

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk Enterprise, read How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.

See About upgrading: READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.

The Deprecated features topic lists computing platforms, browsers, and features for which Splunk has deprecated or removed support in this release.

What's New in 7.1

Splunk Enterprise 7.1.10 fixes a significant issue with datetime.xml. See Fixed issues for more information.

New Feature or Enhancement Description
Splunk Web user interface update Significant visual updates to Splunk Web, the interactive graphical user interface for Splunk software.
User Preferences dialog The Account menu on the Splunk bar has a new option, "Preferences", where users can change global and SPL Editor settings, such as using the Full mode with the Search Assistant, turning on line numbers and auto-format in the Search Bar, and selecting a different color theme.
Upgrades to internal Splunk password capabilities The admin user must specify a non-default password when installing . See updated installation procedures for your platform in the Installation Manual.


Admins can configure user lockout after a specified number of failed login attempts and can set custom requirements for password length, complexity, and expiration. See Configure a Splunk password policy in Securing Splunk Enterprise.

Upgrade indexer clusters and search head clusters with minimal search disruption Rolling upgrade of indexer clusters and search head clusters with minimal search disruption. See Use rolling upgrade and Restart the search head cluster in Distributed Search, and Use rolling upgrade and Use rolling restart in Managing Indexers and Clusters of Indexers.
Manual detention of search head cluster members Ability to place a search head cluster member in detention. This is useful for maintenance operations such as Splunk Enterprise upgrades, hardware fault diagnosis, and operating system upgrades. See Put a search head cluster member into detention in Distributed Search.
Simplified monitoring of Splunk software components with REST endpoints Simplified monitoring of Splunk software component health with REST endpoints. Version 7.1 includes the core framework for this capability and the ability to monitor indexer clustering. See About proactive Splunk component monitoring in Monitoring Splunk Enterprise.
Metrics Improvements in metrics storage and query. See mstats in Search Reference.
Parallel reduce search processing New multi-threaded reducer framework and redistribute command allow parallel processing of search results in distributed search environments. See redistribute in Search Reference.
mcollect and meventcollect commands Two new search commands allow you to convert event data into metric data. See mcollect and meventcollect in Search Reference
Diag UI Ability to generate diagnostic files for customer support from Splunk Web, for specific nodes or an entire deployment. See Generate a diagnostic file in the Troubleshooting Manual.
Telemetry scheduling Ability to schedule telemetry collection during off-peak hours. See the "Schedule instrumentation collection" section of Share data in Splunk Enterprise in the Admin Manual.
SAML improvements Improvements to the user interface, conf file settings, and certificate handling in SAML.
KV store live backup and restore Backup and restore the KV store without first shutting down the instance that hosts it. See Back up KV store in the Admin Manual.
Data models Improved data model drilldown.
HTTP Event Collector improvements HEC now performs garbage collection of idle channels, improving performance
Python future and 2to3 packages Splunk Enterprise 7.1.9 and later versions of Splunk Enterprise 7.1.x include the Python libraries "future" and "2to3", which help to make Python 2 syntax compatible with both Python 2 and Python 3. The Splunk Python SDK is dual-compatible via the "Six" library as of v1.6.5, so "future" and "2to3" are most useful for customers who do not use the SDK or who need further modification. See Python 3 Migration for more information.

REST API updates

This release includes these new and updated REST API endpoints.

New endpoints:

Updated endpoints:

The REST API Reference Manual describes the endpoints.

Last modified on 17 April, 2020
  Known issues

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters