Welcome to Splunk Enterprise 7.1
If you are new to Splunk Enterprise, read the Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk 7.1 Overview app from Splunkbase.
For system requirements information, see the Installation Manual.
Before proceeding, review Known Issues for this release and Fixed issues.
Splunk Enterprise 7.1 was released in April, 2018.
Planning to upgrade from an earlier version?
If you plan to upgrade to this version from an earlier version of Splunk Enterprise, read How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.
See About upgrading: READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.
The Deprecated features topic lists computing platforms, browsers, and features for which Splunk has deprecated or removed support in this release.
What's New in 7.1
Splunk Enterprise 7.1.10 fixes a significant issue with datetime.xml. See Fixed issues for more information.
| New Feature or Enhancement | Description |
|---|---|
| Splunk Web user interface update | Significant visual updates to Splunk Web, the interactive graphical user interface for Splunk software. |
| User Preferences dialog | The Account menu on the Splunk bar has a new option, "Preferences", where users can change global and SPL Editor settings, such as using the Full mode with the Search Assistant, turning on line numbers and auto-format in the Search Bar, and selecting a different color theme. |
| Upgrades to internal Splunk password capabilities | The admin user must specify a non-default password when installing . See updated installation procedures for your platform in the Installation Manual.
|
| Upgrade indexer clusters and search head clusters with minimal search disruption | Rolling upgrade of indexer clusters and search head clusters with minimal search disruption. See Use rolling upgrade and Restart the search head cluster in Distributed Search, and Use rolling upgrade and Use rolling restart in Managing Indexers and Clusters of Indexers. |
| Manual detention of search head cluster members | Ability to place a search head cluster member in detention. This is useful for maintenance operations such as Splunk Enterprise upgrades, hardware fault diagnosis, and operating system upgrades. See Put a search head cluster member into detention in Distributed Search. |
| Simplified monitoring of Splunk software components with REST endpoints | Simplified monitoring of Splunk software component health with REST endpoints. Version 7.1 includes the core framework for this capability and the ability to monitor indexer clustering. See About proactive Splunk component monitoring in Monitoring Splunk Enterprise. |
| Metrics | Improvements in metrics storage and query. See mstats in Search Reference. |
| Parallel reduce search processing | New multi-threaded reducer framework and redistribute command allow parallel processing of search results in distributed search environments. See redistribute in Search Reference.
|
mcollect and meventcollect commands
|
Two new search commands allow you to convert event data into metric data. See mcollect and meventcollect in Search Reference |
| Diag UI | Ability to generate diagnostic files for customer support from Splunk Web, for specific nodes or an entire deployment. See Generate a diagnostic file in the Troubleshooting Manual. |
| Telemetry scheduling | Ability to schedule telemetry collection during off-peak hours. See the "Schedule instrumentation collection" section of Share data in Splunk Enterprise in the Admin Manual. |
| SAML improvements | Improvements to the user interface, conf file settings, and certificate handling in SAML. |
| KV store live backup and restore | Backup and restore the KV store without first shutting down the instance that hosts it. See Back up KV store in the Admin Manual. |
| Data models | Improved data model drilldown. |
| HTTP Event Collector improvements | HEC now performs garbage collection of idle channels, improving performance |
| Python future and 2to3 packages | Splunk Enterprise 7.1.9 and later versions of Splunk Enterprise 7.1.x include the Python libraries "future" and "2to3", which help to make Python 2 syntax compatible with both Python 2 and Python 3. The Splunk Python SDK is dual-compatible via the "Six" library as of v1.6.5, so "future" and "2to3" are most useful for customers who do not use the SDK or who need further modification. See Python 3 Migration for more information. |
REST API updates
This release includes these new and updated REST API endpoints.
New endpoints:
- cluster/master/control/control/rolling_upgrade_finalize
- cluster/master/control/control/rolling_upgrade_init
- cluster/master/health
- cluster/master/status
- cluster/slave/control/control/decommission
- kvstore/backup/create
- kvstore/backup/restore
- server/health/splunkd
- server/health/splunkd/details
- server/health-config/{feature_name}
- shcluster/captain/control/control/upgrade-init
- shcluster/captain/control/control/upgrade-finalize
- shcluster/config/config
- shcluster/member/control/control/set_manual_detention
- shcluster/status
Updated endpoints:
The REST API Reference Manual describes the endpoints.
| Known issues |
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10
Download manual
Feedback submitted, thanks!