What's new

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

See the other topics in this manual for information about what's new in Cloud Monitoring Console, Admin Configuration Service, Edge Processor, and Ingest Processor.

9.2.2403

New feature, enhancement, or change	Description
Cloud App Export: Export Cloud Apps and Local Files	Admins on Victoria Experience can now export their app data via ACS, which provides snapshots of default files and local edits.
Search result reuse for Federated Search for Amazon S3	This feature can improve the performance of Amazon S3 federated searches and reduce the data scan unit consumption of those searches. By default, when, you rerun an Amazon S3 federated search that was run successfully within the past 24 hours, the system uses the results of that last successful run of the search. You can turn this feature off for individual searches by adding `reuse_search_results = f` to the search string. See sdselect command syntax details in Federated Search.
Federated Search for Splunk: Risky commands blocked for transparent mode federated searches	Several risky commands have been blocked for transparent mode federated searches. In addition, the `tstats` and `makeresults` commands have been blocked or restricted in certain situations for transparent mode federated searches. See Run federated searches in Federated Search.
Federated Search for Splunk: Standard mode search improvements	In standard mode federated searches of remote Splunk deployments, commands such as `join`, `union`, and `append` can now use remote saved searches as subsearches.
Federated Search for Splunk: Improvements for kvstore replication when using transparent mode federated search Enable kvstore for federated search head without indexer	When you are using transparent mode federated search and your federated search head does not have indexers, Splunk software can now use kvstore replication to transfer data to the remote Splunk deployment for use in federated searches.
Python 3.9 upgrade	In this release, the default Python interpreter is set to Python version 3.9. The Python.Version settings have been updated, so that the parameter is set to value of `force_python3`, which will forces all Python extension points to use Python 3.9, including overriding any application specified settings. This is designed to be secure-by-default for new customers. If the value is set to python3.9, the default interpreter is set to Python 3.9, but applications can choose to use a different value. Python 3.7 continues to be available in the build for customers' private apps.
Upgrade Readiness App v 4.4.0	Make compatible with Python 3.9.
Forwarder Certificate Rotation	This initiative automates the detection of an upcoming expiration, issues a new certificate, and rotates the cert with the new one, without requiring downtime.
Home Page -- Custom bookmarks, search history, knowledge object view updates	Admins and Users can personalize their home page with in-product bookmarks for quick access to guides, manuals, apps, knowledge objects, and so on. Admin users can Share bookmarks with all other users in one operation Control domains in which bookmarks can be created. Users can Seamlessly access their search history from various apps in a single view, eliminating the need for navigating through multiple apps. Filter the Knowledge Object list by App and Owner for quicker access rather than scrolling through a long list.
Continuous deployment of UI experiences in Splunk Cloud Platform	Continuous deployment of UI experiences in Splunk Cloud Platform.
Preview feature: Field filters updates enable multiple target indexes, hosts, sources, or source types	Now you can specify one or more target indexes, hosts, sources, or source types that apply to the fields that you want to protect with field filters. For more information about field filters, see Protect PII, PHI, and other sensitive data with field filters. --- READ THIS FIRST: Should you deploy field filters in your organization? Field filters is a powerful tool that can help many organizations protect their sensitive fields from prying eyes, but it might not be a good fit for everyone. If your organization runs Splunk Enterprise Security or if your users rely heavily on commands that field filters restricts by default (`mpreview`, `mstats`, `tstats`, `typeahead`, and `walklex`), do not use field filters in production until you have thoroughly planned how you will work around these restricted commands. See READ THIS: Restricted commands do not work in searches on any indexes if field filters are in use in the Securing Splunk platform manual. --- To turn on field filters in your Splunk Cloud environment, request help from Splunk Support. If you have a support contract, file a new case using the Splunk Support Portal at Support and Services. Otherwise, contact Splunk Customer Support.
The view_field_filter capability is renamed to the list_field_filter capability	The capability for listing field filters is now called list_field_filter.
Enable kvstore for federated search head without indexer	Even federated head that do not have indexers will be able to transfer kvstore data to the remote search head, and use that data while doing the searches
Handle search commands correctly on remote providers	This enhancement avoids the following unexpected behaviors in Federated Search: Not running risky commands on remote providers. Not running unsupported commands on remote providers with previous releases that do not have right support.
Observability Related Content in Splunk Cloud improvements	The Observability Related Content experience has three distinct improvements: Revamped and intuitive configuration experience to guide users through activating Related Content while setting expectations on how to use the feature. Automated field mapping for immediate time to value for common fields that could be used by users instead of host.name, trace_id and service.name. Alert context in host and service previews for immediate context on potential outages related to the event.
The Splunk platform REST API `spawn_process` parameter is deprecated.	Do not use the `spawn_process` parameter. It is deprecated and will be removed in a future release.
Removal of the `populate_lookup` alert action	The legacy alert action, `populate_lookup`, has been removed. Use the `lookup alert` action instead.
Log severity level for searches with infix wildcards increased from INFO to WARN	Certain searches that produce inconsistent search results now display the following message as a warning instead of an info message: `The term <term> contains a wildcard in the middle of a word or string. This might cause inconsistent results if the characters that the wildcard represents include punctuation. Learn More`.
Data Management experience	Filter, mask, and route data using flexible and reusable SPL2 pipelines. You can navigate to the Data Management experience by doing any of the following: On the Splunk Home page, select the Process incoming data task. In the Settings menu, select Data Management experience. This link replaces the Edge Processor link from the previous release. On the Ingest Actions page, select the Try our new Data Management experience banner. If your Splunk Cloud Platform deployment is not connected to a cloud tenant that has the Data Management experience available, then selecting these links directs you to a web page where you can learn more about the Data Management experience.
UI Style Guide	The legacy in-product UI Style Guide is removed. Instead, refer to the Splunk UI documentation.

Related answers from Splunk Community

What's new

9.2.2403

Comments

What's new

Was this topic useful?