We are thrilled to announce the General Availability of Splunk Cloud 7.2! We have started onboarding new Splunk Cloud customers to this new release earlier this year.
Splunk Cloud 7.2 highlights include the following:
Logs to Metrics: Convert your log data to metric data points at the time of ingest.
Guided Data Onboarding (GDO): GDO provides end-to-end guidance for getting specific data sources into Splunk Cloud.
Dashboard Dark Mode: A dark dashboard display option that is optimized for the NOC/SOC/overhead viewing experience...and it legitimately looks cool.
Splunk Cloud standardizes on an architecture that incorporates SmartStore.
Dynamic Data Active Archive (DDAA): This Splunk Cloud subscription creates a lower price/performance option for long-term data retention that you’d like to remain searchable.
In Splunk Cloud, we see customer data as having a dynamic lifecycle that goes through different phases: Searchable, Archive and Self-Storage.
Every Splunk Cloud subscription includes Searchable storage and stored data is searchable at speed and is immediately available for the analytics workloads. Archive is an optional Splunk Cloud subscription that enables customers to retain data for longer timeframes driven by their compliance requirements. Self-Storage will benefit customers who want to keep older data under their control.
One common question I get asked is the difference between Archive and Self-Storage, so I put together this simple comparison table to help you compare these two options:
Note that since Archive and Self-Storage are enabled on per index basis, you can selectively choose which is best to use to meet your data retention requirements. As a purely hypothetical example, you may select the odd numbered indexes to send aged data to Archive while choosing the even numbered indexes to export aged data to Self-Storage.
Finally, I wanted to include some other final considerations as you prepare for Splunk Cloud 7.2 upgrades - allow me to be technical for a moment:
Splunk Cloud standardizes our authentication and access models to either local login or SAML-based authentication. This means that if you are using multi-factor authentication, the solution you choose must integrate with a SAML-based authentication solution. There are numerous SAML-based authentication solutions that Splunk Cloud supports.
Splunkbase is the system of record for app compatibility with Splunk Cloud 7.2. We know of a handful of Splunk Supported Apps are currently not compatible or vetted for Splunk Cloud 7.2, but we are working hard to close the gaps as soon as possible. For Community Supported Apps, you’ll need to ensure compatibility with Splunk Cloud 7.2 prior to being upgraded to this release.
Ensure that your universal and heavy forwarders are upgraded to ensure compatibility and supportability.
Automated Aged Data Movement
Unified in Splunk Web
Distributed across Splunk Web and AWS Console
Included in subscription
Customer pays AWS
Monitoring that aged data successfully moved
Restore data to Splunk Cloud
(restore to BYOL or on-prem Splunk Enterprise)
Unified in Splunk Web
Manual steps in CLI
When restored data is searchable
Within 24 hours
Variable depending on customer skill set and infrastructure readiness