😱 The Valley of Despair 

Every enterprise leader has faced the same sinking feeling: the request comes in, “show us who changed what, and when.” 

With no audit, you’re blind. With poor audit, you’re technically compliant—but your logs are inconsistent, noisy, and impossible to parse. One customer put it bluntly during beta feedback: 

“Our old audit trail was like looking for a needle in a haystack—except the haystack was on fire.” – Audit Beta participant. 

That’s the valley of despair. And we knew we had to get you out. 

A Security Conversation That Needed to Happen 

For years, many of us in the Splunk community have relied on transport layer security (TLS) to secure traffic between Splunk components—forwarders, indexers, search heads, and more. TLS did the job: encrypt traffic, authenticate the server, and move on. But as the world shifted—toward a Zero Trust framework, tighter compliance, and more aggressive cyber threats—the age-old question resurfaced: "How do I really know who’s on the other end of that connection?" 

Enter Mutual TLS (mTLS). In a world where verifying the server alone isn't enough, mTLS takes things up a notch. It requires both the server and the client to prove their identity. Think of it as cryptographically enforced mutual trust. 

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards these events to Splunk. It serves as a replacement for the existing Kafka Connector (SC4Kafka) SOC4Kafka is designed to capture events published to Kafka topics and efficiently forward them to Splunk , SOC4Kafka empowers organizations to utilize Splunk's powerful analytics and visualization capabilities. This integration enables real-time monitoring, analysis, and valuable insights from collected event data.

The past few weeks have brought significant and exciting developments for the Splunk community! We've seen major advancements, exciting new features, and a wealth of knowledge shared. As we continue our "Strengthen Your Future" series, it’s the perfect time to reflect on some of the most impactful announcements and resources that are shaping the Splunk Platform.

Integrating Suricata with Splunk through SC4S is changing the game. Gone are the days of wrestling with custom parsers and brittle integrations. SC4S comes with automatically handling sourcetype assignments, index routing, metadata enrichment, easy deployment and built-in scalability.

Ever wonder how to tap into cutting-edge AI without managing your own GPU? Splunk AI Assistant for SPL via a cloud-connected solution revolutionizes GenAI by securely hosting AI services in the Splunk-managed Cloud Platform while transmitting only the minimal data needed. 

We’ll unravel how to enable cloud connectivity, differences between the Splunk Enterprise cloud-connected and Splunk Cloud Platform solution, and show you how to get started fast. Walk away ready to supercharge your on-prem Splunk environment with Gen AI—no extra GPUs required.

Run powerful security analytics across Splunk and Amazon Security Lake without rehydrating or moving data. Learn how Splunk Federated Analytics enables faster, cheaper, and smarter threat detection.

In our first installment of this blog series, we introduced the exciting compliance and security enhancements coming to the next Splunk platform version, Splunk Enterprise 10.0 and Splunk Cloud Platform 10.0. Use this series as your go-to resource for key updates, benefits, and preparations for Splunk administrators and developers alike. Today, we continue the journey by diving into upgrade readiness and additional potentially breaking changes, equipping you with the insights you need for a seamless transition.

Ensure your Splunk apps are ready for the future! Splunk Enterprise 10 is here, don't let your users be left behind – upgrade your app today to work towards a seamless transition.

The new and improved Performance Insights for Splunk, a tool for your infrastructure performance monitoring tool belt, gives a correlated view across usage patterns, resources, and system elements, allowing you to optimize your system and ensure you are getting the best value from it.

We at Splunk are excited to kick off a new series of blogs dedicated to helping you understand the compliance landscape and new feature opportunities in the next platform upgrade for Splunk Enterprise and Splunk Cloud Platform. Each edition will provide essential updates for Splunk administrators and application developers, focusing on key benefits and modernizations. Think of this series as a one-stop-shop and look back on new announcements and required actions to prepare your environment and applications for the next upgrade. 

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk Enterprise Security, Splunk SOAR, and Splunk Attack Analyzer. We know just how eager the community has been to see these integrations come to fruition, so we’re thrilled to share that all of the integrations are live for Splunk Security (cloud) customers.

This blog post aims to give Splunk customers (both Splunk Enterprise and Splunk Cloud) a heads-up about the actions they’ll need to take to prepare for upgrading to a Splunk version(coming soon) that will upgrade its core cryptographic library from OpenSSL 1.0.2 to OpenSSL 3. Splunk may additionally produce an Upgrade Readiness experience that will assist customers in identifying specific action items they need to take, but we don’t want to wait for such tooling to become available to start taking action.

Hey Splunky People!

Splunk Enterprise 9.4 is here, packed with game-changing features to enhance visibility, streamline investigations, and optimize response times. Explore updates like the enhanced Deployment Server, Dashboard Studio improvements, and the SPL2 public beta for custom app flexibility.

Ready to discover the tools to drive your digital resilience? Read on to learn more. 

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, Classic dashboard export features are now deprecated. Use Dashboard Studio for dashboard exports going forward. Check out this Lantern article to learn more.

Explore what's new in the Splunk Enterprise 9.3 release. See how we continue to help you seamlessly route data, save time with scheduled exports and optimize search performance.

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, after which no new versions will be released and the app will be archived from Splunkbase. 

We’re happy to share the release of Splunk App for PCI Compliance 5.3.1!

We’re happy to share the release of Splunk Security Essentials 3.8.0, which includes new and updated capabilities to help organizations mature their security programs even faster.

The Splunk Dashboard Examples App for SimpleXML will reach end of life on Dec 19, 2024.

Splunk Enterprise 9.2 is now generally available and features significant improvements to existing functionality. 

Here are the latest webinars, workshops, events and more from the Splunk Public Sector Team!

Here are the latest webinars, workshops, events and more from the Splunk Public Sector Team!

We’re making it easier for Observability Cloud users to seamlessly bring their log data into Splunk Cloud or Enterprise Platform. Go from in-context troubleshooting to in-depth log analysis in one click. Read on for more details!

Our latest updates from the Splunk Security Team include many new releases; SOAR, Splunk Enterprise Security and Splunk User Behavior Analytics! Check out all of our September News!

See the September Updates from your Splunk Observability Team including Session Replay, Splunk APM enhancements, new capabilities in ITSI and more!

Here are the latest webinars, workshops, events and more from the Splunk Public Sector Team!

Check out our newsletter content for the month: New public sector adoption boards, virtual workshops and events, Splunk AI, Tech Talks and more...

Discover what's new in the most recent Splunk Cloud Platform release!

Splunk Enterprise Advisories, Splunk Cloud Platform Updates, What’s new with Splunk Edge Processor, Splunk Essentials Adoption Board, Certifications at .conf23 and more...