Improve availability of forwarder management with deployment server clusters! Dashboard Studio now allows for more flexible customization.
Main additional functions
Deployment server cluster configuration
●Deployment server cluster configuration is now possible.
〇You can configure a cluster with up to 3 devices.
〇You can manage up to 75,000 deployment clients in a cluster configuration.
*In a cluster configuration, a load balancer or DNS mapping is required between the deployment server and deployment client.
*In a cluster configuration, a shared drive for apps and logs to be shared between deployment servers is required.
Deployment server redundancy
| You can use it in situations like this! ! 〇I want to manage a large number of deployment clients (up to 75,000) 〇I want the deployment server to have availability. |
Dashboard Studio enhancements
●Link to report
〇It is now possible to go directly to the report screen from the dashboard.
●Event viewer is now available.
〇It is now possible to expand events within the dashboard
●You can now configure workflow actions on the dashboard.
〇Workflow actions can now be executed from both "Event Action" and "Action".
●Addition of code editor display method
〇It is now easier to check the code editor and dashboard screen at the same time.
〇It is no longer necessary to move the screen when "editing code" ➡ "checking screen".
●Convert to dashboard studio
〇 Existing classic dashboards can be automatically converted to Dashboard Studio.
〇For functions that were not automatically converted, the corrections will be output to the report.
➡This makes it easier to convert to Dashboard Studio.
●Implementation of trellis layout
〇Intuitive visualization is now possible using numbers and colors.
●You can set the grid layout panel to be shown or hidden conditionally.
〇You can now select "Show/Hide" according to data source restrictions.
〇There is no need to create dashboards according to users.
| You can use it in situations like this! ! 〇I want to migrate existing classic dashboards to Dashboard Studio |
SPL: Add json_delete function
●It is now possible to delete keys in json data when searching using the json_delete function.
〇In the image below, for the json object “access_json”,
You can see access_json2 where the keys “referer_domain” and “itemID” have been deleted by json_delete.
SPL: Add biwise function
●The following functions that enable bit operations have been added to the search functions.
〇bit_and: Execute AND operation
〇bit_or: Execute OR operation
〇bit_not: Execute NOT operation
〇bit_xor: Execute XOR operation
〇bit_shift_left: Execute logical left shift
〇bit_shift_right: Execute logical right shift
bit_and: performs an AND operation.
In the image below, an AND operation is performed on 12 and 9, returning the result 8.
(An AND operation is performed on the bit string of 12, "1100", and the bit string of 9, "1001", and the bit string of 8, "1000", is returned.)
●bit_or: Execute OR operation
〇In the image below, the OR operation of 12 and 9 is executed and 8 is returned as the result.
(OR operation is performed on 12 bit strings “1100” and 9 bit strings “1001” and 13 bit strings “1101” are returned.)
●bit_not: Execute NOT operation
〇In the image below, a NOT operation of 0 and 12 is executed.
(By default, a NOT operation on a 53-bit integer value returns 253-1 for a NOT operation of 0, and 253-13 for a NOT operation of 12.)
●bit_xor: Execute XOR operation
〇In the image below, the XOR operation of 12 and 9 is performed and 5 is returned as the result.
(The XOR operation is performed on the 12 bit string “1100” and the 9 bit string “1001” and the 5 bit string “0101” is returned.)
●bit_shift_left: Execute logical left shift
In the image below, a logical left shift operation is performed on 12 and the result is 24.
(The left shift operation is performed on the 12 bit string “1100” and the 24 bit string “11000” is returned.)
●bit_shift_right: Execute logical right shift
In the image below, a logical right shift operation is performed on 12 and the result is 6.
(The right shift operation is executed on the 12 bit string “1100” and the 6 bit string “110” is returned.)
|
You can use it in situations like this! ! |
Indexer cluster rolling restart stop control
● CLI commands from the cluster manager server during a rolling restart of the indexer cluster,
Or you can now stop a rolling restart using the REST API.
〇It is possible to avoid getting stuck or significant operation delays due to rolling restarts.
〇CLI command
$SPLUNK_HOME/bin/splunk abort-rolling-restart cluster-peers -auth admin:password
*$SPLUNK_HOME is the default installation directory of Splunk.
〇REST API
curl -k -u admin:password -X POST
“https://<host>:<mPort>//services/cluster/manager/control/default/abort_restart?output_mode=json“
*Insert the host name and management port of the cluster manager in <host> and <mPort>.
*Cannot be used for automatic rolling restart when changing settings by cluster manager.
*Role privilege “edit_indexer_cluster” is required to use CLI commands or REST API.