Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for the latest Splunk ES innovations!

Hi friends! 

At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here to help you accelerate security outcomes, reduce risk, and build lasting resilience for your organization. As you may already know, Enterprise Security 7.3 will reach end of support on February 28, 2026. After this date, we will no longer be able to provide technical support, bug fixes, or security updates for this version. 

We are thrilled to continue our journey into a new era for Splunk ES as the AI-Powered SecOp platform, building a unified threat detection, investigation, and response workflow. The new ES 8.3 release has a slew of product enhancements, which you can see in action here. 

Here are some highlights from the ES 8 release:

• Redesigned User Interface: Mission Control is now fully integrated into Enterprise Security, allowing for a more streamlined triage, investigation, and response experience.
• Alert Triage: Triage now happens in the Analyst Queue within Mission Control. This queue simplifies your workflow, allowing analysts to manage alerts, trigger automation, and start investigations from one place. 
• Case Management: Users can now access more robust case management capabilities, allowing analysts to work on multiple related findings as a single investigation. 
• Integrated Automation: Splunk SOAR users can leverage playbooks and actions directly from the Analyst Queue.  
• Response Plans: A new "Response Plan" feature allows for the creation of predefined procedures with phases and tasks, enabling systematic incident response directly within an investigation. 

Even with all these advancements, we know that changes like this can bring uncertainty. We care greatly about your business and want to prepare you for this transition as smoothly as possible. Many of you probably have questions, so let’s get them answered!

• What does Splunk Enterprise Security 7.3 end of support mean?

It means that after Feb 28th, 2026, we will no longer be able to provide technical support, bug fixes, or security updates for ES 7.3.

• Can I still use the product even after support ends?

Yes, you can still use it. But Splunk would not be able to provide any support on your current deployment. 

• What happens to my data, dashboards, or configurations?

Your data, dashboards, and configurations will broadly remain intact. Refer to the upgrade documentation for specific instructions and caveats. Of note, the Navigation Menu in ES8 has been refreshed and you will need to migrate navigation customizations following the upgrade. 

Investigation Workbench users in versions prior to 8 should note that the feature is deprecated and no new legacy Investigations can be completed. Existing investigations can be continued to be worked and closed.

• Why upgrade now? 

This upgrade is critical to ensure you are able to leverage the latest security innovations, maintain full product support, and enhance your overall security operations. 

• What version should I upgrade to? 

We highly recommend that you upgrade to the latest available version, Enterprise Security 8.3 as of the posting of this blog. 

• I am a Splunk Cloud Enterprise Security Customer. How much time do I have to plan the upgrade?

There will be a phased roll-out for Enterprise Security 8.3. Please reach out to your account or customer success team so they can work with you on the best plan to minimize interruptions to your day-to-day operations.

If you do not proactively reach out, you will receive a notification of a maintenance window following our Cloud maintenance procedures and policies.

• I am a Splunk Enterprise ES customer (commonly called “BYOL” or “on-prem”) and manage my own environment. How much time do I have to plan the upgrade?

Refer to our published Support policy for your specific version and support lifecycle dates.

• Are there additional costs for upgrading?

No!

• Are there any compatibility requirements for the upgrade?

If you upgrade to Splunk 10 prior to upgrading to ES 8, you must use the command line interface (CLI) to upload and install Splunk Enterprise Security version 8.x. Then, go back to the UI to configure Splunk Enterprise Security 8.x. Learn more here. 

Key resources to guide you through

To keep your business ahead of these changes, we recommend the following:

• Take the free ES 8 Updates for the Splunk SOC course in Splunk Education to become familiar with the enhanced ES 8 workflow.
• Watch this Tech Talk: Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, Investigatio... to hear our product experts walk through ES 8 readiness.
• Read the Lantern Upgrade to ES 8 Guide to complete the prerequisite checks and review key configurations.
• Join the ES Community Office Hour session on Nov 18 if you have specific questions. You’ll be able to connect directly with our experts and get your answers right away!
• Ask for an Upgrade Readiness Assessment as a part of our On-Demand Services offering if you would like additional assistance or check out the ES Essentials Implementation Offer to let our experts accelerate the upgrade implementation for you. 

Next Steps - Action required before Feb 28, 2026:

• For customers on Splunk Cloud, please file a support ticket if you would like to proactively begin the upgrade prior to your provided maintenance window.
• For customers hosting their own environments, please reach out to either your account team, Professional Services, or Support if you would like further assistance.