New features
This page summarizes the new features and enhancements in each release of Splunk Cloud Platform.
The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.
See also the release notes for the Cloud Monitoring Console app and the Admin Configuration Service for their respective new features.
8.2.2201
Splunk Cloud Platform 8.2.2201 introduces general enhancements and service improvements.
New Feature or Enhancement | Description |
---|---|
The tstats command now uses Bloom filters | The tstats command now uses Bloom filters to exclude buckets from being searched, which speeds up searches for rare terms. This enhancement is the result of Splunk Ideas EID-I-903.
|
Victoria Experience - Self service Index deletion | Enable users to perform self service index deletion. |
Federated Search command enhancements for Standard mode | Support for lookup command in Standard mode for Federated search. |
Updates to Splunk Secure Gateway App in Splunk | Splunk Secure Gateway lets you configure your Connected Experiences mobile app deployment and register devices to a Splunk instance.
This release of Splunk Secure Gateway includes the latest optimizations and bug fixes. For more information, see the Splunk Secure Gateway release notes. |
Upgrade Readiness App - 3.1.0 Upgrade (includes unshipped updates from v3.0.2) | The Upgrade Readiness App now provides further jQuery checks, admin control settings for email notifications, and minor bug fixes. |
Updated experience for v1.0 and v1.1 dashboards | With the impending removal of jQuery 2.x libraries, we want to ensure that users are well aware of the upcoming change. These changes will reflect firmer messaging and will not allow users to dismiss warnings about v1.0 dashboards. |
Updated tokens support for Dashboard Studio | Enhanced token support for using dynamic values in Link to Custom URL and the ability to set default token values in source. |
Updated visualizations in Studio | All Studio visualizations (except maps) now have updated versions which provide enhanced flexibility in dashboard building. We have also added new options to markdown (font color and background color) and table (show internal fields). Single Value Radial has also gotten a refreshed UX and you can now specify a max value other than 100. |
IP allow list management UI | Splunk Cloud Platform admins on deployments that use AWS can now view and edit IP allow lists, including search head API access, indexer ingestion, and more, on a self-service basis, using the IP allow list management page in Splunk Web. This capability is dependent on Admin Config Service (ACS) and ACS does not currently support FedRAMP Moderate environments. For more information, see Configure IP allow lists using Splunk Web. |
The etc/searchscripts directory | Support for the etc/searchscripts directory has been removed, as of version 8.2.2201. All search commands must now be declared in the commands.conf file. |
8.2.2112
Splunk Cloud Platform 8.2.2112 introduces general enhancements and service improvements.
New Feature or Enhancement | Description |
---|---|
Automated private app vetting | Private app installation updates to remove manual app vetting requirements. For more information, see Manage private apps on your Splunk Cloud Platform deployment. |
8.2.2111
Splunk Cloud Platform 8.2.2111 introduces general enhancements and service improvements.
8.2.2109
New Feature or Enhancement | Description |
---|---|
Dashboard Studio: New and updated visualizations | Splunk.* visualizations are available for Area, Bar, Bubble, Column, Ellipse, Image, Line, Markdown, Pie, Rectangle, Scatter. Splunk.* visualizations will support the ability to set a token on click. Two new visualizations are also added: Sankey and Parallel Coordinates. |
Ability to set a token by clicking on a Dashboard Studio visualization | Most splunk.* visualizations now support the ability to set predefined tokens by clicking the visualization. |
Enable usage of global environment tokens in Dashboard Studio | Global environment tokens are now available to use in Dashboard Studio. |
Scheduled Export from Splunk Cloud Platform for Studio Dashboards | The Scheduled PDF Email Export for Dashboard Studio functionality is now available to select Splunk Cloud Platform customers as a Limited Availability Release. For more information see the Limited Availability Release program page and contact your Splunk account representative. |
Dashboard Studio Tutorial | The Dashboard Studio tutorial is a step-by-step guide for creating a dashboard with visualizations that display updated revenue and purchasing trends. For more details, see About the Splunk Dashboard Studio tutorial. |
Package Splunk Secure Gateway App with Splunk | Splunk Secure Gateway lets you configure your Connected Experiences mobile app deployment and register devices to a Splunk instance. The release includes a small change in the removal of device name as a field. |
Manage private apps using the Admin Config Service (ACS) API | Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to install, upgrade, and uninstall private apps and add-ons programmatically. For more information, see Manage private apps in Splunk Cloud Platform in the Admin Config Service Manual. |
Manage indexes using the Admin Config Service (ACS) API | Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to create, update, and delete indexes programatically on Victoria Experience. For more information, see Manage indexes in Splunk Cloud Platform in the Admin Config Service Manual. |
Integrate jQuery into Upgrade Readiness App | The Upgrade Readiness App now provides jQuery and Python 3 support to keep all apps working appropriately in future Splunk versions when old libraries are deprecated. Splunk Cloud Platform admins can request new default Python versions within the Upgrade Readiness App. The Upgrade Readiness App is the newest version of the Python Upgrade Readiness App shipped in previous releases. |
Splunk Product Guidance app | Splunk Product Guidance (SPG) is an in-product app aimed at providing context-driven guidance to assist Splunk Cloud Platform customers with answers to their Search and Data Onboarding use cases and tasks. For more information see Manage the Splunk Product Guidance app on your Splunk Cloud Platform deployment in the Splunk Cloud Platform Admin Manual. |
8.2.2107
New Feature or Enhancement | Description |
---|---|
Federated search enhancements for migration from hybrid search | Transparent mode provides existing hybrid search customers with a smooth transition to federated search. For more information see About federated search. |
Risky commands restrictions | New run_custom_command , run_dump , and run_sendalert capabilities have been added to restrict the execution of risky commands to selected roles. See SPL safeguards for risky commands in Securing Splunk Cloud.
|
Produce events from a JSON array | New format and data options for the makeresults command to more efficiently generate events from inline JSON/CSV data.For more information see the makeresults topic. |
Python Upgrade Readiness App | The Splunk Python Upgrade Readiness App now supports Splunk Cloud Platform. Use the app to identify remediation actions you must take to ensure that your public and private apps are compatible with Python version 3, which will soon become the default Python version in Splunk software. For more information, see About the Splunk Python Upgrade Readiness App. |
Removal of biased language | Removal of biased language from the knowledge bundle replication workflow. |
8.2.2106
New Feature or Enhancement | Description |
---|---|
Dashboard Studio enhancements | Dashboard Studio enhancements:
|
Private app validation on Victoria Experience | Deployments on Victoria Experience now support private app upload with integrated AppInspect validation via Splunk Web, making it easier for admins to manage apps. Limited availability release: Contact your account team to request early access. For more information, see Install private apps on Splunk Cloud Platform. |
Offload UI state from SHC conf | The ability for Apps to specify custom user interface preferences via ui-prefs.conf such as time picker has been removed. This means that application specific UI preferences will not be applied. Users will still be able to set their UI preferences. |
8.2.2105
New Feature or Enhancement | Description |
---|---|
Upgrade SimpleXML Dashboards to Version 1.1 | Some dashboards that use custom JavaScript might not be fully compatible with jQuery 3.5 or higher. To enhance product security, library updates have been made that might impact some dashboards with custom JavaScript. For any impacted dashboards, customers can temporarily reference a previous version of the dashboard by clicking the info icon.
|
HTML Dashboards Deprecation | As of Splunk Cloud Platform 8.2.2105 and Splunk Enterprise 8.2, Splunk has deprecated HTML Dashboards. If you choose to continue to use HTML dashboards, you are responsible for maintaining the dashboards. You can rebuild your HTML dashboards in Dashboard Studio. |
Splunk Secure Gateway app | Updated front page and small bug fixes. Minimal change in the user-facing feature set. |
Workload Management: Ad hoc search quota control |
You can now create admission rules to limit the number of concurrent ad hoc searches, which can help ensure that search slots remain available for critical scheduled searches. For more information, see Configure admission rules to prefilter searches in the Splunk Cloud Platform Admin Manual. |
Offload UI state from SHC conf | The ability for applications to specify custom user interface preferences via ui-prefs.conf such as time picker will be removed in a future release. This means that application specific UI preferences will not be applied. Users will still be able to set their UI preferences. |
Enterprise Managed Encryption Keys | As a Splunk Cloud Platform administrator, you can now enable the optional Enterprise Managed Encryption Keys (EMEK) capability. Learn about EMEK functionality, limitations, and your responsibilities for maintaining the EMEK model in Secure data with Enterprise Managed Encryption Keys. |
Removed biased language | Biased language has been removed from the Splunk Web UI, in keeping with Splunk's commitment to equality in our actions and products. |
Documentation set improvements | In response to customer feedback, the information in the Splunk Cloud User Manual has been added to the Splunk Cloud Platform Admin Manual and the Splunk Cloud Security Manual and the Splunk Cloud User Manual has been removed from the documentation set. |
8.2.2104
New Feature or Enhancement | Description |
---|---|
Federated Search support for saved searches | Provides the capability to run federated searches that leverage saved searches on remote Splunk Cloud Platform deployments. |
8.1.2103
New Feature or Enhancement | Description |
---|---|
Dashboard Studio | Dashboard Studio is a dashboard-building experience that offers advanced visualization tools and fully customizable layouts to easily create visually-compelling, interactive dashboards with an intuitive UI. Create new dashboards from the Dashboards listing page or save visualizations from Search. For more information, see the Splunk Dashboard Studio manual. |
Federated Search | In version 8.1.2103, Federated Search is now available by default. This feature allows customers with multiple Splunk Cloud Platform deployments to run searches that span those deployments. This release includes the ability to apply knowledge objects from your local deployment to portions of federated searches that are processed on remote deployments. For more information, see About federated search. Federated search is currently unavailable for regulated (FedRAMP, PCI, and HIPAA) Splunk Cloud Platform environments. |
Unified search concurrency limit | In a search head cluster, when a search head reaches its concurrency limit, the ad hoc searches started on that search head will be proxied to other search heads in the cluster rather than getting queued. |
Self-service index deletion | Ability to provide self service index deletion without the need for rolling restart. |
Splunk Secure Gateway app is enabled by default | Allow mobile devices using a Connected Experiences app to securely log into Splunk Cloud Platform instances. Manage and administer your Connected Experiences app deployment using Splunk Secure Gateway. Spacebridge has been certified to meet SOC2, Type 2 and ISO 27001 standards. See the Splunk Secure Gateway release notes for more details. |
Restrict search by data age | Splunk Search now provides a way to restrict end user search results by age of the event. A new option to restrict search results based on the age of the event is available in user role settings. |
8.1.2101
New Feature or Enhancement | Description |
---|---|
Manage HTTP Event Collector (HEC) tokens using the Admin Config Service (ACS) API | Splunk Cloud Platform administrators can now use the Admin Config Service (ACS) API to create and manage HEC tokens programmatically. For more information, see Manage HTTP Event Collector tokens in Splunk Cloud Platform. in the Admin Config Service Manual. |
8.1.2012
New Feature or Enhancement | Description |
---|---|
Federated Search Splunk Cloud-to-Splunk Cloud (limited availability release) | For customers with multiple deployments in Splunk Cloud, ability to search across deployments. Contact Splunk support if you'd like to activate this capability. |
Improved handling of JSON data in Splunkd | Introduced json_array_to_mv and mv_to_json_array commands to improve conversion between these formats.
|
Configure IP allow lists using the Admin Config Service (ACS) API | Splunk Cloud Platform administrators can now configure IP allow lists to control access to Splunk Cloud Platform deployments using the new Admin Config Service (ACS) API. For more information, see Configure IP allow lists for Splunk Cloud. |
8.1.2011
New Feature or Enhancement | Description |
---|---|
Workload Management: Default user message on OOM | Workload management now displays a default message to the user if their search is terminated due to an out of memory (OOM) condition. |
Workload Management: Enable or disable workload rules |
Splunk Cloud admins can now enable or disable individual workload rules and admission rules. For more information, see Enable workload rules and Enable admission rules. |
Durable search | This feature ensures "at-least-once" delivery of events for scheduled reports, which ensures that scheduled reports with incomplete results are rerun. Typical use cases for durable search are scheduled reports that build and maintain summary indexes. For more information, see Make scheduled reports durable to prevent event loss. |
DDSS/DDAA support for GCP | The Dynamic Data Self Storage (DDSS) and Dynamic Data Active Archive (DDAA) features now support data storage for expired Splunk Cloud indexes on Google Cloud Platform (GCP). For more information, see Configure self storage in GCP. |
Improved handling of JSON data in Splunkd | Additional tojson command to improve performance and usability when working with JSON structured data.
|
Global split-by | Global split-by allows users to apply a split-by dimension simultaneously to all charts in their workspace. To learn about splitting by a dimension, see Split time series by dimension. |
8.1.2009
Splunk Cloud 8.1.2009 introduces general enhancements and resolves a number of issues identified in earlier releases.
8.1.2008
New Feature or Enhancement | Description |
---|---|
Splunk Cloud health report | Splunk Cloud admins can now monitor search scheduler health on a real-time basis.
For information on how to configure and use the health report, see Splunk Cloud health report. |
Sub-second metric data storage and retrieval | Metrics administrators can now enable metrics indexes to perform metrics searches with millisecond timestamp precision. To learn about setting up metrics indexes with millisecond timestamp resolution, see Manage Splunk Cloud indexes. |
Source-type-scoped indexed fields | If you index fields from structured data formats with fixed semantic schemas such as JSON, you now can scope them by source type, using wildcard expressions to capture sets of like-named fields. Searches on fields that are indexed with this method complete quicker than searches on fields that are indexed without source-type-scoping. For more information see Scope indexed structured data fields by source type to improve search performance. |
8.0.2007
New Feature or Enhancement | Description |
---|---|
Authentication tokens | Splunk Cloud now lets admins and customers use authentication tokens as credentials to perform Splunk Cloud operations using REST endpoints for some identity providers. For more information, see Set up authentication with tokens.
|
Add domain list in email alert action | Allowed Email Domains feature enables admins to create list of email domains to which users can send emails. This helps to ensure that reports and alerts are not sent to external parties by users, accidentally or otherwise.
|
DDAA and DDSS usage monitoring enhancements | UI updates to DDAA/DDSS to improve usability. |
Parallel Reduce | Enable Parallel Reduce in Splunk Cloud for improved performance |
SPL History Keyboard Navigation | Navigate your search history right from within the search bar, using simple keyboard shortcuts.
|
Splunk Secure Gateway integration | Splunk Secure Gateway facilitates easy mobile engagement via a secure cloud service with end-to-end encryption, acting as a bridge for transferring data from your Splunk Enterprise or Splunk Cloud deployment to mobile devices. |
SAML assertion encryption | SAML assertion encryption now provides admins the option to enable encryption of SAML assertions to provide a higher level of security for authentication services. |
Search failure consistency | More consistent handling of failure conditions for sub-searches, including the rest , inputlookup , and inputcsv commands. Optional require command introduced to automatically fail sub-searches that return 0 results.
|
Workload Management - user messaging improvements | Workload management now displays a default message to the user if a search is aborted by a workload rule. If admin defines a customized message in the workload rule that aborted the search, then the customized message is displayed to the user. |
Table Views enhancements | Table Views now make it easier to create a new table dataset directly from the search home screen.
|
Export Analytics Workspace chart to Splunk Dashboards App (beta) | Analytics Workspace users can now save a chart to a new dashboard in the Splunk Dashboards App (beta) in order to leverage their analytics output in the new dashboard framework.
|
Enhancements to address rolling restarts | The following enhancements are available in this release:
For details, see Managing a rolling restart in Splunk Cloud Platform. |
8.0.2006
New Feature or Enhancement | Description |
---|---|
Search improvement: SPL comments | Search now supports in-line comments, making it easier to explain each step of your search. |
Add 'View Inheritance' of indexes and capabilities for roles and users | View index inheritance now provides Splunk Cloud admins a view of the full set of inherited and assigned indexes that users can search. |
Faster Index metadata lookup | Provides a REST call to fetch the list of indexes, along with metadata and configuration attributes. |
Table views-usability improvements | Usability improvements are added to make it easier to clean and transform table views. |
DDAA Usage Monitoring | Allows monitoring of data usage and consumption for searchable and archival data, relative to customer entitlement. This includes per index & overall data size, data/event time range, and growth rate for archived and restored data. |
Enhancements to address rolling restarts | The following enhancements are available in this release:
For details, see Managing a rolling restart in Splunk Cloud Platform. |
Data Panel Filtering: Key-Value Pairs | Allow users to filter on fields in the data panel in Analytics Workspace by using key-value pairs, in order to simplify the act of browsing to select data. |
8.0.2004
New Feature or Enhancement | Description |
---|---|
Shareable alert suppression across unique searches | Reduces the volume of alert notifications by creating alert suppression groups for alerts that are based on similar searches and run across the same or very similar datasets. When an alert in the group is triggered, all of the alerts in the group are throttled for the suppression period of the triggering alert. See Define alert suppression groups to throttle sets of similar alerts in the Alerting Manual. |
Workload Management enhancement - admission rules | Allows admins to automatically filter potentially harmful searches such as wildcard searches or all-time searches so that they don't negatively impact the rest of the search workload. |
Performance improvements in metrics searches | Delivers performance improvement when running metrics searches in Splunk Cloud. |
Data panel filtering - index selection and time range | Enables you to filter and limit data in the Analytics Workspace based on your use cases. You can find your data faster, have better data organization, and might also improve your performance. |
Removed ability to convert dashboards to HTML | This option is no longer available to users in Splunk Web. |
8.0.2003
New Feature or Enhancement | Description |
---|---|
New msearch arguments improve search performance and responsiveness | The msearch command allows users to run searches that return raw, unaggregated metric data points. However, even msearch searches that run over relatively brief time ranges can cover enormous numbers of data points, causing the searches to be slow to complete or even unresponsive. We have added an argument to msearch called target_per_timeseries that restricts the number of data points that the search returns per metric time series by default, making msearch searches faster and more reliable. We've also added the chunk_size argument to the msearch command. It can further improve the responsiveness of troublesome msearch searches. See msearch in the Search Reference.
|
Y-axis Scaling | You can set the minimum and maximum values for the Y-axis in a chart. Y-axis scaling allows you to customize the timescale and zoom in on the data, making it easier to draw insights from the data presented. See Set the Y Axis scaling on a chart in the Analytics Workspace guide. |
Filter on metrics data sources | You can filter the metrics data sources shown in the Data panel based on index and/or time-range. This allows you to show only those metrics that are relevant to your current use-case. See Filter on metrics data sources in the Analytics Workspace guide.
|
8.0.2001
New Feature or Enhancement | Description |
---|---|
Enhancements to user and role management | Users and Authentication UI now provides several new configuration options for roles and users, including index Wildcards, sc_admin can run a search as a user, last login time/date per user, and force a user to change their password. See Manage Splunk Cloud Users and Roles. |
Metrics enhancement--enhance counter support v3+ with rate_sum() and rate_average() | Provides ability to aggregate rates across metric series in a sensible way to generate their final report or alerts. In this enhancement, we provide a syntax to properly compute a per time series rate and then aggregate on it. See Calculate average and aggregate rates for accumulating counter metrics. |
Metrics enhancement--Summary Index - Ability to specify Metric Index type - to send summary data | Provides ability to specify a Metric Index type as the sink where the summary data flows into. This has advantage in terms of performance and optimized storage. |
Metrics enhancement-- MSIDX Storage Optimizations: Timestamp compression | Timestamp compression in Metric Index reduces storage footprint. |
Metrics enhancement-- Query Time Downsampling Techniques for Metric Store | Downsampling is the process of reducing the resolution of data. Skipping values in blocks will help improve query latency, since backend need not load and process all the values from disk. See the coverage of the every argument for the mstats command in mstats.
|
Workload Management enhancement | Ability to define a custom message for each workload rule that is displayed to end-users when their search triggers a workload rule. See Create a workload rule. |
Analytics Workspace enhancements | The following enhancements are added for this release:
|
8.0
New Feature or Enhancement | Description |
---|---|
Workload management for Splunk Cloud | Workload management enables prioritized provisioning of resource (CPU, memory) allocation for searches, in alignment with business priorities. It allows classification of searches into different resource groups, and then reserves a guaranteed amount of system resources (CPU, memory) per resource group regardless of the load on the system. Splunk Cloud also provides pre-configured workload pools for your use. For details, see Workload Management in the Splunk Cloud Admin Manual. |
Python 3.7 support | Migrate scripts to Python 3.7 compatibility individually over time. Force Python 3.7 usage across instance if Python 3.7 is crucial. |
Security enhancements | Granular access controls; within-index controls. New user interface for Roles management. |
Distributed search | Get up-to-date search results with faster bundle replication. See Cascading knowledge bundle replication in Distributed Search. |
Search performance improvements | Gains in search performance. Grouping of alerts for higher performance. |
Metrics performance improvements | Cost savings with optimized metrics data storage. Wildcard functionality for logs2metrics. |
Analytics Workspace | Create categorical charts (line, column, area, time-column) and run analytical operations on metrics and accelerated datasets. Add reference lines to metrics data for comparison/analysis. |
Histogram metric datatype support | Splunk Cloud now supports the histogram metric datatype, which enables you to bucket your metric data into a time series of histograms. You can use the new histperc macro to estimate percentile (a.k.a. quantile) values for specific time periods based on your histogram time series. See Use histogram metrics in the Metrics Manual. |
HEC timestamp extraction | Keep event metadata (source, sourcetype, host) when ingesting event data from Apache Kafka or AWS Kinesis without the need to maintain custom parsers for things like timestamp extraction. |
Welcome to Splunk Cloud Platform | Known and fixed issues for |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2201
Feedback submitted, thanks!