This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10
Splunk has extended the Deployment Server to allow it to push almost any file type to other Splunk instances; for example .gz, .zip, .xml files can be remotely deployed. Users can now define the deployment file location - which can be local or remote - to dynamic synchronization the deployment server source files. Also, extended server class semantics allow server definition overlap within the server class topology.
Learn more about deployment server in the Admin Manual.
Splunk adds new support for data routing to a user defined destination via UDP or TCP based syslog out. syslog facility and priority settings for TCP are customizable to provide superior flexibility and control in syslog routing. Any indexed data format can be routed out to another system – either Splunk or third party syslog listeners – either with or without Splunk processing and at the priority you choose. Additional protections allow for packet-level tolerance or intolerance of non-conforming syslog inputs prior to routing
Learn more about routing data based on syslog facility and priority in the Admin Manual.
Auto load balancing allows dynamic connections and dynamic fail over from Splunk forwarders to Splunk indexer. Auto load balancing provides improved reliability of the forwarder and index mechanisms across a distributed topology. Multiple routing algorithm types are supported, including round robin and least-recently-used. Enterprise customers can also leverage more sophisticated DNS load balancing with full FQDN name resolution. New load balancing features include:
Learn more about automatic load balancing in the Admin Manual.
The bandwidth usage of Splunk forwarding is significantly reduced through new network bandwidth compression capabilities that are fully administrator configurable.
For details on SSL compression for distributed deployments, see "Secure access to your Splunk server with SSL" in the Admin Manula and check out the SSLConfig setting in server.conf.
For details on SSL compression for forwarded data, see "Use SSL encryption between forwarders and receivers" in the Admin Manual.
Splunk users can easily optimize their production environments by implementing the many distributed system Splunk enhancements. Splunk now supports improved networking throughput, Splunk acting as a proxy for filtering and routing syslog data, Splunk load balances network access to indexers, and Splunk can deploy new file types to ease application distribution.