This is not current Splunk documentation.
Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
« Previous  |   Table of Contents   |   Next »

Splunk Release Notes (Splunk v2.0)

Versions

Version 1.0

Splunk Professional

A premium edition for production IT environments. It includes several features beyond the free Splunk Server.

  • Splunk Sync: centralized, secure configuration and collection of remote logs from production Unix and Windows servers.
  • Live Splunks: sheduled, configurable execution of saved splunks. Notification via shell command, email and RSS.
  • My Splunk: unlimited individual user accounts with user, power user, and admin roles. Individual history and settings.
  • Multiple indexes: keep data from different environments, applications or customers in separately searchable indexes on the same Splunk Server host and interface.
    •

    User Interface & Search

  • Improved usability of home page and search box layouts.
  • Tabbed interface with summaries by event type, tag, source, source type, and source host replaces single pane of search tools.
  • Significantly faster UI performance.
  • Vastly expanded search language.
  • Searchable history of splunks, saved as events by the server.
  • Splunk Professional adds a separate history for each user.
  • Search results can be exported to a file and optionally opened in an application.
  • Search language supports standard Boolean AND, OR and NOT operators, plus nested logic. ( foo NOT ( bar OR baz ) )
  • Number of results can be limited with count:: for faster searches.
  • Unique, searchable ID displayed for each event in the index.
  • Searchable source host displayed for each event.
  • Source types can be renamed in the UI. (rename unknown-2109263245 to ssl_request_log)
  • GUI can be skinned via CSS.
  • XSLT plug-ins for custom display of specific results.
  • New admin page for server statistics.
  • Splunk Professional admin pages to manage users, Saved Splunks, Live Splunks, and license key.
    •

    Indexing

  • Vastly improved event aggregation, typing, and timestamp discovery for key J2EE, database, web server, VoIP and network data formats.
  • Ability to configure processing parameters for specific source types to improve both accuracy and performance.
  • Pre-trained recognition of nearly 40 popular data formats as source types.
  • Unrecognized source types, like unrecognized event types, are given unique numeric IDs that can be customized with local names.
  • Timezone and drift normalization for each source host. Host is now a searchable descriptor.
  • Regular expression support for event typing.
  • GUI can upload local files from desktop through the browser.
  • Event typing can be configured differently for different sources.
    •

    Installation and Configuration

  • Installer can be re-run later as a configuration tool to change settings.
  • Memory and disk usage parameters have been normalized to use megabytes, replacing a mix of bytes and kilobytes.
    •

    Supported Platforms

  • Linux support is extended to all 2.6+ kernel distros and all 2.4.2+ distros with NPTL.
  • Solaris 8, 9, and 10 for SPARC.
  • FreeBSD and Mac OS X builds in late November.
    •
    « Previous  |   Table of Contents   |   Next »

    Comments

    No comments have been submitted.

    close

    Flash required to play this video.

    Click here to download the free Flash Player.

    Description:

    Permalink: