• What's New
  • What's new in Splunk 3.1
    • Form search
    • Search language simplification
    • Archiving
• Known Issues
  • Known Issues for release 3.1.3
    • General Issues and Recommendations
    • Search & Navigation
    • Administration
    • Toolbar
• Changelogs by Version
  • 3.1.3
    • Resolved issues from 3.1.2
    • New issues in this release
  • 3.1.2
    • Resolved issues from 3.1.1
    • New issues in this release
  • 3.1.1
    • New features
    • Resolved issues from 3.1
    • New issues in this release
  • 3.1
    • New features
    • Resolved issues from 3.0.x
    • New issues in this release
• Credits
  • Credits
  • APSW
  • boost
  • elementree
  • expat
  • fpconst
  • gadfly
  • libarchive
  • libiconv
  • libxml2
  • libxslt
  • log4py
  • numeric
  • openLDAP
  • OpenSSL
  • pcre
  • popt1.7
  • pyopenssl
  • pysqlite
  • python
  • pyxml
  • SOAPppy 0.11.6
  • sqlite
  • twisted
  • xmlwrapp 0.5.0
  • zope
  • zlib

What's new in Splunk 3.1

Form search

Search strings can now contain variables that are rendered as form elements in the SplunkWeb interface. When used with Saved searches, inexperienced users can search efficiently without knowing the details of the search language. This feature simplifies searching by asking the user to input exactly the parameters he is looking for, instead of a complete and potentially complex search.

Search language simplification

As part of a general effort to simplify the search language, equal signs can now be used where double colons were required. In prior releases, search field syntax required a double colon but extracted field syntax required an equal sign. For example, host::splunker for the host search field and myfield=value for the extracted field myfield. Now search and extracted fields can both be used with equal signs in searches.

Archiving

With the introduction of enhanced archiving and export, customers now have the capability to flexibly archive their Splunk data based on time and size, critical for large and long-term data storage issues common with compliance mandates. This data can be easily resurrected back into Splunk for historical searches, and data can be exported simply and easily to put Splunk-gathered data anywhere an operator desires.