In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes explode, security and IT teams are often forced to choose between the high cost of ingesting everything into a central platform or the operational risk of losing visibility into critical logs. We are excited to announce the launch of the Gigamon Federated Search app for Splunk. This integration delivers unified, cost-effective insights by turning raw network traffic into high-value actionable telemetry that can be accessed where it resides.  Solving the Data Distribution Dilemma The primary value of this app lies in its ability to manage and optimize Gigamon network-derived telemetry while making strategic decisions that maximize data access and value. Not all data is created equal. Raw network traffic must be filtered, enriched, and optimized before it can deliver meaningful insights at scale. By leveraging AWS S3 or Azure Blob / Azure Data Lake as a strategic data store, organizations no longer have to decide which data is worth monitoring. They can maintain full visibility across their data ecosystem while meeting stringent PCI mandates at scale. Customers who leverage the new Gigamon app benefit from their data lake investments, effectively bringing Splunk closer to their entire data ecosystem with a seamless user experience including dashboards and reports viewable in a unified analytics plane.   Use Cases for Financial Services and Beyond This app is specifically engineered to support financial services operations and PCI compliance through a tiered approach:  Near-term Monitoring: Achieve immediate visibility into PCI compliance requirements, such as detecting unencrypted traffic on in-scope networks. This addresses specific requirements like R1 1.2.6, which mandates the monitoring of vulnerable protocols like FTP and SMBv1, and R4 4.2.1, which requires verification of trusted certificates and TLS ciphers.  Medium-term Summaries: Generate weekly performance reports on credit card transaction processing to ensure efficiency and prevent lost revenue due to latency or system failures.  Long-term Compliance Reporting: Simplify quarterly encryption audits to satisfy PCI mandates, reducing audit friction and ensuring cryptographic cipher suites are documented and reviewed as required by PCI R-12.3.3.  How the Gigamon Federated Search App Works The Gigamon Federated Search app is designed to provide a seamless, distributed data strategy with all necessary search and processing artifacts pre-built.   The solution combines intelligent data preparation with distributed search, ensuring that the right data is available in the right place at the right time.  Federated Data Access: The app utilizes Splunk’s Federated Search solution and SPL2 to query optimized datasets directly in AWS S3, bypassing unnecessary ingestion.  Pipeline Automation: It provides out-of-the-box data processing pipelines for Edge and Ingest Processors. These templates allow you to route optimized Gigamon network-derived telemetry to both Splunk and AWS S3 in a search-ready format.  Unified Dashboards: The app includes pre-built dashboards that bundle federated searches, allowing you to visualize datasets across your distributed environment as if they were local.  Driving the Future of Data Analytics This partnership marks a new generation of applications built on the Splunk Platform, enabling a more efficient, AI-ready approach where high-fidelity network telemetry and distributed data can be analyzed together without tradeoffs. By bridging the gap between network-derived telemetry and Federated Search, we are helping customers turn distributed data into a strategic asset.  Ready to simplify how you access, manage, and act on distributed data? Download the Gigamon Federated Search app from Splunkbase today. Customers who are currently on version 10.4 Splunk Cloud deployment can start unlocking the full potential of their network telemetry.  ... View more

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we have many awaited features and enhancements for both analysts and admins, helping you further your organizational progress toward digital resilience.  Comprehensive Visibility Deployment Server 9.4 Enhancements: Provides a centralized interface to manage and troubleshoot Splunk agents, with a new UI for improved user experience and accessibility compliance. Health and Status Overview: New capabilities for monitoring the health and status of agents, enhancing visibility into deployment. Federated Search for Splunk: Enhanced support for metric indexes and eventcount across modes, improving visibility into remote Splunk platforms. Dashboard Studio Enhancements: Updates to Dashboard Studio for better visualization and insights. Read what’s new.  SPL2 Public Beta: Offers flexibility for custom app development, enhancing control over the Splunk ecosystem. Rapid Detection & Investigation Enhanced Search Commands: Updates to the foreach command and support for mcatalog in federated searches, facilitating more effective search capabilities. Eval Function Enhancements: New functions for data type conversion and type testing, aiding in efficient data manipulation and investigation. Eliminate SHC Out-of-Sync Issues: Improved SHC replication to reduce errors and streamline search head cluster management. Optimized Response Quarantine of Large CSV Lookups: Automatic quarantining of large lookups to prevent replication issues, ensuring smoother operations. Workload Management with cgroups v2: Support for Linux cgroups version 2, optimizing resource management and response efficiency. There are additional updates and enhancements that we’ve released that provide platform stability (KVStore Upgrade to 7.0) and enhanced user experience, supporting the overall usability and performance of Splunk Enterprise.  Check out the 9.4 release notes for additional details.  Python 2 is in the process of complete removal and soon will no longer be available in coming releases jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported ... View more

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this release we have many awaited features and enhancements for both analysts and admins, helping you further your organizational progress toward digital resilience.  Showing you guided insights - detecting threats and issues with context Federated Analytics on Amazon Security Lake: This premium add-on feature allows admins and security teams to use Federated Analytics to analyze data wherever it resides, in Splunk or Amazon Security Lake, for investigations, detections and threat hunting. This enables your team to leverage the low cost of data lake storage and bring in select data on-demand into Splunk which helps reduce the limitations of data silos and enables a thorough exploration of data to uncover potential threats. Want to learn more? Read the dedicated launch blog about Federated Analytics. Powering you with foundational visibility - to see across your environments Federated Search for Amazon S3: This enhancement simplifies AWS schema setup for common sourcetypes (e.g., CloudTrail, VPC Flow), streamlining access to key AWS data. This automation enables faster, more consistent monitoring and analysis across environments, enhancing security operations with broader, easier access to relevant insights. Splunk Observability Cloud metrics in Splunk Cloud Platform: Enables customers to leverage Splunk Observability Cloud’s powerful metric store by bringing real-time metrics into Splunk Dashboard Studio for a centralized charting experience. Users can now have streaming metrics alongside existing SPL-based charts for a single pane of glass across logs and metrics. Enhanced dashboard usability and performance  Version History: Dashboard Studio now includes version history, allowing users to save, compare, and revert to previous dashboard versions for more flexible iteration and collaboration. Saved Searches Integration: Users can now browse and add saved searches directly within Dashboard Studio, streamlining access to essential data. Improved Rendering Performance: Charts with timeseries or numerical data now render faster, enhancing the dashboard experience for users working with complex data. There are additional updates and enhancements that we’ve released that provide platform stability (KVStore Upgrade to 7.0) and enhanced user experience, supporting the overall usability and performance of Splunk Cloud Platform.  Check out the 9.3.2408 release notes for additional details.  Python 2 is in the process of complete removal and soon will no longer be available in coming releases jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported ... View more

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many awaited features for both Analysts and Admins, helping you further your organizational progress toward resilience.  Analysts and Admins can benefit from these key highlights of the release: New Federated Search for Amazon S3 functions that facilitate the extraction of field values and matched strings from JSON objects from your Amazon S3 datasets. Forwarder certificate rotation that detects upcoming forwarder certificate expiration and rotates the certificate with the new one, without requiring downtime. New Federated Search for Splunk capabilities for metric indexes and |eventcount command that further enriches your searches. Enjoy seamless communication and improved efficiency with our enhanced email validation using regular expressions, increasing resiliency from situations such as malformed addresses.  Improve your productivity by consolidating dashboard views with multiple tabs within a given dashboard. Boost efficiency with decentralized Search Telemetry by sending data directly and bypassing the Search Head bottleneck. Search Head Cluster replication has been improved to reduce out-of-sync errors Check out the 9.2.2406 release notes for additional details.  Python 2 is in the process of complete removal and soon will no longer be available in coming releases jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported ... View more

Hi Splunky people! We are excited to share the newest updates in Splunk Enterprise 9.3! Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage costs, enhance auditing, ensure compliance, and more, without indexing unnecessary data in Splunk. Save time with enhancements to Dashboard Studio’s scheduled export to include support for maps and search-based tokens. Enjoy automated rolling upgrades for Splunk Enterprise indexer clusters, reducing admin steps and ensuring seamless updates to your system. Optimize search performance with intelligent data rebalancing based on search usage, ensuring a balanced load and efficient bucket allocation across indexers. Save on storage costs in SmartStore for Azure Blob Storage with efficient TSIDX compression during uploads. Field filters capabilities expanded to limit access to sensitive data, ensuring compliance with GDPR and other privacy regulations (Preview). Homepage personalization with in-product bookmarks. Python 3.9 interpreter is the default version in this release. Check out the full release notes  for more details. ... View more

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can benefit from:  The new Splunk AI Assistant for SPL app, powered by generative AI, to help you write SPL, explain SPL and learn Splunk products.  Smarter alert rules for automated emails, reducing errors and showing more meaningful error information to the end user. Enhancements to Dashboard Studio’s scheduled export to include support for maps and search-based tokens Homepage personalization with in-product bookmarks Seamlessly access search history from various apps in a single view on the home page, eliminating the need for tedious navigation through multiple app filters Quicker access to Knowledge Object list by App and Owner on the home page knowledge object tabs Admins can benefit from: Access to cloud data pipeline management capabilities to filter, enrich and route data through Ingest Processor to Splunk Cloud and Observability Cloud endpoints Field filters capabilities expanded to limit access to sensitive data, ensuring compliance with GDPR and other privacy regulations (Public Preview) Federation: performance improvements and optimization for Federated Search for Amazon S3 Forwarder Certificate Rotation automates the detection of an upcoming expiration, issues a new certificate, and rotates the cert with the new one, without requiring downtime. Observability Related Content in Splunk Cloud enhancements to provide a more intuitive configuration experience and automated field mapping. Python 3.9 interpreter is the default version in this release Python 2 is in the process of deprecation and soon will no longer be available in coming releases jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported ... View more