Splunk 10.0: Your Guide to a Smooth Upgrade Journey

Community Office Hours
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk 10.0: Your Guide to a Smooth Upgrade Journey

Splunk 10.0: Your Guide to a Smooth Upgrade Journey

1 Comment
Cover Images - Office Hours (23).png
Published on ‎06-27-2025 04:47 PM by Splunk Employee | Updated on ‎03-23-2026 12:55 PM

Watch On Demand. This thread is for the Community Office Hours session on Splunk 10.0: Your Guide to a Smooth Upgrade Journey on Thurs, Oct 02, 2025 at 1pm PT / 4pm ET.

 

Join us for a first look at the next evolution of Splunk Enterprise and Splunk Cloud Platform, Splunk 10, featuring powerful new capabilities to enhance data security, simplify operations, and ensure compliance readiness. This interactive Office Hour will not only highlight key updates designed to future-proof your Splunk environment but also provide a space to address your upgrade readiness questions in real time, with Splunk experts on hand to assist.

 

What can I ask in this AMA about the next Splunk upgrade?

  • What is included in Splunk 10?
  • What are the key innovations in Splunk 10 that customers should know about?
  • What is the benefit of upgrading to Splunk 10?
  • How can I upgrade to Splunk 10 and what is inclusive of upgrade readiness?
    • How can I use the Splunk Health Assistant Add-on? (address EOL Upgrade Readiness App)
    • SCP vs Splunk Enterprise Upgrade Readiness
  • What are the breaking changes customers need to be aware of and action on?

 

Please submit your questions at registration.
You can also head to the #office-hours Community Slack channel to ask questions (request access here).

 

Pre-submitted questions will be prioritized.
After that, we will open the floor up to live Q&A with meeting participants.

We look forward to connecting with you!


0 Karma
vvalverde
Splunk Employee
Splunk Employee
‎10-28-2025 03:38 PM
‎10-28-2025 03:38 PM

Hi everyone! Here are a few questions from the session (get the full Q&A deck and live recording in the #office-hours Slack channel):

Q1: What are the new features and tools in dashboard studio with v10.0?

Splunk Enterprise 10 Features

  • Publication of dashboards
    • This was the top requested feature for Dashboard Studios in Splunk Ideas!
    • Splunk users can now share impactful, visually engaging dashboards with peers, analysts, and executives—delivering insightful data to drive informed decision-making, all without compromising security.
  • Easily add Splunk Observability Metrics and Service Maps in Dashboard Studio.

 

Splunk Cloud 10 Features

  • Users can now directly navigate to the Observability Cloud detector page from their metric based chart in Splunk Dashboard Studio.
  • Improved experience when working with Tabs in Dashboard Studio.
    • Save visualizations/reports directly to a specific tab in their dashboard from the search and reports page.
    • Drilldowns and Dashboard links can now target a specific tab.

 

Q2: What are the KV store upgrades needed for V10?

  • Starting with Splunk Enterprise 9.4, the upgrade process will attempt to sequentially bring MongoDB up to 7.
  • Splunk Enterprise customers must be at least on MongoDB 4.2 before upgrading to Splunk 10.
  • The upgrade process will automatically attempt to upgrade KVStore and should not require manual intervention. 
  • For Splunk Cloud customers, Splunk will handle the upgrade.

 

Q3: What are the key security considerations when developing and deploying Splunk apps?

  • Splunk apps should be treated like any other kind of software development regardless of the perceived complexity of your app.
  • Ensure that apps follow the principle of least access (i.e. your app and its features should request/require the lowest possible specific level of access). 
  • Avoid heavy reliance on persistent disk storage (i.e. use KV Service instead of writing data to disk).
  • Splunk provides multiple tools for best practice scanning and guidelines for Splunk Cloud app development that are generally applicable.

 

Other Questions (check the #office-hours Slack channel for responses)

  • Are there any differences in indexing between Splunk 9.4.x and 10.x?
  • Starting from Splunk 10 version can  Splunk forwarders upgrade be managed from Deployment Server or any patching  process introduced to update Splunk forwarder in a large environment?
  • Can Splunk scan itself for vulnerabilities and help to mitigate the findings?
  • We are currently on the waitlist to switch to Victoria. Can we still upgrade to 10 if we are classic?
  • Can we work with Splunk to assess our readiness to upgrade?
  • When will ingest monitoring be available to Enterprise customers?
  • How to does Splunk version 10.0 work with ES?
  • What are some new features for Indexers and Search Heads?
0 Karma