What's New in Splunk 4.1

You must have Flash installed and Javascript
enabled to view this video.

Click here if you need to download the free Flash Player.


Splunk 4.1 is our newest release. In this video, Gaurav Gupta, our Director of Product Management, takes you through new real-time search, getting to root cause faster with data drilldowns, creating operational workflows directly from your results, scheduling delivery of PDF reports and new single sign-on.

Download video at podcast size (m4v 48 Meg)

Date: Mar 29, 2010  |  Runtime: 5:30




Hi, I'm Gaurav Gupta, a Product Manager here at Splunk, and today I'm here to tell you a little about what's new in Splunk 4.1. If you've used Splunk before, you know that it is software that indexes data from any application, server or network device enabling you to search and analyze billions of events across your IT infrastructure from one location.
Version 4.1 has 14 new features, and 100's of improvements that make searching, reporting, and alerting on your IT data even easier.
In this video I'll walk through and demo 5 of the new features in this new release.
Real-time search and reporting
Real time is exciting new functionality in Splunk 4.1 that extends the model of search. Standard search in Splunk looks back in time. Real time search looks at data as it's streaming in. This makes it easier to troubleshoot problems, identify trends, and calculate statistics as events stream in [cut to demo]
You can now select from a new time range option called "Real-time" that allows you to search forward in time instead of just searching over historical events.
[show real-time in time picker]
For example, here I'm looking a web access logs, and what errors are occurring on my system...I can watch them streaming in as they happen without the data ever having to hit disk.
[demo of search for errors in real-time]
You can also use Splunk's search language and statistical commands in combination with real-time. For example, here I'm looking at a constantly updating table that shows me top uri's accessed on my site.
[show top uri]
I can even turn real-time searches into constantly updating charts and dashboards. Here's a dashboard that shows critical activity that might be useful for a network operations team, with charts and tables that show hits by http status code, traffic by host, and top IP addresses. This dashboard is running 4 concurrent real-time searches, and updates without the need to refresh my browser.
[show real-time dashboard]
The number of real-time searches you can run scales with the amount of hardware you dedicate to Splunk, and works in globally distributed environments.
Real-time allows an operations group, for example to watch an transaction in progress and troubleshoot a failure, or look at the average response time for a web application, or even allow marketing staff to track ad campaigns in real-time against an average

Automatic and configurable data drilldown
With our new drilldown capabilities, we've make it so you can now easily click through on a table or chart and get to the underlying events and understand the root-cause or "why" a problem might be occurring.
Here I'm drilling down on a particular time and host to see what a user has been doing on my system that caused a spike in activity.
[show highlight-over and drilldown on a simple timechart]
Or I can drill down on a particularly active IP address to investigate what the users has been doing.
[show highlight-over and drilldown on table]
I can even configure more complex drilldowns to different reports or follow-on searches.
Event-level workflows
Our new Event-level workflow feature allows you to create custom actions from your search results, allowing you to add workflow to your data. Let me show you what I mean.
For example, I can take this user's ip address in my events, and from simple dropdown, do a whois lookup on an external database to get more information about a potential attacker.
[demo launching workflow action in a pop-up]
Or I could configure an action to send information about an error to my external ticketing system.
[show link to "File this as a ticket in Remedy"]
You can manually configure these actions by specifying a call to any URL, making integrating workflow easy and flexible.
WYSIWYG PDF report delivery
With WYSIWYG PDF report delivery, we've made it easier to share printable copies of reports on a regular basis with non-Splunk users or without having to log into Splunk.
For example you can email a PDF from any report you create within Splunk on a scheduled basis.
[show pdf option in save a search dialogue, error timechart count by host]
[show example 1]
Or have an entire dashboard delivered to a team as a pdf via email.
[show example 2]
You can even skin these reports to send to an executive team
[show example 3]
Single Sign On
Splunk now supports pass-through authentication of third party credentials, allowing you to integrate Splunk with Single sign on systems such as IWA, Siteminder, Entrust and or any system that provides integration with Apache or IIS. This allows you to extend Splunk to more non-technical users while simplifying credential management. It even allows you to mash-up Splunk searches and reports with your other internal or external websites, bringing data to wherever your users need.
[use powerpoint of SSO from 4.1 deck]
In addition to the five features we've talked about today, we've made numerous other improvements in this release. Be sure to visit www.splunk.com and check out the release notes on our download page, or better yet, download Splunk 4.1 for free and experience it for yourself.
Happy Splunking!

Browse Videos

Splunk Cloud
Date:Jul 30, 2014
Why Splunk?
Date:May 20, 2014
Splunk Enterprise 6.1
Date:May 2, 2014
The Splunk App for VMware
Date:Apr 15, 2014
Splunk For Security Vs. SIEM
Date:Jan 17, 2014
Why Splunk for Security?
Date:Jan 16, 2014
Splunk: What is Machine Data?
Date:Nov 19, 2013
Splunk App for AWS
Date:Nov 13, 2013
What's New in Splunk 5
Date:Oct 29, 2012
Splunk 4.3 Demo
Date:Jan 4, 2012
Splunk 4.3 Overview
Date:Jan 4, 2012
Splunk .conf 2012
Date:Dec 15, 2011
Splunking Big Data
Date:Sep 16, 2011
Splunk Founders Story
Date:Jun 16, 2011
Citrix Xen Desktop
Date:Mar 16, 2011
Splunk 4.2 Overview
Date:Mar 9, 2011
Splunk for Security
Date:Mar 1, 2011
Web Analytics
Date:Dec 5, 2010
IT Operations Management
Date:Dec 5, 2010
Application Management
Date:Dec 5, 2010
Real Time in Splunk 4.1
Date:Mar 29, 2010
Modular UI in Splunk 4
Date:Sep 29, 2009
MindTouch and Splunk Cloud
Date:Jul 24, 2014
Splunk and InstantCab
Date:Oct 21, 2013
Splunk at McKenney's
Date:Mar 22, 2013
Splunk at Ping Identity
Date:Mar 22, 2013
Big Data Means Digging Deeper
Date:Feb 19, 2013
Splunk at Hurricane Labs
Date:Dec 20, 2012
Splunk at T-Mobile
Date:Dec 16, 2009
Splunk on Wall Street
Date:Apr 2, 2008
Splunk at Rhythm New Media
Date:Mar 26, 2008
Splunk at Nexa Technologies
Date:Feb 26, 2008
Splunk eLearning Demo Video
Date:Dec 11, 2015
Splunk Light Product Tour
Date:Jun 12, 2015
Testing Ooyala Video
Date:Apr 17, 2015
Hunk 6.1 Update
Date:Aug 6, 2014
Get Started with Hunk
Date:Aug 5, 2014
Splunk Weekly Web Demo
Date:Apr 4, 2014
Splunk DBConnect
Date:Feb 1, 2013
Logging Splunk Java SDK
Date:Dec 19, 2012
Searching Splunk Java SDK
Date:Dec 19, 2012
Splunk Education: Using Tags
Date:May 3, 2012
Splunk Education: Using Fields
Date:Apr 19, 2012
Dashboarding in 4.3
Date:Jan 18, 2012
Data preview in 4.3
Date:Jan 18, 2012
Windows Search
Date:Apr 11, 2011
Windows Reporting
Date:Apr 11, 2011
Windows Data Inputs
Date:Apr 11, 2011
Using Lookups in Splunk
Date:Aug 6, 2009
Splunk Search Assistant
Date:Aug 5, 2009
Life at Splunk
Date:Mar 20, 2012
.conf2014 Wrap-Up
Date:Nov 18, 2014
.conf2013 Show Wrap
Date:Nov 13, 2013
Ponies in Space!
Date:Jul 8, 2013
Increasing Splunk’s Reach
Date:Feb 19, 2013
Hackathon at .conf2012
Date:Dec 13, 2012
.conf 2012
Date:Nov 19, 2012