What's new
This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.
The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.
Also discover what's new in the following features of Splunk Cloud Platform:
- Cloud Monitoring Console
- Admin Configuration Service
- The Edge Processor solution
- The Ingest Processor solution
9.2.2406
New feature, enhancement, or change | Description |
---|---|
Federated Search for Splunk: Metric indexes now supported as a new dataset type for federated searches | With this release, Federated Search for Splunk adds a new dataset type for standard mode federated searches: metric indexes. You can now run federated searches over metric index datasets. Additional error handling has been added to ensure that you apply event generating commands to event index datasets and apply metric generating commands to metric index datasets. This is a breaking change for previous federated searches of metric indexes. If you are upgrading from a previous version of the Splunk platform, you must define new federated indexes for metric index datasets. For more information about defining federated indexes that map to metric index datasets, see Map a federated index to a remote Splunk dataset in Federated Search. For more information about writing federated searches for metric index datasets, see Run federated searches over remote Splunk platform deployments in Federated Search. |
Federated Search for Splunk: Support for eventcount across Standard and Transparent mode.
|
The eventcount command is now supported by Federated Search for Splunk. This support includes the option to have eventcount return event counts for indexes on remote Splunk platform deployments that are designated as federated providers. eventcount search results now include a provider column that identifies the federated providers that listed indexes belong to. For more information, see eventcount in the Search Reference. |
Federated Search for Amazon S3: Support for the json_extract() and json_extract_exact() eval functions in the sdselect command.
|
The sdselect command now supports usage of the json_extract() and json_extract_exact() eval functions in the WHERE, GROUPBY, and ORDERBY clauses, as well as in field projections. These functions facilitate the extraction of field values and matched strings from JSON objects in your Amazon S3 datasets, and improve the performance of sdselect searches for those things. For more information, see sdselect command syntax details in Federated Search. |
Enhancement to the email recipient validation system for email notification | This new feature leverages the power of regular expressions and allows for the customization of recipient limits, enabling seamless validation of up to 50 recipients directly within the Splunk Cloud platform. Say goodbye to the frustration of dropped emails due to a single malformed address for our Splunk Cloud customers. With this update, even in the presence of a few poorly formatted addresses, recipients can still receive emails to syntactically correct addresses. Experience uninterrupted communication and greater efficiency with our enhanced email validation feature. |
Forwarder certificate rotation | This functionality detects upcoming forwarder certificate expiration, issues a new certificate, and rotates the certificate with the new one, without requiring downtime. The feature requires version 9.3 or higher of Universal Forwarder or heavy forwarder, and Splunk Cloud Platform version 9.2.2406 or higher. For more information, see Renew certificates in the Splunk Cloud Universal Forwarder credentials package in the Splunk Universal Forwarder Forwarder Manual. |
Dashboard Studio - Tabbed dashboards | Customers can now consolidate dashboard views by creating multiple tabs within a given dashboard. |
IPv6 Support for Splunk Cloud Platform on Admin Pages | IPv6 Support for Splunk Cloud Platform on Admin Pages |
Eliminate SHC out-of-sync issues (Early Access) | Search head cluster (SHC) replication has been improved to reduce out-of-sync errors. Previously, large CSV lookup files that exceeded the 5GB file size limit could block replication and cause cluster members to go out of sync, often requiring a "destructive resync" to remediate. Now if a CSV lookup exceeds the lookup file size limit, the cluster automatically quarantines the lookup on the search head on which it is generated, without blocking replication of other objects. The splunkd health report shows the number of quarantined lookups and admins can run a search to get details on these lookups for remediation. For more information, see Quarantining large CSV lookup files in search head clusters in the Knowledge Manager Manual. |
Welcome to Splunk Cloud Platform | Known and fixed issues for |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.2.2406 (latest FedRAMP release)
Feedback submitted, thanks!