What's New: Splunk Enterprise 8.2

Welcome back to another day in paradise. Today we are announcing the release of Splunk Enterprise 8.2. Since our last release of Splunk Enterprise 8.1 at .conf20, we have continued development of new and enhanced capabilities for our twice a year release cadence.

In Splunk Enterprise 8.2, we have focused our development offers across a number of themes: insights, admin productivity, data infrastructure, and performance. Be sure to check out Splunk Docs for a complete and definitive guide on how and where you can access and use these new features.

Insights

We’re happy to share that Dashboard Studio is now generally available (GA) and is now integrated directly into Search & Reporting, alongside the Classic Dashboard experience. Dashboard Studio is our new and intuitive dashboard-builder for creating visually-compelling dashboards with advanced visualization tools and fully customizable formats. We’re loving all the new beautiful and expressive dashboards that customers are building, check out our announcement on Dashboard Studio here. We can’t wait to see what you do with this next! Also, Splunk Secure Gateway (SSG) App is now delivered as part of Splunk Enterprise. SSG lets you configure your Connected Experiences mobile deployment and register devices to a Splunk instance. Thank you to all customers who helped provide feedback along the way!

^{Dashboard Studio in action}

Admin Productivity

We’ve done a lot in this release to help admins do more with less. The Splunk Health Report also now displays information rolled up in a distributed environment so that you don’t have to login to every node. We’ve added a way to monitor I/O Wait and Ingestion Latency in the Splunk Health Report.

^{Distributed Health Report}

We’re also introducing a new set of internal logs that track configuration file changes at the filesystem level for auditing purposes. Additionally, check out a new app “Knowledge Object Management” on Splunkbase for tracking asset usage and reporting. Look for more updates in the future on improved experience with auditing — we’re just getting started!

Lastly, we’re also shipping in this release a new feature which allows admins to restrict the end user’s search results based on the age of the event. Oh my!

Infrastructure & Data

A key capability shipping in this release is Federated Search in hybrid deployments. There may be times when you want to run a single query across different Splunk deployments. This may especially apply if some deployments require regional presence or are subject to data policies. Federated Search in Splunk Enterprise 8.2 supports searching for On-prem to On-prem environments, and On-prem to Splunk Cloud.

Also new is the support for merging buckets in standalone (single node) instances. This is one step in a series of enhancements that are expected to address indexer clustering performance and stability following system activities such as restarts. This should start to enable customers to achieve larger bucket sizes to more optimally and smoothly scale their deployments.

Performance

As always, we continue to make advancements in the performance of Splunk. We have a host of improvements in this release. Customers can expect up to 10X faster scheduling of searches, especially in cases where large a number of searches are scheduled every minute and saved search configuration files are updated frequently. We have also improved schedule report performance. We now provide an option for durable search processing to achieve delivery guarantee, and ensures that scheduled reports do not lose events over time, even when errors occur. We’ve also made improvements to speed up searchable rolling restarts, whenever deployment architecture allows it. Other improvements include improved kvstore backup and restore experience, and compression techniques for bundle pushes, improving the availability and resilience of Splunk. Be sure to check out our release notes for more!

BYOL

Lastly, since our last release, we are happy to announce the General Availability of Splunk Operator for Kubernetes. This release fully supports running containerized Splunk at scale, allowing customers to ingest larger volumes of data and support larger search capacity on their kubernetes platform of choice. This includes automated cluster setup and monitoring, using best practice Splunk uses internally. Easily expand and contract compute resources, so that you can add Search Heads and Indexers to your Splunk deployment. Stay tuned for more updates in this area in the future.

Get Started

Install the What’s New in Splunk Enterprise 8.2 App for a guided walkthrough of the top new release features and make sure you are prepared for Python 3 migration with the Python 3 Readiness App.

Want to see these in action? Upgrade now to 8.2, or move to Splunk Cloud to enjoy uninterrupted service delivery of the most innovative and up-to-date features.

Thanks for allowing me to share these updates with you, and we hope you will join us next time!