Since it is almost 4 years from Splunk6, there might be chance of Splunk7 this year??
Is there any official case management or feature wishlist option where we can put features that are required?
(or let's use this thread in case if Splunk architects can see 🙂 for future releases)
Few of the features I'm looking for
1. Reduce SH clustering complexity. I like the concept of ElasticSearch whereby the objects are stored in data layer (not at Search layer)
2. Removing password encryption using another technique rather than at time of restart. Currently it is a pain to orchestrate as the orchestration systems think the config files have changed as the checksums are different once Splunk restarts
3. Hop entries in _internal data => if a Univeral forwarder sends to another UF to another UF to Indexer, if there is a flag to identify the hops it went through.