The linkage function has been expanded and the search function has become more flexible! More visualization tools in Dashboard Studio!
Main additional functions
Added search function
● Search query sharing
〇 Search query (search statement) sharing function has been added.
-Users can share search queries run on Splunk Web.
- Only search queries are shared, search results are not shared.
-Since only search queries are shared, administrators can restrict the display of search results based on the permissions of the user with whom the query was shared.
● Dark mode is adopted for the search screen
○ The Search and Reporting screen can now be displayed in dark mode.
Ingest Action enhancements
●Specification change of partition division in S3
○From version 9.1 onwards, it supports partitioning that combines timestamp and source type.
·Time stamp
- Day (YYYY/MM/DD) default
- Month (YYYY/MM)
-Year (YYYY)
- Legacy (Specifications before 9.0, division by batch)
・Source type (secondary key)
Ingest Action live preview in HF
〇In HF (Heavy Forwarder), it is now possible to preview rulesets using live event data as samples on Splunk Web.
●Multiple S3 can be specified as the destination
- Up to 8 S3 destinations can now be specified as remote event storage for data processed by Ingest Action
Enhanced Federated Search
● In Splunk 9.1, the following Federated Search features have been enhanced.
o Splunk admins can now map metric data and job data in Federated Search.
o Federated Search admins can now disable the following features for all Splunk users:
-federated search for a specific federated provider
-federated search for a specific federated index
federated search in -transparent mode
*Transparent mode is used when performing a search (hybrid search) that combines indexes that exist in both Splunk Enterprise and Splunk Cloud.
〇 Federated Search execution users can now perform searches using high-speed data models in both standard and transparent modes.
Enhanced Federated Search
Tool Extensions for Dashboard Studio
● Expanded visualization tools available.
〇 Choropleth Map and Event Viewer can now be implemented.
〇 You can now output the visualization results on the dashboard in CSV format along with the search results.
〇 Graphs can now be hidden depending on whether the data source is available or not.
