Splunk Cloud Platform

Release Notes

The Ingest Processor solution

This page contains information about new features, known issues, and resolved issues for the Ingest Processor solution, grouped by the release date. The Ingest Processor solution is a service within Splunk Cloud Platform designed to help you manage your data processing configurations and monitor your ingest traffic through a centralized Splunk Cloud service. Use the Ingest Processor solution to filter, mask, and transform your data before routing the processed data to external environments. For more information, see About Ingest Processor.

The release date indicates when updates to the Ingest Processor solution were made available to Splunk Cloud Platform customers. For more information, contact your Splunk account representative.

Use the links to navigate to a specific section:

New features, enhancements, and fixed issues

Splunk Inc. releases frequent updates to the Ingest Processor solution. This list is periodically updated with the latest functionality and changes to the product.

November 19, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Support for gzip compression on data being sent to Amazon S3 When sending data from the Ingest Processor to Amazon S3, you can now compress that data using gzip.


See Send data from Ingest Processor to Amazon S3 in the Use Ingest Processors manual for more information.

October 28, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Cloud region availability Ingest Processor is now available in the following cloud regions:
  • eu-south-1
  • eu-west-3

See About Ingest Processor for all cloud region availability.

September 10, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Support for sending your data from Ingest Processor to a Splunk platform metrics index destination You can now send metrics data from Ingest Processor to a Splunk platform metrics index. Selecting a Splunk platform metrics index as a destination involves selecting a metrics destination and a corresponding metrics index.


For information about how to configure sending mectrics data to a Splunk Platform index, see Send metrics data from Ingest Processor to a Splunk platform metrics index.

For information about how to send metrics to multiple destinations, see Send metrics to multiple destinations

August 7, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Improved user interface for configuring index routing The user interface for configuring index routing has been updated to present the configuration options more clearly.


For information about how to configure index routing, see Create pipelines for Ingest Processor.

For information about how the destination index for your data is determined by a precedence order of configurations, see How does Ingest Processor know which index to send data to?

July 19, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Updates to custom function support in SPL2 When defining a custom SPL2 function in a pipeline, you must now declare mandatory parameters before optional parameters.


See Custom functions and data types in the SPL2 Search Reference for more information.

July 17, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Ingest Processor General Availability The Ingest Processor solution is now publicly available to all Splunk Cloud Platform users. See Get started with the Ingest Processor solution
Support for Premier and Essentials tier subscriptions. The Ingest Processor Essentials tier is included with a Splunk Cloud Platform subscription, and accommodates a maximum Daily Processing Volume of 500 GB/day.


The Premier tier is a priced SKU for Daily Processing Volumes over 500 GB/day. For more information, contact your Splunk Sales representative.

For more information about licensing in Splunk Cloud Platform, see the Use the License Usage dashboards topic in the Splunk Cloud Platform Admin Manual.
For more information about Splunk Cloud Platform subscriptions, see the Subscription types section of the Splunk Cloud Platform Service Details topic in the Splunk Cloud Platform manual.

Cloud region availability Ingest Processor is available in the following cloud regions:
  • us-east-1
  • us-west-2
  • ap-northeast-1
  • ap-southeast-1
  • ap-southeast-2
  • ca-central-1
  • eu-central-1
  • eu-west-1
  • eu-west-2

May 14, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Support for the branch SPL2 command You can now use the branch command to process and route copies of the incoming data in different ways.


See Routing data in the same Ingest Processor pipeline to different actions and destinations for more information.

April 17, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Availability on HIPAA, IRAP, and PCI DSS compliant cloud environments Splunk Cloud Platform has attained a number of compliance attestations and certifications from industry-leading auditors as part of Splunk's commitment to adhere to industry standards worldwide and Splunk's efforts to safeguard customer data. Generally Available products and features that are currently in scope of Splunk's compliance program may not be a part of the third-party audit report until the next assessment cycle. The Ingest Processor solution is in scope of the following compliance programs and will be audited at the next assessment cycle.
  • Information Security Registered Assessors Program (IRAP): IRAP is an initiative of the Australian Signals Directorate (ASD) through the Australian Cyber Security Center (ACSC), designed to provide cyber security assessments on Information and Communications Technology (ICT) services to government organizations. IRAP is also a recognised standard with robust security controls for cloud services in the private sector across Australia.

April 15, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Cloud region availability Ingest Processor is now available in the following cloud regions:
  • ap-southeast-2
  • eu-central-1
  • eu-west-1

See Get started with the Ingest Processor solution

April 4, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Support for the mvappend and mvdedup SPL2 functions You can now use the following evaluation functions in pipelines for the Ingest Processor:

See SPL2 evaluation functions for Ingest Processor pipelines for more information.

March 26, 2024

The Ingest Processor solution now includes the following new features or enhancements.

New feature or enhancement Description
Updated workflow for configuring hashing functions You can now use the Compute hash of action in the pipeline builder to add and configure hashing functions in your pipelines.


See See Hash fields using Ingest Processor for more information for more information.

February 20, 2024

This is the first publicly available preview of the Ingest Processor solution. The following functionalities are available within this public preview to capture feedback from early adopters of Ingest Processor:

Known issues

The Ingest Processor solution is subject to the following limitations.

Browsers

Multiple browser sessions are not supported since it is possible for users to try to edit the same pipeline in more than one browser session and make conflicting edits.

Ingest Processors

The following limitations exist for Ingest Processors:

Ingest Processors provide no data delivery guarantees. Data loss can occur if an Ingest Processor experiences high back pressure on connections to destinations, or when a data destination has a prolonged outage.

  • Only Splunk Cloud tenant administrators can create and view Ingest Processor pipelines.

Forwarders

The following limitations exist for forwarders:

  • The useACK property in outputs.conf must be disabled in forwarders that are sending data to Ingest Processor pipelines.

HTTP Event Collector (HEC)

When you receive data through HEC, the Enable indexer acknowlIngestment setting on the HEC token must be turned off.

Lookups

CIDR matching is not supported. When configuring your lookup definition, make sure that the Match type advanced option is not set to CIDR.

Metrics

Historical metrics presented in the detailed view of an Ingest Processor pipeline does not include metrics for deleted pipelines.

Pipelines

The following limitations exist for pipelines:

  • Only tenant administrators can create, edit, delete, apply, or remove pipelines.
  • Some SPL2 functions work differently in Ingest Processor pipelines than they do in searches. For example, regular expressions in functions are interpreted differently because Ingest Processor pipelines support Regular Expression 2 (RE2) syntax while Splunk searches support Perl Compatible Regular Expressions (PCRE) syntax. See Ingest Processor pipeline syntax for more information.

Splunk Cloud Experience tenants

When you go through the first-time setup process for the Ingest Processor solution, you create a connection between your Splunk Cloud Experience tenant and your Splunk Cloud Platform deployment. This connection enables the tenant to surface specific indexes from that deployment as pipeline destinations.

The following limitations exist for this initial connection between your Splunk Cloud Experience tenant and your Splunk Cloud Platform deployment:

  • You cannot connect your tenant to more than one Splunk Cloud Platform deployment using this method. To send data from a pipeline to an index that belongs to a different Splunk Cloud Platform deployment, you must configure a destination that corresponds to the indexer tier of that deployment and then include an eval expression that specifies the target index in your pipeline.
  • If you create additional indexes in your Splunk Cloud Platform deployment after completing the first-time setup process, you must refresh the connection in order to make those indexes available in the tenant.
Last modified on 23 November, 2024
The Edge Processor solution  

This documentation applies to the following versions of Splunk Cloud Platform: 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters