New features

Splunk Stream version 7.0.0 adds these new features.

New NetFlow data collector

Configure Netflow and sFlow streams.

Supports NetFlow, sFlow, jFlow, IPFIX data.

New pcap file ingestion capabilities

Upload pcap files from the UI.

Monitor and ingest pcap files from directories.

New streamfwd command line options for pcap ingestion.

New streamfwd.conf parameters for pcap ingestion.

New content extraction types

MD5 hash: Automatic hashing of files transferred via SMTP and HTTP. Additional user-configured field extraction for any other protocol field (including content).

Hexadecimal encoding: User-configured field-extraction for any protocol field, including content. Allows non-printable binary content to be completely represented in the Splunk UX

Enhanced protocol support

New ARP protocol support with full metadata extraction.

STARTTLS support for SMTP protocol.

Allows decrypting SMTP messages after parties switch to TLS using STARTTLS command.

Additional Flow fields

flow_id: Gives a unique identifier to any events from one specific bidirectional network conversation. Can be used in stats, transaction or join commands to reassemble multiple events from a given conversation.

protocol_stack: Provides a delimited list of all recognized protocols in given conversation.

event_name: Provides a unique name for individual, distinct events from a given conversation.

SQL protocol enhancements

Returned row count.

Returned success code.

New Stream configuration templates for Splunk Premium Solutions

IT Service Intelligence (ITSI) templates provide custom protocol fields that map to metrics in Splunk ITSI modules.

Enterprise Security (ES) templates provide custom protocol fields that map to CIM data models used in Splunk ES.

New App Analytics and Flow Visualization dashboards.

Animated real-time and historical dashboard shows Client-Server connections views over time in the entire IPv4 address space.