The Ingest Processor solution
This page contains information about new features, known issues, and resolved issues for the Ingest Processor solution, grouped by the release date. The Ingest Processor solution is a service within Splunk Cloud Platform designed to help you manage your data processing configurations and monitor your ingest traffic through a centralized Splunk Cloud service. Use the Ingest Processor solution to filter, mask, and transform your data before routing the processed data to external environments. For more information, see About Ingest Processor.
The release date indicates when updates to the Ingest Processor solution were made available to Splunk Cloud Platform customers. For more information, contact your Splunk account representative.
Use the links to navigate to a specific section:
New features, enhancements, and fixed issues
Splunk Inc. releases frequent updates to the Ingest Processor solution. This list is periodically updated with the latest functionality and changes to the product.
September 10, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Support for sending your data from Ingest Processor to a Splunk platform metrics index destination | You can now send metrics data from Ingest Processor to a Splunk platform metrics index. Selecting a Splunk platform metrics index as a destination involves selecting a metrics destination and a corresponding metrics index.
|
August 7, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Improved user interface for configuring index routing | The user interface for configuring index routing has been updated to present the configuration options more clearly.
|
July 19, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Updates to custom function support in SPL2 | When defining a custom SPL2 function in a pipeline, you must now declare mandatory parameters before optional parameters.
|
July 17, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Ingest Processor General Availability | The Ingest Processor solution is now publicly available to all Splunk Cloud Platform users. See Get started with the Ingest Processor solution |
Support for Premier and Essentials tier subscriptions. | The Ingest Processor Essentials tier is included with a Splunk Cloud Platform subscription, and accommodates a maximum Daily Processing Volume of 500 GB/day.
|
Cloud region availability | Ingest Processor is available in the following cloud regions:
|
May 14, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Support for the branch SPL2 command
|
You can now use the branch command to process and route copies of the incoming data in different ways.
|
April 17, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Availability on HIPAA, IRAP, and PCI DSS compliant cloud environments | Splunk Cloud Platform has attained a number of compliance attestations and certifications from industry-leading auditors as part of Splunk's commitment to adhere to industry standards worldwide and Splunk's efforts to safeguard customer data. Generally Available products and features that are currently in scope of Splunk's compliance program may not be a part of the third-party audit report until the next assessment cycle. The Ingest Processor solution is in scope of the following compliance programs and will be audited at the next assessment cycle.
|
April 15, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Cloud region availability | Ingest Processor is now available in the following cloud regions:
|
April 4, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Support for the mvappend and mvdedup SPL2 functions
|
You can now use the following evaluation functions in pipelines for the Ingest Processor:
See SPL2 evaluation functions for Ingest Processor pipelines for more information. |
March 26, 2024
The Ingest Processor solution now includes the following new features or enhancements.
New feature or enhancement | Description |
---|---|
Updated workflow for configuring hashing functions | You can now use the Compute hash of action in the pipeline builder to add and configure hashing functions in your pipelines.
|
February 20, 2024
This is the first publicly available preview of the Ingest Processor solution. The following functionalities are available within this public preview to capture feedback from early adopters of Ingest Processor:
- Set up the Ingest Processor solution. See First-time setup instructions for the Ingest Processor solution.
- Process data using pipelines. See Create pipelines for Ingest Processors.
- Write metrics to Splunk Observability Cloud using pipelines. See Generate logs into metrics using Ingest Processor.
- Route data using pipelines. See Process a subset of data using Ingest Processor.
- View and configure destinations to route data to, including Splunk platform deployments, Splunk Observability Cloud environments, and Amazon S3 buckets. See Add or manage destinations.
- View the health status and data flow metrics of an Edge Processor. See View data flow information about Ingest Processor.
Known issues
The Ingest Processor solution is subject to the following limitations.
Browsers
Multiple browser sessions are not supported since it is possible for users to try to edit the same pipeline in more than one browser session and make conflicting edits.
Ingest Processors
The following limitations exist for Ingest Processors:
Ingest Processors provide no data delivery guarantees. Data loss can occur if an Ingest Processor experiences high back pressure on connections to destinations, or when a data destination has a prolonged outage.
- Only Splunk Cloud tenant administrators can create and view Ingest Processor pipelines.
Forwarders
The following limitations exist for forwarders:
- The
useACK
property in outputs.conf must be disabled in forwarders that are sending data to Ingest Processor pipelines.
HTTP Event Collector (HEC)
When you receive data through HEC, the Enable indexer acknowlIngestment setting on the HEC token must be turned off.
Lookups
CIDR matching is not supported. When configuring your lookup definition, make sure that the Match type advanced option is not set to CIDR.
Metrics
Historical metrics presented in the detailed view of an Ingest Processor pipeline does not include metrics for deleted pipelines.
Pipelines
The following limitations exist for pipelines:
- Only tenant administrators can create, edit, delete, apply, or remove pipelines.
- Some SPL2 functions work differently in Ingest Processor pipelines than they do in searches. For example, regular expressions in functions are interpreted differently because Ingest Processor pipelines support Regular Expression 2 (RE2) syntax while Splunk searches support Perl Compatible Regular Expressions (PCRE) syntax. See Ingest Processor pipeline syntax for more information.
Splunk Cloud Experience tenants
When you go through the first-time setup process for the Ingest Processor solution, you create a connection between your Splunk Cloud Experience tenant and your Splunk Cloud Platform deployment. This connection enables the tenant to surface specific indexes from that deployment as pipeline destinations.
The following limitations exist for this initial connection between your Splunk Cloud Experience tenant and your Splunk Cloud Platform deployment:
- You cannot connect your tenant to more than one Splunk Cloud Platform deployment using this method. To send data from a pipeline to an index that belongs to a different Splunk Cloud Platform deployment, you must configure a destination that corresponds to the indexer tier of that deployment and then include an
eval
expression that specifies the target index in your pipeline. - If you create additional indexes in your Splunk Cloud Platform deployment after completing the first-time setup process, you must refresh the connection in order to make those indexes available in the tenant.
The Edge Processor solution |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.1.2308, 9.1.2312, 9.2.2403 (latest FedRAMP release), 9.2.2406
Feedback submitted, thanks!