In December 2015, Splunk issued a minor upgrade (6.3.2) which is fixing bugs.
Currently we have Splunk 6.3.1 installed and I'm trying to determine the major differences between these two minor releases in order to asses if an upgrade is necessary.
What are the main advantages of using 6.3.2 instead of 6.3.1?
Our reason to upgrade to 6.3.2 is that we have a lot of alerts created by user Admin that were emailed out to Admin and Power users. Our Power users stopped being able to click on the alert results.
6.3.2 fixed this bug.
"Power user having read and write permissions for a saved search owned by an admin user is unable to view results from scheduled email"
I wouldn't put too many effort in migrating to 6.3.2. unless you have a specific issue that is solved. Other then some bugfixing, you shouldn't expect too much. (since you're already on 6.3.1). Won't hurt you either though.
We run Splunk and Enterprise Security ES 4.0.1 and noticed CPU utilization drop 50% on our indexers with 6.3.1 --> 6.3.2 and then again 50% when upgrading from 6.3.2--> 6.3.3. We have multiple separate environments and all had the same results. Anyone else seeing performance increases?