Splunk Cloud 7.2 Upgrades Are Underway

We're thrilled to announce that we've started upgrading existing Splunk Cloud customers to version 7.2! This is the next phase of the Splunk Cloud 7.2 rollout since we started onboarding new Splunk Cloud customers to the new release earlier this year.

Splunk Cloud 7.2 highlights include the following:

  • Logs to Metrics: Convert your log data to metric data points at the time of ingest.
  • Guided Data Onboarding (GDO): GDO provides end-to-end guidance for getting specific data sources into Splunk Cloud.
  • Dashboard Dark Mode: A dark dashboard display option that is optimized for the NOC/SOC/overhead viewing experience...and it legitimately looks cool.
  • Splunk Cloud standardizes on an architecture that incorporates SmartStore.
  • Dynamic Data Active Archive (DDAA): This Splunk Cloud subscription creates a lower price/performance option for long-term data retention that you’d like to remain searchable. This is one of the most requested features from our customers, so let me elaborate further on how DDAA can fit into your data retention strategy.

In Splunk Cloud, we see customer data as having a dynamic lifecycle that goes through different phases: Searchable, Archive and Self-Storage.

Every Splunk Cloud subscription includes searchable storage, and stored data is searchable at speed and is immediately available for the analytics workloads. Archive is an optional Splunk Cloud subscription that enables customers to retain data for longer timeframes driven by their compliance requirements. Self-Storage benefits customers who want to keep older data under their control.

One common question I get asked is the difference between Archive and Self-Storage, so I put together this simple comparison table to help you compare these two options and help you drive to a decision:

If you'd like further information, please refer to the Archive or Self-Storage blogs.

Note that since Archive and Self-Storage are enabled on per index basis, you can selectively choose which is best to use to meet your data retention requirements. As a purely hypothetical example, you may select the odd numbered indexes to send aged data to Archive while choosing the even numbered indexes to export aged data to Self-Storage.

Finally, I wanted to include some potential actions for you as you prepare for the version 7.2 upgrade.

1. Splunk Cloud standardizes our authentication and access models to either local login or SAML-based authentication.

  • Your SAML certificate must use the SHA-256 hash algorithm instead the SHA-1 hash algorithm in Splunk Cloud 7.2. If your SAML certificate isn’t currently on SHA-256, you will need to be upgrade it prior to the Splunk Cloud 7.2 upgrade—otherwise you may not be able to login to your Splunk Cloud post-upgrade.
  • If you are using multi-factor authentication, the solution you choose must integrate with a SAML-based authentication solution. There are numerous SAML-based authentication solutions that Splunk Cloud supports that also enables multi-factor authentication.

2. Ensure that your universal and heavy forwarders are upgraded to ensure compatibility and supportability. The forwarders that are the most critical for you to upgrade are the ones communicating directly with Splunk Cloud.

3. Splunkbase is the system of record of Splunk Cloud 7.2 compatibility for publicly available app and add-ons (Apps).

  • Splunk ensures compatibility for any Splunk Supported Apps installed in Splunk Cloud before commencing Splunk Cloud upgrades.
  • We are aware of a handful of Splunk Supported Apps are currently not compatible or vetted for Splunk Cloud 7.2, so ensuring compatibility for these Splunk Supported Apps may delay your 7.2 upgrade.
  • For any Developer Supported or Not Supported Apps, you’ll need to ensure compatibility with Splunk Cloud since Splunk does not provide support or maintenance for Apps published by any third-party developers.

Azmir Mohamed

Azmir Mohamed
Posted by

Azmir Mohamed

Azmir is a Principal Product Manager on the Splunk Cloud team. He joined Splunk after spending seven years at IaaS startups in various product management leadership roles. The last of these startups was Blue Box, which was by acquired IBM and where he ran the Bluemix Private Cloud offering. Prior to his startup stints, Azmir held senior product and strategy leadership roles at VMware and Cisco. While the SF Bay Area has been home for more than 2 decades, he was born and raised in Malaysia. And yes, he loves durian.

Show All Tags
Show Less Tags