In case anyone comes here and wants to know what's new in 6.3...
Here are some excerpts from this blog post here.
Custom Alert Actions make it simple for 3rd party or custom developers to create rich integrations or actions that can be automatically triggered by Splunk alerts. The user has a simple pull-down menu to choose among the integrations installed. Splunk and partners have already created a dozen integrations including ServiceNow, Slack, Big Panda, Citrix Octoblu, Webhook and more.
Geospatial Visualizations and Single-Value Displays allow customers to use widely-available Choropleth maps and context-rich KPI displays to easily visualize, understand and communicate results. And the new Anomaly Detection command now brings histogram-based analysis to the Splunk analytics arsenal.
It all depends on your workload and configuration but 6.3 can:
What can it mean?
Upgrade readme has a list of known issues and changes.
The Splunk Enterprise 6.3 release includes one new manual and several enhancements to key areas of existing content.
This release includes the following updates to the REST API.