Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we have many awaited features and enhancements for both analysts and admins, helping you further your organizational progress toward digital resilience.  Comprehensive Visibility Deployment Server 9.4 Enhancements: Provides a centralized interface to manage and troubleshoot Splunk agents, with a new UI for improved user experience and accessibility compliance. Health and Status Overview: New capabilities for monitoring the health and status of agents, enhancing visibility into deployment. Federated Search for Splunk: Enhanced support for metric indexes and eventcount across modes, improving visibility into remote Splunk platforms. Dashboard Studio Enhancements: Updates to Dashboard Studio for better visualization and insights. Read what’s new.  SPL2 Public Beta: Offers flexibility for custom app development, enhancing control over the Splunk ecosystem. Rapid Detection & Investigation Enhanced Search Commands: Updates to the foreach command and support for mcatalog in federated searches, facilitating more effective search capabilities. Eval Function Enhancements: New functions for data type conversion and type testing, aiding in efficient data manipulation and investigation. Eliminate SHC Out-of-Sync Issues: Improved SHC replication to reduce errors and streamline search head cluster management. Optimized Response Quarantine of Large CSV Lookups: Automatic quarantining of large lookups to prevent replication issues, ensuring smoother operations. Workload Management with cgroups v2: Support for Linux cgroups version 2, optimizing resource management and response efficiency. There are additional updates and enhancements that we’ve released that provide platform stability (KVStore Upgrade to 7.0) and enhanced user experience, supporting the overall usability and performance of Splunk Enterprise.  Check out the 9.4 release notes for additional details.  Python 2 is in the process of complete removal and soon will no longer be available in coming releases jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported ... View more

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this release we have many awaited features and enhancements for both analysts and admins, helping you further your organizational progress toward digital resilience.  Showing you guided insights - detecting threats and issues with context Federated Analytics on Amazon Security Lake: This premium add-on feature allows admins and security teams to use Federated Analytics to analyze data wherever it resides, in Splunk or Amazon Security Lake, for investigations, detections and threat hunting. This enables your team to leverage the low cost of data lake storage and bring in select data on-demand into Splunk which helps reduce the limitations of data silos and enables a thorough exploration of data to uncover potential threats. Want to learn more? Read the dedicated launch blog about Federated Analytics. Powering you with foundational visibility - to see across your environments Federated Search for Amazon S3: This enhancement simplifies AWS schema setup for common sourcetypes (e.g., CloudTrail, VPC Flow), streamlining access to key AWS data. This automation enables faster, more consistent monitoring and analysis across environments, enhancing security operations with broader, easier access to relevant insights. Splunk Observability Cloud metrics in Splunk Cloud Platform: Enables customers to leverage Splunk Observability Cloud’s powerful metric store by bringing real-time metrics into Splunk Dashboard Studio for a centralized charting experience. Users can now have streaming metrics alongside existing SPL-based charts for a single pane of glass across logs and metrics. Enhanced dashboard usability and performance  Version History: Dashboard Studio now includes version history, allowing users to save, compare, and revert to previous dashboard versions for more flexible iteration and collaboration. Saved Searches Integration: Users can now browse and add saved searches directly within Dashboard Studio, streamlining access to essential data. Improved Rendering Performance: Charts with timeseries or numerical data now render faster, enhancing the dashboard experience for users working with complex data. There are additional updates and enhancements that we’ve released that provide platform stability (KVStore Upgrade to 7.0) and enhanced user experience, supporting the overall usability and performance of Splunk Cloud Platform.  Check out the 9.3.2408 release notes for additional details.  Python 2 is in the process of complete removal and soon will no longer be available in coming releases jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported ... View more

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many awaited features for both Analysts and Admins, helping you further your organizational progress toward resilience.  Analysts and Admins can benefit from these key highlights of the release: New Federated Search for Amazon S3 functions that facilitate the extraction of field values and matched strings from JSON objects from your Amazon S3 datasets. Forwarder certificate rotation that detects upcoming forwarder certificate expiration and rotates the certificate with the new one, without requiring downtime. New Federated Search for Splunk capabilities for metric indexes and |eventcount command that further enriches your searches. Enjoy seamless communication and improved efficiency with our enhanced email validation using regular expressions, increasing resiliency from situations such as malformed addresses.  Improve your productivity by consolidating dashboard views with multiple tabs within a given dashboard. Boost efficiency with decentralized Search Telemetry by sending data directly and bypassing the Search Head bottleneck. Search Head Cluster replication has been improved to reduce out-of-sync errors Check out the 9.2.2406 release notes for additional details.  Python 2 is in the process of complete removal and soon will no longer be available in coming releases jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported ... View more

Hi Splunky people! We are excited to share the newest updates in Splunk Enterprise 9.3! Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage costs, enhance auditing, ensure compliance, and more, without indexing unnecessary data in Splunk. Save time with enhancements to Dashboard Studio’s scheduled export to include support for maps and search-based tokens. Enjoy automated rolling upgrades for Splunk Enterprise indexer clusters, reducing admin steps and ensuring seamless updates to your system. Optimize search performance with intelligent data rebalancing based on search usage, ensuring a balanced load and efficient bucket allocation across indexers. Save on storage costs in SmartStore for Azure Blob Storage with efficient TSIDX compression during uploads. Field filters capabilities expanded to limit access to sensitive data, ensuring compliance with GDPR and other privacy regulations (Preview). Homepage personalization with in-product bookmarks. Python 3.9 interpreter is the default version in this release. Check out the full release notes  for more details. ... View more

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can benefit from:  The new Splunk AI Assistant for SPL app, powered by generative AI, to help you write SPL, explain SPL and learn Splunk products.  Smarter alert rules for automated emails, reducing errors and showing more meaningful error information to the end user. Enhancements to Dashboard Studio’s scheduled export to include support for maps and search-based tokens Homepage personalization with in-product bookmarks Seamlessly access search history from various apps in a single view on the home page, eliminating the need for tedious navigation through multiple app filters Quicker access to Knowledge Object list by App and Owner on the home page knowledge object tabs Admins can benefit from: Access to cloud data pipeline management capabilities to filter, enrich and route data through Ingest Processor to Splunk Cloud and Observability Cloud endpoints Field filters capabilities expanded to limit access to sensitive data, ensuring compliance with GDPR and other privacy regulations (Public Preview) Federation: performance improvements and optimization for Federated Search for Amazon S3 Forwarder Certificate Rotation automates the detection of an upcoming expiration, issues a new certificate, and rotates the cert with the new one, without requiring downtime. Observability Related Content in Splunk Cloud enhancements to provide a more intuitive configuration experience and automated field mapping. Python 3.9 interpreter is the default version in this release Python 2 is in the process of deprecation and soon will no longer be available in coming releases jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported ... View more