What's new
This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.
The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.
Also discover what's new in the following features of Splunk Cloud Platform:
- Cloud Monitoring Console
- Admin Configuration Service
- The Edge Processor solution
- The Ingest Processor solution
9.3.2408
New feature, enhancement, or change | Description |
---|---|
Federated Analytics | The amount of data collected in low-cost cloud and purpose-built remote data stores is growing exponentially. Federated Analytics gives you improved visibility and security-related insights into datasets you store in such data lakes, starting with data stored in Amazon Security Lake. If you keep stores of data in Amazon Security Lake, Federated Analytics gives you two ways to apply threat detection and threat hunting searches to that data:
See About Federated Analytics in Federated Search. |
SPL2-based application development | This version of Splunk Cloud Platform supports SPL2 via API, to help admins create powerful apps to gain more control over their ecosystem while allowing developers massive flexibility for the custom apps they can build. Admins and developers can ship SPL2 module files that define custom functions, views, data types, and more to curate resources within their application for users. Users can leverage these resources in the Splunk search bar to create dashboards and reports, by writing single-statement SPL2 searches. See Create SPL2-based apps in the Splunk Developer Guide on dev.splunk.com Admins can use SPL2 views with run-as-owner permissions. This applies special permissions on modules to execute views under a more privileged context, allowing multiple roles to access sensitive data with different levels of custom data masking. See Manage SPL2-based apps in the Splunk Cloud Platform Admin Manual. |
Federated Search for Amazon S3: AWS Glue table automation | Federated Search for Amazon S3 searches apply filtering and statistical functions to AWS Glue tables that contain column and schema definitions for datasets in your Amazon S3 buckets. This means that an AWS Glue table must be created for each Amazon S3 dataset you intend to search. With this version of Splunk Cloud Platform, Splunk software can create and manage AWS Glue tables for Amazon S3 datasets that follow the AWS CloudTrail schema. If you have CloudTrail datasets in Amazon S3, all you need to do is set up your federated provider and federated indexes for them, and Splunk software can create and manage the AWS Glue tables for those datasets behind the scenes. |
Enhancement to the foreach command
|
A new auto_collections mode has been added the foreach command. The auto_collections mode dynamically iterates over a JSON array or multivalue field depending on which element is present in the search. See foreach in the Search Reference.
|
Federated Search for Splunk: Standard mode federated search support for the mcatalog command.
|
The mcatalog command is now supported for standard mode federated searches. For more information, see the following topics:
|
Dashboard Studio enhancements | See What's new in Dashboard Studio. |
Deprecation of exporting PDFs, scheduling PDF delivery, and printing PDFs with Classic Simple XML dashboards. | Exporting dashboard PDFs, scheduling PDF delivery, and printing PDFs with Classic Simple XML dashboards is deprecated and will be removed in a future release. |
Eval function enhancements for data type conversion and type testing | You can use the following new eval data type conversion functions to manipulate values in eval searches.
You can use the following new
For more information, see Common eval functions in the Splunk Cloud Platform Search Reference. |
Eliminate SHC out-of-sync issues | SHC (search head cluster) replication has been improved to reduce out-of-sync errors. Previously, large CSV lookup files that exceeded the 5GB file size limit could block replication and cause cluster members to go out of sync, often requiring a "destructive resync" to remediate. Now if a CSV lookup exceeds the lookup file size limit, the cluster automatically quarantines the lookup on the search head on which it is generated, without blocking replication of other objects. The splunkd health report shows the number of quarantined lookups and admins can run a search to get details on these lookups for remediation. For more information, see Quarantining large CSV lookup files in search head clusters in the Knowledge Manager Manual. |
Welcome to Splunk Cloud Platform | Known and fixed issues for |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.3.2408
Feedback submitted, thanks!