Announcing Splunk Cloud Platform 10.4 and Splunk Enterprise 10.4: Federated Search Is Here

Splunk Enterprise and Splunk Cloud Platform version 10.4 mark a major step forward in helping organizations unify visibility, simplify operations, and get more value from their data wherever it lives. Headlining this release is Federated Search, a powerful new capability that lets you search distributed data in place across hybrid and multi-cloud environments, reducing data movement while accelerating access to the insights your teams need most. Combined with major advancements in dashboarding, navigation, and AI-powered workflows, Splunk Platform 10.4 helps you move faster, reduce complexity, and turn fragmented data into action.

In addition to these exciting new features, Splunk Platform 10.4 strengthens the foundation customers rely on every day with continued investments in security, performance, and operational efficiency. This release delivers important architectural advancements for Splunk Enterprise while further enhancing the speed, resilience, and trusted cloud foundation that Splunk Cloud Platform customers depend on.

Features and Enhancements Available in Both Splunk Cloud Platform 10.4 and Splunk Enterprise 10.4

Dashboard Studio Visualization Enhancements

We are elevating your data visualization experience in Splunk Platform 10.4 with powerful Dashboard Studio enhancements, including a flexible new custom visualization framework, a centralized Token Manager for seamless debugging, and unlimited input results. These updates, alongside new cascading inputs and enhanced admin resource controls, give you the freedom to build more complex, performant, and reliable dashboards that turn your data into actionable insights faster than ever.

Get excited for unlimited visualizations choices and input results with the new custom visualizations framework.

Data Management Consolidation

We are excited to introduce the new Data Management home page, a centralized hub that consolidates your critical data management workflows into one intuitive, unified experience. By providing a single entry point for tasks like ingest monitoring, data inputs, and dataset configuration, this update eliminates navigation friction and helps you manage your data ecosystem more effortlessly. Experience a more streamlined and efficient way to organize your work, letting you focus on getting the most value from your data.

The new Data Management home page features built-in adoption support and quick-start resources, designed to help you navigate your workflows and maximize your productivity from day one.

Modern Navigation

We are thrilled to unveil a more modern navigation in Splunk Platform 10.4, an update we designed to streamline your daily workflows through an intuitive side navigation panel. By optimizing real estate and aligning with our unified design system, this enhancement empowers you to access critical data and utilities faster than ever, letting you focus on what matters most. Experience a cleaner, more efficient interface that elevates your productivity and brings a cohesive, modern feel to your entire Splunk platform environment.

Features and Enhancements Available in Splunk Cloud Platform 10.4

Federated Search

Introducing Federated Search, a core pillar of the Cisco Data Fabric powered by the Splunk Platform, designed to solve the data distribution dilemma. In today’s hybrid and multi-cloud landscape, fragmented data creates visibility gaps and operational friction. Federated Search eliminates these barriers by letting you query data exactly where it lives, turning distributed signals into actionable, AI-ready intelligence without the need for constant data movement.

This release introduces intelligent routing to balance real-time monitoring with cost-effective storage, alongside AI-driven schema inference that removes manual data preparation. With support for Bring Your Own (BYO) catalogs and a unified experience using the familiar SPL2 query language, teams can maintain existing governance while gaining deep, centralized visibility. By bridging the gap between high-value insights and archival storage, Federated Search empowers organizations to optimize costs and accelerate troubleshooting, helping to operationalize data across your entire environment. Learn more here!

Splunk AI Assistant 2.0

Introducing Splunk AI Assistant 2.0 (SAIA), your new AI-powered teammate designed to help your teams investigate faster, work more efficiently, and get more value from the Splunk platform. With new capabilities like Agent Mode and expanded context controls, SAIA 2.0 can help users analyze data, achieve insights, and act more quickly—all while keeping admins and users firmly in control. This release makes it easier to scale expertise, accelerate problem solving, and improve operational resilience across your environment.

To see SAIA 2.0 in action, watch the demo below.

Edge and Ingest Processors for FedRAMP Moderate

FedRAMP Moderate (Impact Level 2) is a U.S. government security authorization that enables federal agencies and public sector organizations to use cloud services for handling sensitive but unclassified data. We are pleased to announce that both Edge Processor and Ingest Processor are now available for Splunk Cloud Platform customers.

Edge & Ingest Processor provide the "intelligence layer" in a data pipeline. It is the practice of capturing, filtering, masking, transforming, and routing telemetry in transit, before it ever hits storage or is indexed. In the agentic era, pipelines must understand intent, not just payloads. Customers who use Splunk data processing capabilities can routinely reduce ingest volumes without losing analytical value. That’s a direct hit to your infrastructure costs and a direct boost to search performance.

Check out our technical capability deep dive for Edge & Ingest Processor to learn how you can reduce noise and simplify operations.

Data Manager renamed Data Inputs

Splunk is renaming the Splunk Cloud Platform app called Data Manager to Data Inputs. It remains the place to configure and operate cloud and hyperscaler ingestion, and the new name aligns with the work you already perform. Your existing configurations stay the same, so there is no need to rebuild inputs or pipelines because of this rename.

Stronger Security and Faster Performance

Splunk Cloud Platform 10.4 strengthens the secure, high-performance experience customers depend on every day. With support for newer encryption standards and stronger protections for internal services, customers benefit from enhanced security without sacrificing speed or usability. This release also improves responsiveness across the platform, with faster page loads and support for more simultaneous browser connections, helping teams investigate, analyze, and move between workflows more efficiently.

Features and Enhancements Available in Splunk Enterprise 10.4:

Federal Information Processing Standards Publication #140-3 (FIPS 140-3) support for Edge Processor

We are pleased to introduce full FIPS 140-3 support for Edge Processor and Data Management components in Splunk Enterprise, making these capabilities available to customers who need to meet strict encryption requirements. With this update, organizations operating in FIPS-enabled environments can now securely access and use Edge Processor and related data management experiences without sacrificing functionality. This means regulated customers can take advantage of modern data processing workflows while maintaining the security and compliance standards their environments demand.

SPL2 Pre-Built Pipeline Templates

We are excited to bring the power of SPL2 Templates to our Splunk Enterprise customers, letting you streamline data preparation with pre-built, end-to-end pipelines. By simply installing apps from Splunkbase, you can now automatically deploy purpose-built templates, drastically reducing manual configuration and accelerating your time to value. This seamless integration ensures your team can focus on deriving insights from data rather than managing complex onboarding workflows. Unlock faster time-to-value and learn more here!

For a full list of templates and supported use cases, see the SPL2 Pipeline Templates Reference.

Greater Resilience and Scalability

Splunk Enterprise 10.4 introduces architectural advancements designed to help customers scale more efficiently, improve operational resilience, and support demanding data environments with greater flexibility. With faster user experiences and new innovations that decouple critical infrastructure layers, this release gives teams more control over how they manage growth, handle spikes in data volume, and maintain reliable performance in large-scale deployments. The result is a more adaptable Splunk Enterprise foundation built to support evolving business and operational needs.

Upgrade Readiness

With the announcement of these exciting enhancements and modernizations, the Splunk platform is committed to staying ahead of the ever-evolving digital landscape. To continue the modernization of the Splunk platform, customers might need to take action to prepare for certain breaking changes.

To maintain ongoing Federal Information Processing Standard (FIPS) compliance, Splunk Platform 10.0 or higher is essential for meeting all FIPS requirements. Our Professional Service experts are ready to answer your questions and guide you smoothly toward Splunk 10.x readiness.

Join the Community Slack channel #splunk_10_upgrade_issues to connect directly with our experts.