Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
Event/Seminar
video on demand

The linkage function has been expanded and the search function has become more flexible! More visualization tools in Dashboard Studio!

Main additional functions

Added search function

● Search query sharing
〇 Search query (search statement) sharing function has been added.
-Users can share search queries run on Splunk Web.
- Only search queries are shared, search results are not shared.
-Since only search queries are shared, administrators can restrict the display of search results based on the permissions of the user with whom the query was shared.

● Dark mode is adopted for the search screen
○ The Search and Reporting screen can now be displayed in dark mode.

Ingest Action enhancements

●Specification change of partition division in S3
○From version 9.1 onwards, it supports partitioning that combines timestamp and source type.

·Time stamp
- Day (YYYY/MM/DD) default
- Month (YYYY/MM)
-Year (YYYY)
- Legacy (Specifications before 9.0, division by batch)

・Source type (secondary key)

Ingest Action live preview in HF
〇In HF (Heavy Forwarder), it is now possible to preview rulesets using live event data as samples on Splunk Web.

●Multiple S3 can be specified as the destination
- Up to 8 S3 destinations can now be specified as remote event storage for data processed by Ingest Action

Enhanced Federated Search

●Splunk 9.1では以下のFederated Searchの機能が強化されました。
  〇Splunkの管理者はFederated Searchで、�メトリクスデータとジョブデータをマッピングすることが可能になりました。
  〇Federated Searchの管理者はSplunkのすべてのユーザーに対して�以下の機能を無効化できるようになりました。
    -特定のfederated providerに対するfederated search
    -特定のfederated indexに対するfederated search
    -transparent モードでのfederated search
     ※transparentモードはSplunk Enterprise, Splunk Cloud両方に存在するインデックスを組み合わせた検索(hybrid search)を実施する時に使用します。
  〇Federated Search実行ユーザーはstandardモードとtransparentモード両方で�高速データモデルを使用した検索を実施できるようになりました。

Enhanced Federated Search

Tool Extensions for Dashboard Studio

● Expanded visualization tools available.
〇 Choropleth Map and Event Viewer can now be implemented.
〇 You can now output the visualization results on the dashboard in CSV format along with the search results.
〇 Graphs can now be hidden depending on whether the data source is available or not.

Click here for function information of past and other versions

Splunk Enterprise 9.1 Splunk Enterprise 7.3 Splunk Enterprise 6.5
Splunk Enterprise 9.0 Splunk Enterprise 7.2 Splunk Enterprise 6.4
Splunk Enterprise 8.2 Splunk Enterprise 7.1 Splunk Enterprise 6.3
Splunk Enterprise 8.1 Splunk Enterprise 7.0 Splunk Enterprise 6.2
Splunk Enterprise 8.0 Splunk Enterprise 6.6