What's New in Splunk 7.0
Way back in the end of September, Splunk quietly did a major version bump of their core product, Splunk Enterprise to version 7.0. Several new features come built into this new version to enable enhanced searching and reporting in many ways, so while the overall feel of Splunk remains much the same as 6.x the underlying power has been greatly improved. In this article we will cover some of the new features and how to use them successfully in your environment.
Splunk 7.0 has added extra functions to the charting library to help with the differentiation of charts in dashboard elements.
A few examples can be seen below:
All of the above can be easily added to your charts using the tag option name =… within the XML for the dashboard element as per the below:
Report Actions Enhancements
Reports have always been one of the strong points within Splunks’ arsenal, allowing complex searches to be run on a regular or ad-hoc basis. However, one of the new features of Splunk 7.0 is extra actions tied to event and alert triggers.
These actions are fully extensible within the world of Splunk, and can even be used to call external API’s and application Webhooks. Splunk Apps will also be able to add targets to this list as well, e.g. with Splunk app for Palo Alto, you can submit a target URL to Wildfire for analysis. So long as the relevant app is installed and aware of these new Trigger Actions, new targets will be added natively.
These are just two of the new features available, with other features such as Chart Annotation for the easy marking of events in Timechart dashboards; Enhanced metric SPL commands for greater interaction with metric data; Machine learning model access controls tied to Splunks already power role based access controls and more.
If you’d like to learn more about Splunk 7.0 in your organisation then please get in touch with us today!