Splunk Cloud Platform

Release Notes

This documentation does not apply to the most recent version of Splunk Cloud Platform. For documentation on the most recent version, go to the latest release.

What's new

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

Also discover what's new in the following features of Splunk Cloud Platform:

9.2.2406

New feature, enhancement, or change Description
Federated Search for Splunk: Metric indexes now supported as a new dataset type for federated searches With this release, Federated Search for Splunk adds a new dataset type for standard mode federated searches: metric indexes. You can now run federated searches over metric index datasets. Additional error handling has been added to ensure that you apply event generating commands to event index datasets and apply metric generating commands to metric index datasets.

This is a breaking change for previous federated searches of metric indexes. If you are upgrading from a previous version of the Splunk platform, you must define new federated indexes for metric index datasets.

For more information about defining federated indexes that map to metric index datasets, see Map a federated index to a remote Splunk dataset in Federated Search.

For more information about writing federated searches for metric index datasets, see Run federated searches over remote Splunk platform deployments in Federated Search.

Federated Search for Splunk: Support for eventcount across Standard and Transparent mode. The eventcount command is now supported by Federated Search for Splunk. This support includes the option to have eventcount return event counts for indexes on remote Splunk platform deployments that are designated as federated providers. eventcount search results now include a provider column that identifies the federated providers that listed indexes belong to.

For more information, see eventcount in the Search Reference.

Federated Search for Amazon S3: Support for the json_extract() and json_extract_exact() eval functions in the sdselect command. The sdselect command now supports usage of the json_extract() and json_extract_exact() eval functions in the WHERE, GROUPBY, and ORDERBY clauses, as well as in field projections. These functions facilitate the extraction of field values and matched strings from JSON objects in your Amazon S3 datasets, and improve the performance of sdselect searches for those things.

For more information, see sdselect command syntax details in Federated Search.

Enhancement to the email recipient validation system for email notification This new feature leverages the power of regular expressions and allows for the customization of recipient limits, enabling seamless validation of up to 50 recipients directly within the Splunk Cloud platform. Say goodbye to the frustration of dropped emails due to a single malformed address for our Splunk Cloud customers. With this update, even in the presence of a few poorly formatted addresses, recipients can still receive emails to syntactically correct addresses. Experience uninterrupted communication and greater efficiency with our enhanced email validation feature.
Forwarder certificate rotation This functionality detects upcoming forwarder certificate expiration, issues a new certificate, and rotates the certificate with the new one, without requiring downtime. The feature requires version 9.3 or higher of Universal Forwarder or heavy forwarder, and Splunk Cloud Platform version 9.2.2406 or higher. For more information, see Renew certificates in the Splunk Cloud Universal Forwarder credentials package in the Splunk Universal Forwarder Forwarder Manual.
Dashboard Studio - Tabbed dashboards Customers can now consolidate dashboard views by creating multiple tabs within a given dashboard.
IPv6 Support for Splunk Cloud Platform on Admin Pages IPv6 Support for Splunk Cloud Platform on Admin Pages
Eliminate SHC out-of-sync issues (Early Access) Search head cluster (SHC) replication has been improved to reduce out-of-sync errors.

Previously, large CSV lookup files that exceeded the 5GB file size limit could block replication and cause cluster members to go out of sync, often requiring a "destructive resync" to remediate.

Now if a CSV lookup exceeds the lookup file size limit, the cluster automatically quarantines the lookup on the search head on which it is generated, without blocking replication of other objects.

The splunkd health report shows the number of quarantined lookups and admins can run a search to get details on these lookups for remediation.

For more information, see Quarantining large CSV lookup files in search head clusters in the Knowledge Manager Manual.

Last modified on 28 October, 2024
Welcome to Splunk Cloud Platform   Known and fixed issues for

This documentation applies to the following versions of Splunk Cloud Platform: 9.2.2406 (latest FedRAMP release)


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters