Splunk Enterprise 8.1

Service

Main additional functions

Python3 is now the default in Splunk Enterprise 8.1.
1. In Splunk Enterprise 8.1 all internal Python processing is called with python3.
  ・CLI commands, custom search commands, and Splunk Enterprise
  In-app scripts are targeted.

Violation terms have changed from the Splunk Enterprise 8.1 license.
1. (Before change) License exceeded 5 times in 30 days ⇒ (After change) License exceeded 45 times in 60 days
2. If the license volume is less than 100GB/Day, you will not be able to search if you violate it.

SmartStore, which is effective when building Splunk on the cloud, is now supported not only on AWS but also on GCP.
1. SmartStore is a function that allows you to specify a remote object storage as the index storage destination.

Admission rules have been added, and it is now possible to set rules to automatically exclude heavy search conditions such as wildcard searches and all-time searches.
A default or custom message can now be displayed when a search is aborted by a workload rule.
1. Example 1: Full Time Search
  search_time_range=alltime AND (NOT role=sc_admin) AND (NOT app=splunk_instance_monitoring)
2. Example 2: Wildcard Search Restrictions
  index=* AND (NOT search_type=datamodel_acceleration)

From Splunk Enterprise 8.1, it is now possible to transfer data from UF to Indexer via HTTP communication.
1. To configure sending data over HTTP, add the [httpout] stanza to the Universal Forwarder's outputs.conf file.
2. Universal Forwarder supports network load balancers (NLB) and application load balancers (ALB) even when sending over HTTP.

Splunk Cloud Gateway, which had to be registered when using Splunk Mobile, has been migrated to Splunk Secure Gateway.
1. You can now use Splunk Mobile with advanced security, such as encryption during data communication.