Splunk Cloud Platform

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises About This Site Community Support Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises About This Site Community Support Supported Add-ons

Documentation

Splunk Cloud Platform

Splunk Cloud Platform Contents

Get Started

Administer

Search

Manage Knowledge Objects

Leverage REST APIs

Release Notes

Analytics and Insights

Create Dashboards and Reports

Alert and Respond

Apply Machine Learning

Data Sources

Get Data In

Ingest Data from Cloud Services

Forward and Process Data

Process Data at the Edge

Process Data at Ingest Time

Release Notes

10.0.2503

Splunk Cloud Platform Release Notes

Collect Stream Data

Connect Relational Databases

Common Information Model

InfoSec App for Splunk

Splunk Edge Hub OS

Splunk OT Intelligence

Splunk Edge Hub Mobile App

Splunk Mobile for Android

Splunk Mobile for iOS

Developing Views and Apps for Splunk Web

REST API Reference

SPL Search Reference

Splunk Validated Architectures

MCP server for Splunk platform

What's new

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

Also discover what's new in the following features of Splunk Cloud Platform:

10.0.2503


New feature, enhancement, or change	Description
Email domains enhancement	A new enhancement for the Email Domains setting under Server settings in Splunk Web lets administrators specify whether to allow or deny all email domains, or use email domains in a comma-separated list. The Email Domains setting restricts the email domains to which alert emails can be sent and prevents users from sending email alerts with search results to any domain, which is a security risk.
Deprecated version 1.0 endpoints for the Search API are now deactivated by default	Select version 1.0 endpoints for the Search API have been deprecated and deactivated, and will be removed in a future release. Customers and app developers should upgrade usage of these deactivated endpoints to the new API version, Search API version 2.0. These new Semantic Versioned Rest API endpoints for search improve platform contracts and resiliency to platform updates. If your organization has business-critical apps that still need to use the deactivated endpoints, you can turn them on for a limited time as a temporary fix. See Semantic API versioning in the Splunk Cloud Platform REST API Reference Manual.
Support for the `savedsearch` command in standard mode federated searches	You can now use the `savedsearch` command to run federated searches over remote saved search datasets located on standard mode federated providers. In addition, you can use the `savedsearch` command's string substitution replacement syntax to replace certain strings in the remote saved search with strings of your design, if the remote saved search string contains replacement placeholder terms such as $replace_me$ . Note: This feature will be a breaking change for users of the `savedsearch` command, if they use `savedsearch` to reference local searches with names that begin with the string `federated:`. With this release, the `savedsearch` command will treat any search referencing a saved search name that begins with `federated:` as a federated search. See the following topics for more information: Run federated searches over remote Splunk platform deployments in Federated Search. The savedsearch reference topic in Search Reference.
Federated Search for Amazon S3: Automation of AWS Glue data catalog creation for default format VPC flow log datasets	Let Splunk software create and manage AWS Glue data catalogs for the default mode VPC Flow log datasets you are storing in Amazon S3. This feature significantly reduces the amount of setup time required before you can run federated searches over Amazon S3 datasets that have the VPC Flow log source type. See Map an Amazon S3 federated index to a Splunk-managed AWS Glue table for a default format VPC flow log dataset in Federated Search.
Federated Analytics for Amazon Security Lake: Map federated indexes to OCSF categories	Federated Analytics for Amazon Security Lake users can now optionally create federated indexes that are mapped to OCSF data categories. The Splunk platform creates OCSF category federated indexes by unifying the data in your AWS Glue tables and then filtering that collected data into separate datasets for each OCSF category. In other words, if you have a OCSF category federated index for the Findings OCSF category, when you run searches against that federated index you are searching all of your Amazon Security Lake events that belong to the Findings OCSF category. See Map Amazon Security Lake federated indexes to OCSF categories and ASL data sources in Federated Search.
Preview feature: Field filters now support the `typeahead` and `walklex` commands	In previous releases of field filters, the `typeahead` and `walklex` commands were restricted commands that the Splunk platform turned off by default on indexes with field filters. As of this release, these commands are no longer restricted. For more information about field filters, see Protect PII, PHI, and other sensitive data with field filters. READ THIS FIRST: Should you deploy field filters in your organization? Field filters are a powerful tool that can help many organizations protect their sensitive fields from prying eyes, but they might not be a good fit for everyone. If your organization runs Splunk Enterprise Security or if your users rely heavily on commands that field filters restricts by default (`mpreview`, `mstats`, and `tstats`), do not use field filters in production until you have thoroughly planned how you will work around these restricted commands. See READ THIS: Restricted commands do not work in searches on any indexes if field filters are in use in the Securing Splunk platform manual.
Preview feature: Field filters are now first in the sequence of search-time operations, which has implications for downstream operations	Field filters have moved to first in the sequence of search-time operations, and are no longer processed fourth in the sequence as in previous releases. Because field filters are processed before all other operations in the sequence, downstream operations that depend on certain field values might break when expected field values are filtered by field filters. See The sequence of search-time operations in the Splunk Platform Knowledge Manager Manual. If your organization uses the Splunk Common Information Model (CIM), and field filters on the Splunk platform to protect sensitive fields, you should also understand the downstream impact of field filters on data model acceleration (DMA). For more information about the impact of field filters on DMA, see Plan for field filters in your organization in the Securing Splunk Platform in the Securing Splunk platform manual.
Dynamic limit for scheduled searches	This feature dynamically manages the scheduled search concurrency limit (`max_searches_perc`) based on the ad hoc and scheduled search workload, to ensure efficient use of search capacity between ad hoc and scheduled searches. See Dynamically manage scheduled search concurrency limits. Note: This feature will be activated initially for a subset of Splunk Cloud Platform deployments.
Updated alerts page	The alerts page is updated for usability and accessibility. Note: If you configure a custom alert action with HTML, ensure the HTML doesn't include unsupported or malformed elements. Update your HTML to match the supported custom elements for Splunk Web. For more information, see Create the configuration UI for a custom alert action.
Sunsetting of the Upgrade Readiness App	Splunk is ending its support of the Upgrade Readiness App. It will no longer be updated and has been removed from this version of Splunk Cloud Platform. For more information, see Sunsetting of the Upgrade Readiness App.
View or create Splunk Observability Cloud detectors that power charts	You can now directly navigate from an observability metrics-based chart in Dashboard Studio to the Splunk Observability Cloud detector page for faster time-to-value when you want to alert on a critical metric. See View or create Splunk Observability Cloud detectors that power charts.
Better visibility for Related Content discovery	With Related Content Discovery, you can now see Splunk Observability Cloud Related Content across multiple events in the Search event list. Instantly see what events have content for faster troubleshooting without having to expand an event to see content. See Splunk Observability Cloud previews.
Favorite knowledge objects	Users can now add and remove reports from favorites. Favorites make insights discovery and accessing knowledge objects, such as reports, easier and faster.

Splunk Cloud Platform

Release Notes

Splunk Cloud Platform

Last updated: July 18, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

AppDynamics On-Premises

About This Site

Community Support

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.