Release Notes: Search strings can now contain variables that are rendered as form elements in the SplunkWeb interface. When used with saved searches, inexperienced users can search efficiently without knowing the details of the search language. This feature simplifies searching by asking the user to input exactly the parameters sought, instead of a complete and potentially complex search. As part of a general effort to simplify the search language, equal signs can now be used where double colons were required.
Release Notes: Search strings can now contain variables that will be rendered as form elements in the SplunkWeb interface. Search language simplification: as part of a general effort to simplify the search language, equal signs can now be used where double colons were required. With the introduction of enhanced archiving and export, customers now have the capability to flexibly archive their Splunk data based on time and size, which is critical for large and long-term data storage issues common with compliance mandates.
Release Notes: New features include interactive reporting, dashboards and personalization, an expanded search language, scripted inputs, a deployment server, a Firefox browser toolbar, flexible event typing, native 64-bit support, multi-processor indexing, and native input from a formatsl archive.
Release Notes: Authentication via LDAP server is now supported along with ZFS and VXFS file systems on Solaris (SPARC and x86).
Release Notes: Distributed search: users can now search across multiple Splunk servers from a single Web or command line interface. A simplified configuration format: name-value pairs in stanzas replace the old XML structures to configure. Hosts can be tagged. Major indexing and search performance improvements, and splunk indexes now take up 40% less disk space. Data can be deleted from the index.
Release Notes: Event type assignments are more exact. Events of the same type are much less likely to be misclassified into separate types. splunkd recovers index data better when restarted after an abrupt termination or incomplete shutdown. This release can index events that have more than 10,000 characters in a single line. The verifyconfig command now handles zero-length XML files without error. Splunk Professional ships with a log4j appender for use on J2EE servers. The installer now shuts down splunkd before updating a prior installation.
Release Notes: Splunk now keeps its index optimized automatically. This eliminates the need to manually optimize the index for any reason. The splunk train command once again works as documented. A generic syslog source type has been added to Splunk's set of built-in known source types. Live Splunks can no longer be created without a name. Splunk Professional usernames can no longer be changed, either accidentally or intentionally. User interface rendering issues with Internet Explorer have been fixed.
Release Notes: The new Splunk Assistant guides new users through basic Splunking. The new report:: operator adds structured reporting. It supports SQLite syntax, so you can use functions like count, min, and max on your Splunk results and save report files to your desktop. The new syslog module for Splunk Professional acts as a syslog daemon. It listens on port 514 (or other), receives syslog events via UDP, and indexes them into Splunk Professional. The new distributed module for Splunk Professional listens on a TCP port. It lets Splunk index log4j and other source types directly rather than from a file.
Release Notes: This is a maintenance release. It increases stability but makes no changes to configuration or operation.