The data import function has been expanded, and the redundancy function of the cluster manager has finally been implemented! Enhanced management functions including Splunk Assist!
Main additional functions
Expansion of data acquisition function
Enhanced data capture functionality.
●A function has been added that allows you to perform the following operations on the data imported by Splunk.
○ You can hide/replace information that you do not want to display by data masking.
○By data filtering, you can specify data that does not need to be imported using regular expressions or eval expressions so that it is not imported. This helps save licenses, speed up searches, and conserve resources.
○ Data routing avoids deleting certain excluded data. Routing functionality allows you to split or duplicate data between one or more destinations.
Data import Setting screen image
Security assistance with Splunk Assist
● Splunk Assist has been added from Splunk 9.0.
○It is a function to visualize the security, performance and compliance of the Splunk environment.
○Using usage data (resource information + license usage information), we provide the latest information and optimal visualization methods for the Splunk environment on the monitoring console.
○ In addition to the above, we provide information on security aspects of public key certificates and information on setting up the Splunk environment.
Indexer Cluster Manager Redundancy Feature
● Cluster manager redundancy function has been added.
○ The redundancy function of the cluster manager has made it possible to recover quickly even if a failure occurs in the cluster manager.
○ The features of the additional functions of the cluster manager are as follows.
- Two or more cluster managers can be placed.
- The cluster manager has an active/standby configuration.
- Synchronize between each cluster manager.
・Automatic or manual failover is possible.
* The name has changed from Cluster Master to Cluster Manager.
Support for SmartStore functionality in Microsoft Azure
●SmartStore, which is effective when building Splunk on the cloud, can now be implemented not only on AWS and GCP, but also on Microsoft Azure.
○SmartStore is a function that allows you to specify a remote object storage as the index storage destination.
○ From Splunk Enterprise 9.0, you can specify Azure Blob Storage as the storage destination for Splunk buckets (index data) built on Microsoft Azure.
Role-based field filtering capabilities
●It is a function to filter and search fields for each role.
○By using the field filtering function, you can display/hide/replace events including personal identification information and health information data for each field for each role.
○ You can use this feature to meet your organization's privacy policy requirements.
Example of replacing the “host” field with “xxxx” for the specified Role