Here are a few top of mind questions from the live Tech Talk: Q: How do I test compatibility of my apps with Python 3.9? A: The Splunk beta containing Python 3.9 connected with OpenSSL3 is out. Please sign up for the Beta and access the Splunk binary that you can use to test your apps against the Python 3.9 runtime environment. Q: Will this Splunk base app for forwarder upgrade work with older versions of Splunk enterprise? A: Yes, you can use all supported DS versions. Please note that the version of UF matters. The Remote Upgrader for Linux Universal Forwarders is supported on Universal Forwarder version 9.0 and higher. The oldest version from which you can upgrade your Universal Forwarder using the Remote Upgrader is 8.0. Q: Where can I learn more about the Remote UF upgrade feature? A: You can learn more by checking out these resources: https://docs.splunk.com/Documentation/Forwarder/1.0.0/ForwarderRemoteUpgradeLinux/About https://splunkbase.splunk.com/app/7699 Q: Can we run Splunk Enterprise 9.4 in Container/Kubernetes cluster? Meaning running Search Head and Indexer cluster in Kubernetes cluster? A: Yes. Splunk Operator for Kubernetes 2.7.0 is the first version to support Splunk 9.4.0. For more details please refer to the SOK documentation and the release compatibility matrix. Q: How is the new persistent queuing different from the existing persistent queue mechanism? A: It is the same mechanism but in output, which makes it much easier to work with scenarios like connectivity loss to cloud without blocking ingestion (when the collection design doesn't allow to block it) and routing to multiple destinations where one destination fails but not the other). Q: How will automated rolling upgrades work with Splunk Operator for k8s and its containers? A: The Operator will be upgraded one pod at a time in a rolling fashion. It might have some performance impact, but Splunk will be online all the time. There's no need for a maintenance window. Please refer to this document for more details. Q: Since we just deployed Splunk 9.2 can we expect the python automatic installation along with the Splunk version? A: Yes, on deploying Splunk 9.2, you can expect the Python runtime environment getting automatically installed. With Splunk Enterprise 9.2, Python 3.7 is the default Python interpreter. Q: According to the documentation: stats command v1 is deprecated, so, do I need to modify all my existing searches that are using stats command? A: You do not need to modify any existing searches. Stats v2 was activated by default after ensuring parity with stats v1. Q: Is SPL2 available in on-premise deployments? A: The SPL2 for app development is in public beta in Splunk Enterprise, and is available in the Edge Processor on-prem beta. Q: Is there any movement on dashboards that require no login? A: Yes, we call it “view” dashboard without login and it is already shipped in the Splunk Cloud v9.3.2411 release. It will be available in Splunk Enterprise v9.5. Q: Is there anything new with the SOC operations with this version of enterprise, meant for more under the security posture option? A: Please review Splunk Enterprise Security 8.0.2 Release Notes. Q: AI-powered suggestions to help you write SPL queries more effectively? A: Write SPL is one of the most used skills in Splunk AI Assistant for SPL. This skill allows you to specify the intent of your query in natural language and have it converted to an SPL query that is ready to execute. We even have a personalization option, that if turned on, understands your environment and writes queries that are tailor made to your environment. Q: Is there a roadmap to support Splunk enterprise for ARM based instances? A: We are exploring this capability and are partnering closely with a select group of design partner customers, but do not have any announcements to make at this time. If this is something you are looking for in your environment, please raise this with your account team and ask them to bring to the Product leads. Q: Why is it a difficult issue to install Splunk Enterprises on any OS with ARM64, aarch64? A: Beyond needing builds that are compiled for ARM, the larger issue is the 3rd-party application ecosystem. Many apps have dependencies on x86-based libraries and packages. So there is work to do to make the 3rd-party app ecosystem ARM-ready. Q: What is the plan for metrics indexes? I have heard that they are being deprecated. Are they a viable option long term? A: While there are currently no plans for deprecation, no new updates are planned in the near term for metrics indexes. Q: Splunk remote upgrader is a great feature. Do we have any idea on when it will also be available for Windows (Only Linux right now)? A: Splunk Remote Upgrader for Windows is in progress, stay tuned for more information very soon. Q: Are there any improvements for the license manager for large scale deployments? A: The licensing team is currently investigating a number of LM performance improvements, especially in large deployments, however none are available as of 9.4 or the following release. Q: Is this just for App Development still or is SPL2 available for search as well? A: It is only App Development for now. Stay tuned for more updates on use for general search & reporting, that is on the roadmap. Q: When will the KV store upgrade support custom certificates? A: We are currently working on a fix and planning to release the fix in a Splunk 9.4.x maintenance release soon. Q: Will dashboard studio support JS / Custom visualizations? A: We are currently developing the custom visualizations feature for Dashboard Studio. Feel free to post any additional questions or comments.
... View more
