Splunk Cloud Platform

Release Notes

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

What's new

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

See also the release notes for the Cloud Monitoring Console app and the Admin Configuration Service for their respective new features.


New feature, enhancement, or change Description
Ingest Actions available on Splunk Cloud Platform on GCP This unlocks the nearly full suite of Ingest Actions capabilities including 'filter' 'mask' and 'set index' to Splunk Cloud Platform customers on GCP. Routing support to S3 or GCP are not included as part of this release.
Schedule PDF exports for Dashboard Studio You can schedule a PDF export of your dashboards for email delivery. For more details, see Download and schedule email exports of dashboard content for sharing.
Removed file command The previously disabled filecommand is now removed for all customers as of 8.2.2202.
Navigation link to Edge Processor service You can now navigate from Splunk Cloud Platform to the Edge Processor service by opening the Settings menu and then selecting Edge Processor from the Data section. This Edge Processor link is available only when both of these conditions are met:
  • You are logged in as a user that has the edit_edge_processor capability.
  • You are working in a Splunk Cloud Platform deployment that is associated with a cloud tenant that has the Edge Processor service available.
Automatic removal of users on a Splunk platform instance that uses Okta as a Security Assertion Markup Language (SAML) protocol identity provider for authentication When you connect your Splunk platform instance to an Okta SAML identity provider (IdP) for authentication, you can configure the platform so that if you remove a user from the IdP, the platform also removes the Splunk user that is associated with the SAML user. See Configure the Splunk platform to remove users on Okta in the Securing Splunk Cloud Platform Manual.
Role-based field filters do not work upon upgrade to this or later releases Role-based field filters that released as a preview feature in previous versions of Splunk Cloud Platform do not work in this or subsequent releases. Role-based field filters have been replaced by field filters.
Preview feature: Addition of field filters in Splunk Web to protect sensitive information Now you can use field filters in Splunk Web to obfuscate or redact data such as personal identifiable information (PII) and protected health information (PHI), and control which users can see that sensitive information. For more information about field filters, see Protect PII, PHI, and other sensitive data with field filters.

READ THIS FIRST: Should you deploy field filters in your organization? Field filters is a powerful tool that can help many organizations protect their sensitive fields from prying eyes, but it might not be a good fit for everyone. If your organization runs Splunk Enterprise Security or if your users rely heavily on commands that field filters restricts by default (mpreview, mstats, tstats, typeahead, and walklex), do not use field filters in production until you have thoroughly planned how you will work around these restricted commands. See READ THIS: Restricted commands do not work in searches on indexes with field filters in the Securing Splunk platform manual.

To turn on field filters in your Splunk Cloud environment, request help from Splunk Support. If you have a support contract, file a new case using the Splunk Support Portal at Support and Services. Otherwise, contact Splunk Customer Support.

If you used the preview feature, role-based field filters, in a previous release of Splunk Cloud Platform, you must create new field filters to protect your sensitive data. Role-based field filters do not work in this or subsequent releases, and are not compatible with field filters.

Federated Search - Turn all federated providers off or on in batch mode Turn all federated providers for federated search off or on with one REST API call. You can turn off federated search capability for troubleshooting or other reasons, and turn it back on when you are ready to restore federated search service.

This feature applies to Federated Search for Splunk as well as Federated Search for Amazon S3. You can turn off all federated providers for both types of federated search with one REST call. Alternatively, you can turn off all Federated Search for Splunk federated providers while leaving all Federated Search for Amazon S3 federated providers up and running, or vice versa. See Federated search endpoint descriptions.

Federated Search - Turn individual federated indexes off or on Turn a single federated index off or on with one REST API call. If you determine that there may be problems with a specific federated index, turn it off while leaving other federated indexes associated with the same federated provider up and running. When the issues affecting the federated index are resolved, turn the federated index back on.

This feature applies to both Federated Search for Splunk and Federated Search for Amazon S3. See Federated search endpoint descriptions.

Interactive search for Settings menu The Settings menu in Splunk Web now provides an interactive search bar that lets you easily find nested pages up to two levels deep. For example, you can use interactive search to access sub-pages on the Server Settings page, such as the Webhook allow list page, which were previously only accessible by clicking on the parent page.
Use of the _reload action with the rest search command is disabled Do not use the _reload action with the rest command.
Workload Management enhancements Enhanced search_time_range predicate functionality now lets you match workload rules and admission rules to specific search time ranges to improve search efficiency over large amounts of data.

For more information, see Configure workload rules in the Splunk Cloud Platform Admin Manual. Also see Splunk Ideas.

The relevancy command is removed. Do not use the relevancy command.
The /services/search/commands REST API endpoint is deprecated. The undocumented /services/search/commands REST API endpoint is deprecated and will be removed in a future release. If you have been inadvertently using this endpoint, stop using it.
The timeout argument for the append command is removed. Do not use the timeout argument. It has no effect on searches.
Last modified on 09 April, 2024
Welcome to Splunk Cloud Platform
Known and fixed issues for

This documentation applies to the following versions of Splunk Cloud Platform: 9.1.2312

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters