Splunk Cloud Platform

Release Notes

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of SplunkCloud. Click here for the latest version.
Acrobat logo Download topic as PDF

New features

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.


New Feature or Enhancement Description
Dashboard Studio: New and updated visualizations Splunk.* visualizations are available for Area, Bar, Bubble, Column, Ellipse, Image, Line, Markdown, Pie, Rectangle, Scatter. Splunk.* visualizations will support the ability to set a token on click. Two new visualizations are also added: Sankey and Parallel Coordinates.
Ability to set a token by clicking on a Dashboard Studio visualization Most splunk.* visualizations now support the ability to set predefined tokens by clicking the visualization.
Enable usage of global environment tokens in Dashboard Studio Global environment tokens are now available to use in Dashboard Studio.
Scheduled Export from Splunk Cloud Platform for Studio Dashboards The Scheduled PDF Email Export for Dashboard Studio functionality is now available to select Splunk Cloud Platform customers as a Limited Availability Release.

For more information see the Limited Availability Release program page and contact your Splunk account representative.

Dashboard Studio Tutorial The Dashboard Studio tutorial is a step-by-step guide for creating a dashboard with visualizations that display updated revenue and purchasing trends. For more details, see About the Splunk Dashboard Studio tutorial.
Package Splunk Secure Gateway App with Splunk Splunk Secure Gateway lets you configure your Connected Experiences mobile app deployment and register devices to a Splunk instance.

The release includes a small change in the removal of device name as a field.

Manage private apps using the Admin Config Service (ACS) API Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to install, upgrade, and uninstall private apps and add-ons programmatically.

For more information, see Manage private apps in Splunk Cloud Platform in the Admin Config Service Manual.

Manage indexes using the Admin Config Service (ACS) API Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to create, update, and delete indexes programatically on Victoria Experience.

For more information, see Manage indexes in Splunk Cloud Platform in the Admin Config Service Manual.

Integrate jQuery into Upgrade Readiness App The Upgrade Readiness App now provides jQuery and Python 3 support to keep all apps working appropriately in future Splunk versions when old libraries are deprecated. Splunk Cloud Platform admins can request new default Python versions within the Upgrade Readiness App. The Upgrade Readiness App is the newest version of the Python Upgrade Readiness App shipped in previous releases.
Splunk Product Guidance app Splunk Product Guidance (SPG) is an in-product app aimed at providing context-driven guidance to assist Splunk Cloud Platform customers with answers to their Search and Data Onboarding use cases and tasks.

For more information see Manage the Splunk Product Guidance app on your Splunk Cloud Platform deployment in the Splunk Cloud Platform Admin Manual.


New Feature or Enhancement Description
Federated search enhancements for migration from hybrid search Transparent mode provides existing hybrid search customers with a smooth transition to federated search.

For more information see About federated search.

Risky commands restrictions New run_custom_commands, run_dump, and run_sendalert capabilities have been added to restrict the execution of risky commands to selected roles. See SPL safeguards for risky commands in Securing Splunk Cloud.
Produce events from a JSON array New format and data options for the makeresults command to more efficiently generate events from inline JSON/CSV data.

For more information see the makeresults topic.

Python Upgrade Readiness App The Splunk Python Upgrade Readiness App now supports Splunk Cloud Platform. Use the app to identify remediation actions you must take to ensure that your public and private apps are compatible with Python version 3, which will soon become the default Python version in Splunk software.

For more information, see About the Splunk Python Upgrade Readiness App.

Removal of biased language Removal of biased language from the knowledge bundle replication workflow.


New Feature or Enhancement Description
Dashboard Studio enhancements Dashboard Studio enhancements:
  • Usability improvements including relocation of the Save button for intuitive access and warning messages for unsaved changes
  • Ability to create view-only dashboards with hide button features
  • Markdown visualization option for grid layout
  • Point-and-click UI for adding data sources to inputs
Private app validation on Victoria Experience Deployments on Victoria Experience now support private app upload with integrated AppInspect validation via Splunk Web, making it easier for admins to manage apps. Limited availability release: Contact your account team to request early access.

