Announcing Splunk Enterprise 10.2 & Splunk Cloud Platform 10.2 – Next Generation Querying & Analytics

We're thrilled to unveil Splunk Enterprise 10.2 and Splunk Cloud Platform 10.2, raising the bar for unified data access, security, and actionable insights. This release delivers a host of innovations and major enhancements to transform your Splunk experience. Since the announcement of Splunk 10, we have invested in new capabilities that help you drive value, efficiency, and resilience across your organization. Let’s dive in!

Features and Enhancements Available in Both Splunk Cloud Platform 10.2 and Splunk Enterprise 10.2

SPL2 in Search & Reporting

Introducing SPL2 for Search & Reporting, Splunk's next-generation search and data preparation language, designed to unify data preparation and analytics across your entire ecosystem. With SPL2, you can more easily create complex searches and prepare data in-stream, leveraging analytics across diverse datasets and enabling faster insights for a wider range of Splunk users.

SPL2 is engineered to enhance productivity for analysts, app developers, and data administrators by offering a single syntax for searching Splunk indexes, accessing federated data stores, and preparing data in-stream. It is fully backward compatible with SPL while also supporting SQL syntax, making Splunk more accessible to users with diverse backgrounds. With features like a multi-statement "module" editor, rich autocomplete, in-product documentation, and advanced data handling capabilities like improved JSON processing and granular data sharing through views, SPL2 sets a new standard for data access and transformation across your ecosystem.

AI Assistant for SPL (SAIA) in Search & Reporting

We're excited to announce that the  Splunk AI Assistant for SPL (SAIA)  is now integrated directly into the Search & Reporting app! This powerful assistant  helps users generate, explain, and translate  SPL using natural language, significantly boosting your productivity and making SPL more accessible.

You can see the AI Assistant for SPL has been integrated directly into the Search & Reporting app to be even more tightly integrated with existing workflows!

The assistant can be launched by clicking on the SAIA icon in the top right corner.

In this example, SAIA has helped the user write SPL to find what data is being collected in their environment. You can then copy the query into the Search bar and execute.

To learn more about the AI Assistant in Search and how to leverage it, please see our  Splunk docs  pages.

Lastly, users can now seamlessly include Splunk Observability Cloud metric based charts in both published and exported Dashboard Studio dashboards, making it easier to visualize and share critical insights across teams.

Features and Enhancements Available in Splunk Cloud Platform 10.2:

Federated Search for Amazon S3

With Federated Search for Amazon S3, customers can now run powerful search queries directly on data stored in low-cost S3 storage tiers—like Glacier and Intelligent-Tiering—enabling significant cost savings while still maintaining fast access to long-term historical data for compliance and analytics needs.

Expanded Security Portfolio to Amazon Security Lake

The expanded integration with Amazon Security Lake empowers customers to leverage advanced federated analytics and threat detection on security data, streamlining onboarding and data management while offering flexible indexing options—helping organizations strengthen security insights without added complexity or storage overhead.

DDAA on Azure

Splunk DDAA (Dynamic Data: Active Archive) is now supported on Azure—giving customers secure, cost-effective, and flexible long-term data retention with on-demand access. This enables organizations to meet audit, compliance, and regulatory requirements more efficiently, restoring archived data within 24 hours and searching for up to 30 days, all while leveraging Azure’s scalability and security.

To learn more about new enhancements in Splunk Cloud Platform 10.2, see our documentation.

Features and Enhancements Available in Splunk Enterprise 10.2:

Agent Manager Enhancements:

The latest Agent Management enhancements provide Splunk Enterprise admins with a streamlined experience, featuring improved navigation for easy switching between Forwarders and OTel Collectors, enhanced UI workflows, performance optimizations, and comprehensive fleet overviews. This unified management interface enables admins to efficiently manage, maintain, and troubleshoot all their agents from a single, centralized location—simplifying operations and reducing complexity across their infrastructure.

Edge Processor Enhancement:

With the latest Edge Processor enhancements, customers gain real-time visibility into pipeline status updates and health metrics, making it easier to monitor and manage data flows efficiently. The addition of AWS S3 Parquet support and Multi Event JSON Ingestion increases flexibility and standardize processes, empowering users to adapt to evolving data needs and gain deeper clarity over their infrastructure.

To learn more about the new enhancements in Splunk Enterprise 10.2, see our documentation.

Upgrade Readiness

With the announcement of these exciting enhancements and modernizations, the Splunk platform is committed to staying ahead of the ever-evolving digital landscape. In order to continue the modernization of the Splunk platform, customers may need to take action to prepare for certain breaking changes.

Make sure to watch the on-demand replay of our Tech Talk webinar: "Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever." This session details the powerful new features designed to enhance data security and a technical deep dive into breaking changes.

Customers can use the  Splunk Health Assistant Add-On  (SHAA), supplementing the Splunk Enterprise Monitoring Console, an upgrade readiness tool designed to streamline your transition to the next version of Splunk Enterprise 10.x. The latest validation checks are specifically designed for Splunk 10.x to help customers proactively identify and remediate potential breaking changes prior to upgrading.

Splunk Cloud Platform customers have access to a subset of these validations relevant to the Splunk Cloud Platform via the Splunk Cloud Platform Monitoring Console. Installation of these checks happens automatically, and customers do not need to restart their deployments.

Get Started Today

App Developers

Splunk and 3rd party applications hosted on Splunkbase have an indicator to confirm compliance with Splunk 10.x. Indicate your app has been tested and is compatible with Splunk 10.x for your organization and other users to continue using.

Admins

To maintain ongoing  Federal Information Processing Standard  (FIPS) compliance, Splunk 10.0 or higher is essential for meeting all required standards. All Splunk Enterprise customers who operate a  FIPS compliant environment  will have until  March 8, 2026,  to complete the  upgrade to Splunk Enterprise 10.0  to remain compliant with FIPS requirements. Our  Professional Service experts  are ready to answer your questions and guide you smoothly toward Splunk 10.x readiness.

Join the Community Slack channel  #splunk_10_upgrade_issues  to connect directly with our experts.