Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

Edge Processor | New Resiliency Improvements & Support for Additional Data Sources

adepp
Splunk Employee
Splunk Employee
‎10-10-2024 06:10 AM

We are excited to announce several exciting updates for Edge Processor aimed at hardening overall product resiliency and directly addressing some of the top feedback we’ve received from our customers, including support for additional data sources! 

image (3).png

You can always check out your Data Management home page for the latest Edge Processor release notes. Here’s what’s new: 

Data export queuing resiliency (learn more

Filled exporter queues can now back pressure data to upstream clients to prevent data loss, which closely mimics the behavior of splunkd’s ingestion pipelines. Along with this change, we’ve also removed the single-threading bottleneck which previously limited overall throughput.

Edge Processor receiver acknowledgement from HEC sources (learn more

You can now use the new Edge Processor receiver ACK feature to confirm if the Edge Processor successfully received data sent by HEC data sources, thereby bolstering reliability and reducing the risk of overall data loss. This also unlocks data sources that require a form of acknowledgement such as Data Firehose (see below).

AWS Data Firehose support (release notes

Users can now directly ingest logs from AWS Data Firehose into Edge Processor. With Data Firehose’s integration across 20+ AWS services, you now can easily stream data from sources like Amazon CloudWatch, SNS, AWS WAF, Network Firewall, IoT, and more. See this Lantern article for a step-by-step guide!

Customize timezone in event for syslog data (release notes)

Admins now have the ability to flexibly denote specific time zones on RFC 3164 syslog data that does not have a time zone set. This applies to pipelines bound for the destinations ‘AWS S3’ and ‘Splunk platform using the services/collector/event HEC endpoint’.

Optimized Edge Processor restart behavior (release notes)

This feature reduces the number of restart loops for misconfiguration or error states in Edge Processor. Previously, these types of restart loops could impact other services and result in degraded resource performance - but no more!

Feedback is always welcome in ideas.splunk.com or in the Data Management Slack channel (request access here). Head to the Data Management resource hub for more resources.

Enjoy!

Splunk Data Management Team

0 Karma
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...