For more information, see Install private apps on Splunk Cloud Platform.

Offload UI state from SHC conf The ability for Apps to specify custom user interface preferences via ui-prefs.conf such as time picker has been removed. This means that application specific UI preferences will not be applied. Users will still be able to set their UI preferences.


New Feature or Enhancement Description
Upgrade SimpleXML Dashboards to Version 1.1 Some dashboards that use custom JavaScript might not be fully compatible with jQuery 3.5 or higher. To enhance product security, library updates have been made that might impact some dashboards with custom JavaScript. For any impacted dashboards, customers can temporarily reference a previous version of the dashboard by clicking the info icon.

For more information about dashboard updates, see Manage dashboards that need jQuery updates.

HTML Dashboards Deprecation As of Splunk Cloud Platform 8.2.2105 and Splunk Enterprise 8.2, Splunk has deprecated HTML Dashboards. If you choose to continue to use HTML dashboards, you are responsible for maintaining the dashboards. You can rebuild your HTML dashboards in Dashboard Studio.
Splunk Secure Gateway app Updated front page and small bug fixes. Minimal change in the user-facing feature set.
Workload Management:

Ad hoc search quota control

You can now create admission rules to limit the number of concurrent ad hoc searches, which can help ensure that search slots remain available for critical scheduled searches.

For more information, see Configure admission rules to prefilter searches in the Splunk Cloud Platform Admin Manual.

Offload UI state from SHC conf The ability for applications to specify custom user interface preferences via ui-prefs.conf such as time picker will be removed in a future release. This means that application specific UI preferences will not be applied. Users will still be able to set their UI preferences.
Enterprise Managed Encryption Keys As a Splunk Cloud Platform administrator, you can now enable the optional Enterprise Managed Encryption Keys (EMEK) capability. Learn about EMEK functionality, limitations, and your responsibilities for maintaining the EMEK model in Secure data with Enterprise Managed Encryption Keys.
Removed biased language Biased language has been removed from the Splunk Web UI, in keeping with Splunk's commitment to equality in our actions and products.
Documentation set improvements In response to customer feedback, the information in the Splunk Cloud User Manual has been added to the Splunk Cloud Platform Admin Manual and the Splunk Cloud Security Manual and the Splunk Cloud User Manual has been removed from the documentation set.


New Feature or Enhancement Description
Federated Search support for saved searches Provides the capability to run federated searches that leverage saved searches on remote Splunk Cloud Platform deployments.


New Feature or Enhancement Description
Dashboard Studio Dashboard Studio is a dashboard-building experience that offers advanced visualization tools and fully customizable layouts to easily create visually-compelling, interactive dashboards with an intuitive UI. Create new dashboards from the Dashboards listing page or save visualizations from Search. For more information, see the Splunk Dashboard Studio manual.
Federated Search In version 8.1.2103, Federated Search is now available by default. This feature allows customers with multiple Splunk Cloud Platform deployments to run searches that span those deployments. This release includes the ability to apply knowledge objects from your local deployment to portions of federated searches that are processed on remote deployments. For more information, see About federated search.

Federated search is currently unavailable for regulated (FedRAMP, PCI, and HIPAA) Splunk Cloud Platform environments.

Unified search concurrency limit In a search head cluster, when a search head reaches its concurrency limit, the ad hoc searches started on that search head will be proxied to other search heads in the cluster rather than getting queued.
Self-service index deletion Ability to provide self service index deletion without the need for rolling restart.
Splunk Secure Gateway app is enabled by default Allow mobile devices using a Connected Experiences app to securely log into Splunk Cloud Platform instances. Manage and administer your Connected Experiences app deployment using Splunk Secure Gateway. Spacebridge has been certified to meet SOC2, Type 2 and ISO 27001 standards. See the Splunk Secure Gateway release notes for more details.
Restrict search by data age Splunk Search now provides a way to restrict end user search results by age of the event. A new option to restrict search results based on the age of the event is available in user role settings.


New Feature or Enhancement Description
Manage HTTP Event Collector (HEC) tokens using the Admin Config Service (ACS) API Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to create and manage HEC tokens programmatically.

For more information, see Manage HTTP Event Collector tokens in Splunk Cloud Platform. in the Admin Config Service Manual.


New Feature or Enhancement Description
Federated Search Splunk Cloud-to-Splunk Cloud (limited availability release) For customers with multiple deployments in Splunk Cloud, ability to search across deployments. Contact Splunk support if you'd like to activate this capability.
Improved handling of JSON data in Splunkd Introduced json_array_to_mv and mv_to_json_array commands to improve conversion between these formats.
Configure IP allow lists using the Admin Config Service (ACS) API Splunk Cloud Platform administrators can now configure IP allow lists to control access to Splunk Cloud Platform deployments using the new Admin Config Service (ACS) API.

For more information, see Configure IP allow lists for Splunk Cloud.


New Feature or Enhancement Description
Workload Management: Default user message on OOM Workload management now displays a default message to the user if their search is terminated due to an out of memory (OOM) condition.
Workload Management:

Enable or disable workload rules

Splunk Cloud admins can now enable or disable individual workload rules and admission rules.

For more information, see Enable workload rules and Enable admission rules.

Durable search This feature ensures "at-least-once" delivery of events for scheduled reports, which ensures that scheduled reports with incomplete results are rerun. Typical use cases for durable search are scheduled reports that build and maintain summary indexes.

For more information, see Make scheduled reports durable to prevent event loss.

DDSS/DDAA support for GCP The Dynamic Data Self Storage (DDSS) and Dynamic Data Active Archive (DDAA) features now support data storage for expired Splunk Cloud indexes on Google Cloud Platform (GCP).

For more information, see Configure self storage in GCP.

Improved handling of JSON data in Splunkd Additional tojson command to improve performance and usability when working with JSON structured data.
Global split-by Global split-by allows users to apply a split-by dimension simultaneously to all charts in their workspace.

To learn about splitting by a dimension, see Split time series by dimension.


Splunk Cloud 8.1.2009 introduces general enhancements and resolves a number of issues identified in earlier releases.


New Feature or Enhancement Description
Splunk Cloud health report Splunk Cloud admins can now monitor search scheduler health on a real-time basis.
  • Warns you when high numbers of skipped searches occur.
  • Gets health data from a REST endpoint with no impact on search workloads or indexing latency.

For information on how to configure and use the health report, see Splunk Cloud health report.

Sub-second metric data storage and retrieval Metrics administrators can now enable metrics indexes to perform metrics searches with millisecond timestamp precision.

To learn about setting up metrics indexes with millisecond timestamp resolution, see Manage Splunk Cloud indexes.

Source-type-scoped indexed fields If you index fields from structured data formats with fixed semantic schemas such as JSON, you now can scope them by source type, using wildcard expressions to capture sets of like-named fields. Searches on fields that are indexed with this method complete quicker than searches on fields that are indexed without source-type-scoping.

For more information see Scope indexed structured data fields by source type to improve search performance.


New Feature or Enhancement Description
Authentication tokens Splunk Cloud now lets admins and customers use authentication tokens as credentials to perform Splunk Cloud operations using REST endpoints for some identity providers. For more information, see Set up authentication with tokens.

Add domain list in email alert action Allowed Email Domains feature enables admins to create list of email domains to which users can send emails. This helps to ensure that reports and alerts are not sent to external parties by users, accidentally or otherwise.

For more information, see Email notification action.

DDAA and DDSS usage monitoring enhancements UI updates to DDAA/DDSS to improve usability.
Parallel Reduce Enable Parallel Reduce in Splunk Cloud for improved performance
SPL History Keyboard Navigation Navigate your search history right from within the search bar, using simple keyboard shortcuts.

For more information, see Search history with keyboard navigation.

Splunk Secure Gateway integration Splunk Secure Gateway facilitates easy mobile engagement via a secure cloud service with end-to-end encryption, acting as a bridge for transferring data from your Splunk Enterprise or Splunk Cloud deployment to mobile devices.
SAML assertion encryption SAML assertion encryption now provides admins the option to enable encryption of SAML assertions to provide a higher level of security for authentication services.
Search failure consistency More consistent handling of failure conditions for sub-searches, including the rest, inputlookup, and inputcsv commands. Optional require command introduced to automatically fail sub-searches that return 0 results.

See the new require command. See the strict argument for inputcsv, inputlookup, and rest.

Workload Management - user messaging improvements Workload management now displays a default message to the user if a search is aborted by a workload rule. If admin defines a customized message in the workload rule that aborted the search, then the customized message is displayed to the user.
Table Views enhancements Table Views now make it easier to create a new table dataset directly from the search home screen.

For more information, see Define initial data for a new table dataset.

Export Analytics Workspace chart to Splunk Dashboards App (beta) Analytics Workspace users can now save a chart to a new dashboard in the Splunk Dashboards App (beta) in order to leverage their analytics output in the new dashboard framework.

For more information, see Dashboards in the Analytics Workspace.

Enhancements to address rolling restarts The following enhancements are available in this release:
  • Custom configuration files are now reloadable, further decreasing Splunk Cloud service disruptions caused by rolling restarts when installing apps and updating configuration files.
  • More self-service apps on Splunk Cloud are now reloadable.

For details, see Managing a rolling restart in Splunk Cloud Platform.


New Feature or Enhancement Description
Search improvement: SPL comments Search now supports in-line comments, making it easier to explain each step of your search.
Add 'View Inheritance' of indexes and capabilities for roles and users View index inheritance now provides Splunk Cloud admins a view of the full set of inherited and assigned indexes that users can search.
Faster Index metadata lookup Provides a REST call to fetch the list of indexes, along with metadata and configuration attributes.
Table views-usability improvements Usability improvements are added to make it easier to clean and transform table views.
DDAA Usage Monitoring Allows monitoring of data usage and consumption for searchable and archival data, relative to customer entitlement. This includes per index & overall data size, data/event time range, and growth rate for archived and restored data.
Enhancements to address rolling restarts The following enhancements are available in this release:
  • HEC CRUD operations are now reloadable.
  • Adds more reloadable configuration files, which decreases the number of rolling restarts required when installing apps and updating configuration files, and reduces Splunk Cloud service disruptions.
  • Supports stanza-level reload for inputs.conf.

For details, see Managing a rolling restart in Splunk Cloud Platform.

Data Panel Filtering: Key-Value Pairs Allow users to filter on fields in the data panel in Analytics Workspace by using key-value pairs, in order to simplify the act of browsing to select data.


New Feature or Enhancement Description
Shareable alert suppression across unique searches Reduces the volume of alert notifications by creating alert suppression groups for alerts that are based on similar searches and run across the same or very similar datasets. When an alert in the group is triggered, all of the alerts in the group are throttled for the suppression period of the triggering alert. See Define alert suppression groups to throttle sets of similar alerts in the Alerting Manual.
Workload Management enhancement - admission rules Allows admins to automatically filter potentially harmful searches such as wildcard searches or all-time searches so that they don't negatively impact the rest of the search workload.
Performance improvements in metrics searches Delivers performance improvement when running metrics searches in Splunk Cloud.
Data panel filtering - index selection and time range Enables you to filter and limit data in the Analytics Workspace based on your use cases. You can find your data faster, have better data organization, and might also improve your performance.
Removed ability to convert dashboards to HTML This option is no longer available to users in Splunk Web.


New Feature or Enhancement Description
New msearch arguments improve search performance and responsiveness The msearch command allows users to run searches that return raw, unaggregated metric data points. However, even msearch searches that run over relatively brief time ranges can cover enormous numbers of data points, causing the searches to be slow to complete or even unresponsive. We have added an argument to msearch called target_per_timeseries that restricts the number of data points that the search returns per metric time series by default, making msearch searches faster and more reliable. We've also added the chunk_size argument to the msearch command. It can further improve the responsiveness of troublesome msearch searches. See msearch in the Search Reference.
Y-axis Scaling You can set the minimum and maximum values for the Y-axis in a chart. Y-axis scaling allows you to customize the timescale and zoom in on the data, making it easier to draw insights from the data presented. See Set the Y Axis scaling on a chart in the Analytics Workspace guide.
Filter on metrics data sources You can filter the metrics data sources shown in the Data panel based on index and/or time-range. This allows you to show only those metrics that are relevant to your current use-case. See Filter on metrics data sources in the Analytics Workspace guide.


New Feature or Enhancement Description
Enhancements to user and role management Users and Authentication UI now provides several new configuration options for roles and users, including index Wildcards, sc_admin can run a search as a user, last login time/date per user, and force a user to change their password. See Manage Splunk Cloud Users and Roles.
Metrics enhancement--enhance counter support v3+ with rate_sum() and rate_average() Provides ability to aggregate rates across metric series in a sensible way to generate their final report or alerts. In this enhancement, we provide a syntax to properly compute a per time series rate and then aggregate on it. See Calculate average and aggregate rates for accumulating counter metrics.
Metrics enhancement--Summary Index - Ability to specify Metric Index type - to send summary data Provides ability to specify a Metric Index type as the sink where the summary data flows into. This has advantage in terms of performance and optimized storage.
Metrics enhancement-- MSIDX Storage Optimizations: Timestamp compression Timestamp compression in Metric Index reduces storage footprint.
Metrics enhancement-- Query Time Downsampling Techniques for Metric Store Downsampling is the process of reducing the resolution of data. Skipping values in blocks will help improve query latency, since backend need not load and process all the values from disk. See the coverage of the every argument for the mstats command in mstats.
Workload Management enhancement Ability to define a custom message for each workload rule that is displayed to end-users when their search triggers a workload rule. See Create a workload rule.
Analytics Workspace enhancements The following enhancements are added for this release:
  • Users can visualize dense data as Heatmaps to identify variations across categorical dimensions to start root cause analysis. Easier to identify missing data.
  • Control time-spans for each chart depending upon the type of your data.
  • Draw reference lines (statistical metrics) based on any time-range to compare against current data.
  • Visualize rate of change for counters.

See About the Analytics Workspace.


New Feature or Enhancement Description
Workload management for Splunk Cloud Workload management enables prioritized provisioning of resource (CPU, memory) allocation for searches, in alignment with business priorities. It allows classification of searches into different resource groups, and then reserves a guaranteed amount of system resources (CPU, memory) per resource group regardless of the load on the system. Splunk Cloud also provides pre-configured workload pools for your use. For details, see Workload Management in the Splunk Cloud Admin Manual.
Python 3.7 support Migrate scripts to Python 3.7 compatibility individually over time. Force Python 3.7 usage across instance if Python 3.7 is crucial.
Security enhancements Granular access controls; within-index controls.

New user interface for Roles management.

Distributed search Get up-to-date search results with faster bundle replication. See Cascading knowledge bundle replication in Distributed Search.
Search performance improvements Gains in search performance.

Grouping of alerts for higher performance.

Metrics performance improvements Cost savings with optimized metrics data storage.

Wildcard functionality for logs2metrics.

Analytics Workspace Create categorical charts (line, column, area, time-column) and run analytical operations on metrics and accelerated datasets.

Add reference lines to metrics data for comparison/analysis.
Create fast and highly performant streaming alerts.
Visualize events data timeline along with metrics for root-cause analysis.
Expanded time-range picker provides better control over the data to analyze.

Histogram metric datatype support Splunk Cloud now supports the histogram metric datatype, which enables you to bucket your metric data into a time series of histograms. You can use the new histperc macro to estimate percentile (a.k.a. quantile) values for specific time periods based on your histogram time series.

See Use histogram metrics in the Metrics Manual.

HEC timestamp extraction Keep event metadata (source, sourcetype, host) when ingesting event data from Apache Kafka or AWS Kinesis without the need to maintain custom parsers for things like timestamp extraction.
Last modified on 15 December, 2021
Welcome to Splunk Cloud Platform
Known and fixed issues for

This documentation applies to the following versions of Splunk Cloud Platform: 8.2.2109

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters