Splunk Cloud Platform

Release Notes

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk Cloud Platform. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

What's new

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

See also the release notes for the Cloud Monitoring Console app and the Admin Configuration Service for their respective new features.


New feature, enhancement, or change Description
Federated Search for Amazon S3 Federated Search for Amazon S3 is a new capability to get insights from Amazon S3 buckets without the need for data ingestion. This feature is in preview and will soon be Generally Available for Splunk Cloud Platform customers with AWS cloud stacks, with additional licensing.
Federated Search for Splunk - Federated provider name added to search results When users run federated searches over remote Splunk platform deployments that have been defined as federated providers, the results of those searches include the names of the federated providers that the results were sourced from. Federated provider names appear as values of a splunk_federated_provider field. The splunk_federated_provider field appears in the Interesting Fields list in the Fields sidebar.

See Run federated searches over remote Splunk platform deployments in the Splunk platform Federated Search manual.

This feature requires that both your local Splunk platform deployment and the federated providers you are searching over be upgraded to Splunk Cloud Platform 9.0.2305 or higher, Splunk Enterprise 9.0.6 or higher Splunk Enterprise 9.0.x versions, or Splunk Enterprise 9.1.1 or higher.

Federated Search for Splunk - Lookup command improvements for standard mode federated search When you use the lookup command in standard mode federated searches, you can set local=true in the search to force the lookup portion of the search (and all following commands) to be processed on the search head of your local Splunk platform deployment.

See the lookup topic in the Splunk platform Search Reference.

jQuery 3.5 by default Splunk Cloud Platform now uses jQuery 3.5 by default. The self-service toggle in the UI to re-enable the old jQuery libraries has been removed. Splunk Cloud administrators can no longer choose to enable lower versions in the Internal Library Settings. Users must use the version 3.5 jQuery libraries that are packaged with the Splunk platform by default. Splunk will remove support for all older versions of jQuery in a future release.
Discover Splunk Observability Cloud Splunk Cloud Platform users can discover, learn about, and request a demo of Splunk's observability solution, Splunk Observability Cloud. Users can learn how to examine their logs in context with metrics and traces in Splunk Observability Cloud to monitor and troubleshoot their systems faster and with more efficiency, promoting enterprise resilience.
Dashboard Studio - Post-conversion report When users convert a Simple XML dashboard with the Clone in Dashboard Studio feature, Dashboard Studio automates as many conversions as possible. The post-conversion report will detail which objects or options need manual adjustments after conversion. For more details, see About conversion from Simple XML to Dashboard Studio.
Dashboard Studio - Drilldown: Link to custom search Users can configure drilldowns from their Dashboard Studio dashboards to custom searches.
Dashboard Studio - Drilldown: Link to reports Users can configure drilldowns from their Dashboard Studio dashboards to reports. For more details, see Linking interactions
Dashboard Studio - Events Viewer: Workflow Actions Users can configure workflow actions to work with their Events Viewer visualizations in Dashboard Studio. For more details, see Events viewer.
Dashboard Studio - Bigger better code editor Dashboard editors can now expand the source code editor while making edits in the UI.
Dashboard Studio - Trellis for Single Values Users can apply a trellis layout for single value, single value icon, and single value radial visualizations. For more details, see Trellis layout.
KMS support for Ingest Actions Splunk Cloud Platform customers now have the ability to use SSE-KMS encryption when leveraging Ingest Actions to write data to customer-owned S3 buckets. This capability is enabled through the configuration of AWS cross-account IAM roles.
Hot reload of SSL certificates The current process of certificate rotation on Splunk Cloud Platform nodes requires a maintenance window scheduled to perform a server restart. This feature introduces a new REST API endpoint to rotate server certificate without restarting the server.
Support for OS certificate trust store and certificate management API Many customers (300+ votes) have asked that Splunk should support integration with existing OS trust/certificate stores that include commonly used public CAs. Without this integration, adding additional CA certificates is a manual process that requires uploading these certificates to the Splunk instance filesystem and updating the config settings for root CA paths.
Stats V1 removal Version 1 of the stats command has been removed and replaced with version 2 of the stats command.
Deprecated Splunk platform search execution methods The phased_execution_mode setting is deprecated. Contact Splunk Support to remove this setting from the limits.conf file for your Splunk Cloud Platform deployment if your users get the following warning message: Contact your administrator to remove the 'phased_execution_mode' setting in limits.conf, so this message is not displayed again.
Last modified on 07 November, 2023
Welcome to Splunk Cloud Platform
Known and fixed issues for

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2305 (latest FedRAMP release)

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters