Splunk® Enterprise

Release Notes

Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Welcome to Splunk Enterprise 8.0

If you are new to Splunk Enterprise, read the Splunk Enterprise Overview. If you are familiar with Splunk Enterprise and want to explore the new features interactively, download the Splunk Enterprise Overview app from Splunkbase.

For system requirements information, see the Installation Manual.

Before proceeding, review the Known Issues for this release.

Splunk Enterprise 8.0 was first released on October 22, 2019.

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk Enterprise, read How to upgrade Splunk Enterprise in the Installation Manual for information you need to know before you upgrade.

See About upgrading: READ THIS FIRST for specific migration tips and information that might affect you when you upgrade.

The Deprecated and removed features topic lists computing platforms, browsers, and features for which Splunk has deprecated or removed support in this release.

What's New in 8.0

New Feature or Enhancement Description
Python 3.7 support Splunk Enterprise 8.0 introduces support for Python 3.7. You can choose to migrate scripts to Python 3.7 compatibility individually or force Python 3.7 usage across an instance.

See the Python 3 Migration manual for more information.

Workload management Align resource allocation with business priorities through an enhanced rules framework that now includes search type, such as scheduled and ad hoc, and search mode (realtime and historical).

Reduce the impact and surface area of rogue searches through automated remediation based on administrator-defined rules and actions.

Increased flexibility for managing workloads during peak/off-peak hours through schedule-based rules.

See Create workload rules in the Workload Management manual.

Analytics Workspace Create categorical charts (line, column, area, time-column) and run analytical operations on metrics and accelerated datasets.

Add reference lines to metrics data for comparison/analysis.

Create fast and highly performant streaming alerts.

Visualize events data timeline along with metrics for root-cause analysis.

Expanded time-range picker provides better control over the data to analyze.

Metrics performance improvements Cost savings with optimized metrics data storage.

Wildcard functionality for logs2metrics.

Search performance improvements Improved execution of stats command, improved memory usage and performance of lookups, and general search evaluator performance improvements.
Data model acceleration health stats Additional information for the management of Data Models
Shared data model acceleration summaries Ability to share data model acceleration summaries between search heads in a cluster
Alerting Grouping of alerts for better performance.
Histogram metric datatype support Splunk Enterprise now supports the histogram metric datatype, which enables you to bucket your metric data into a time series of histograms. You can use the new histperc macro to estimate percentile (a.k.a. quantile) values for specific time periods based on your histogram time series. See Use histogram metrics in the Metrics Manual.
HEC timestamp extraction Keep event metadata (source, sourcetype, host) when ingesting event data from Apache Kafka or AWS Kinesis without the need to maintain custom parsers for things like timestamp extraction.
Monitoring and operability Single pane of glass to monitor deployment-wide health without running searches. Receive alerts via Pagerduty, email, and Splunk Mobile. See Distributed health report in Monitoring Splunk Enterprise.

Get real-time insights on anomalies and view deployment metrics (trending), component health, and topology all on the same page. See Summary in Monitoring Splunk Enterprise.

Install new health checks from the Health Assistant Add-on directly through the Monitoring Console. See Download health check updates in Monitoring Spunk Enterprise.

Trigger-based and simplified process for collecting diagnostics (diags/pstacks).

Distributed search Get up-to-date search results with faster bundle replication. See Cascading knowledge bundle replication in Distributed Search.
Telemetry enhancements Enhanced telemetry collection to help optimize deployments and improve customer experience. For details about our data collection practices, see Share data in Splunk Enterprise in the Admin Manual.
Security enhancements Granular access controls; within-index controls.

New user interface for Roles management.

Support for Authentication Tokens for REST API and CLI with SAML.

Splunk Dashboards public beta Pixel-perfect layout to fully control dashboard look and feel.

UI-based dashboard editor for easy customization and take-action capabilities.

Drag-and-drop to dynamically move, layer, and resize elements.

Image and icon upload.

Download the beta app from Splunkbase.

What's New in 8.0.1

Splunk Enterprise 8.0.1 was released on December 12, 2019. It introduces the following enhancements and resolves the issues described in Fixed issues.

Enhancement Description
Dynamic configuration of clustering configurations The following clustering configurations are now dynamically configurable and do not require a restart of the cluster master or indexer.
  • max_replication_errors
  • remote_storage_upload_timeout
  • remote_storage_retention_period
  • rep_max_send_timeout
  • rep_max_rcv_timeout
  • target_wait_time
  • use_batch_remote_rep_changes
Rolling restart enhancements for indexer cluster bundle push Reduces the number of rolling restarts required when pushing configuration file changes to indexer cluster peers.
  • More reloadable configuration files, including inputs.conf, web.conf, collections.conf, and others.
  • Apps containing reloadable configuration files are reloadable.
  • HEC CRUD operations are now reloadable.
  • Majority of indexer cluster bundle pushes are now reloadable.

What's New in 8.0.2

Splunk Enterprise 8.0.2 was released on February 11, 2020. It introduces the following enhancement and resolves the issues described in Fixed issues.

Enhancement Description
Distributed health report Distributed health report adds the following in 8.0.2:
  • VictorOps alert integration.
  • Distributed health report now receives health status information on a central cluster instance from indexer cluster peers and search head cluster members.

See Distributed health report in the Monitoring Splunk Enterprise manual.

What's New in 8.0.3

Splunk Enterprise 8.0.3 was released on April 1, 2020. It introduces the following enhancements and resolves the issues described in Fixed issues.

Enhancement Description
CPU/vCPU usage dashboards New CPU/vCPU usage dashboards in the Monitoring Console provide a central location for tracking physical CPU and virtual CPU (vCPU) resource consumption of distributed deployments and individual instances.

See Resource Usage: CPU Usage in Monitoring Splunk Enterprise.

Documentation updates

Splunk Enterprise 8.0 introduces additional guided data onboarding manuals that provide end-to-end guidance for getting specific data sources into specific Splunk platform deployments. You can find all the guided data onboarding manuals by clicking the Add data tab on the Splunk Enterprise documentation page.

REST API updates

This release includes these new and updated REST API endpoints.

New endpoints:

Updated endpoints:

The REST API Reference Manual describes the endpoints.

Last modified on 20 April, 2020
  Known issues

This documentation applies to the following versions of Splunk® Enterprise: 8.0.3

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters