What's new

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

Also discover what's new in the following features of Splunk Cloud Platform:

Version 10.1.2507

What's New release notes for this release.


New feature, enhancement, or change	Description
Preview Update 2 feature: Field filters are now available by default, and now protect sensitive fields in searches that use the `tstats` command	To protect your personal identifiable information (PII) and protected health information (PHI) data, and meet data privacy requirements such as General Data Protection Regulation (GDPR) or other privacy regulations, you can use field filters in the Splunk Platform to limit access to your sensitive data. Field filters let you limit access to confidential information by redacting or obfuscating fields in events within searches, with optional role-based exemptions. For more information about field filters, see Protect PII, PHI, and other sensitive data with field filters and Plan for field filters in your organization. With the Preview Update 2 release, field filters are now visible for customer use by default, and now provide native support for the `tstats` command: Field filters are now available by default for Splunk Cloud Platform and do not require administrators to contact Splunk Support to activate the feature. The `tstats` command can be used without restrictions on indexes protected by field filters. READ THIS FIRST: Should you deploy field filters in your organization? Field filters are a powerful tool that can help many organizations protect their sensitive fields from prying eyes, but it might not be a good fit for everyone. If your organization uses downstream configurations, such as accelerated data models, Splunk Enterprise Security (ES) detections using those data models, and user-level search-time field extractions, make sure that you plan around the implications of field filters on those configurations before deploying field filters in your environment. See READ THIS: Downstream impact of field filters. If your organization runs Splunk Enterprise Security or if your users rely heavily on commands that field filters restricts by default (`mpreview` and `mstats`), do not use field filters in production until you have thoroughly planned how you will work around these restricted commands. See READ THIS: Restricted commands do not work in searches on indexes that have field filters.
Control access to passwords through Network Allow List	Using the Network Allow List page, you can control which external networks can receive passwords in cleartext and which cannot. Using this list, you can manage end user access to passwords while allowing Splunk applications to access stored passwords. To learn more, see Manage access to passwords through the Network Allow List.
Audit Trail Log v2: structured audit log format	The structured format of audit trail logs, also known as Audit Trail Log v2, complies with the Common Information Model (CIM). It uses JSON, which makes logs easier to parse and interpret. Audit Trail Log v2 includes comprehensive metadata, making it suitable for compliance purposes. This is the first phase in delivering Splunk Idea E-I-49. To learn about this format, see About Audit Trail Log v2.
Splunk AI Assistant for SPL in the Search app is now available	Splunk AI Assistant for SPL is now available in the Search app. The Splunk AI Assistant helps users generate, explain, and translate SPL using natural language. This generative AI-powered experience is designed to support both new and advanced users by providing query suggestions, detailed explanations, and direct access to Splunk platform documentation. The AI assistant enables faster onboarding, improved productivity, and more effective investigations. The Splunk AI Assistant for SPL app version 1.3.2 or higher must be installed before you can use the AI Assistant in searches in Splunk Web. To learn more, see Use Splunk AI Assistant for SPL in the Search app.
Authorization Policies and scoped capabilities - foundation	Authorization Policies is a new feature that provides fine-grained, context-aware access control, allowing Splunk Observability Cloud admins to assign conditional policies to capabilities that evaluate user attributes at runtime, moving beyond simple activated and deactivated permissions to more precise access management. Authorization Policies addresses a key challenge in Splunk Observability Cloud where customers previously needed to manage multiple organizations manually to meet their security requirements, often leading to complex administrative overhead. See Configure how capabilities grant access to Splunk resources and workflows with authorization policies.
The `sdselect` command now supports joining of data from multiple Amazon S3 datasets in a single federated search.	Users of Federated Search for Amazon S3 and Federated Analytics for Amazon Security Lake can now run federated searches that use a new JOIN clause to combine data from multiple Amazon S3 datasets in a single federated search, making cross-source analysis faster and more efficient. See sdselect command syntax details.
Dashboard Studio enhancements	See What's new in Dashboard Studio.
Multiple Splunk Observability Cloud organizations	Splunk Cloud Platform admins can pair multiple Splunk Observability Cloud organizations with a Splunk Cloud Platform parent organization using Unified Identity. See Connect multiple Splunk Observability Cloud organizations.
Default Splunk Observability Cloud organization for all observability data	Splunk Cloud Platform admins can choose a default Splunk Observability Cloud organization as the source for observability data in Dashboard Studio charts and Related Content. See Set the default organization for a Splunk Observability Cloud multi-org environment.
Access to Unified Identity setup, integration details, and control over Centralized Role-Based Access Control in the Discover Splunk Observability Cloud app UI	The new Unified Identity user interface enhances admin workflows by combining powerful discovery and configuration tools directly within Splunk Cloud Platform. Admins can easily access integration details, explore documentation, set up Unified Identity, and manage features like Centralized RBAC in the UI. This streamlined interface simplifies operations, giving you greater control and visibility over your Splunk Cloud Platform and Splunk Observability Cloud environment. See Unified Identity: Splunk Cloud Platform and Splunk Observability Cloud.
Targeted app installation on Victoria Experience	Splunk Cloud Platform on Victoria Experience now supports targeted app installation by default. Previously, Splunk Cloud Platform installed apps by default on all search heads across a Victoria Experience deployment. With targeted app installation, you can now install apps on specific search heads or search head clusters, making it easier to isolate apps and control user access. This enhancement aligns app installation features in Victoria Experience with Splunk Cloud Platform Classic Experience and Splunk Enterprise. See Targeted app installation on Victoria Experience.
Support for OAuth2.0 for 3rd party and external applications	Customers can easily and securely authenticate their 3rd party applications using the standardized processes and workflows offered through the OAuth 2.0 protocol. Administrators can now configure OAuth 2.0 for use with products like Data Analytics and User Behavior Analysis (UBA) tools to connect to Splunk platform via REST APIs, so end users can get data and insights, make decisions faster, and turn data into doing. See Configure an external Open Authorization 2.0 authorization server.
Queued search quotas	This feature introduces new limits on the number of ad hoc searches Splunk software can queue at both the system level and the role level. Queued search quotas prevent unbounded queuing of ad hoc searches, which can impact system performance.
Improved DDAA storage usage calculation	We've improved how DDAA (Dynamic Data Active Archive) storage usage is calculated to give you a more accurate view of your storage consumption. Previously, when your archived data expired, there could be a significant delay before your reported storage usage was updated, leading to confusion about actual DDAA utilization. With this improvement, your DDAA usage statistics are now updated more frequently as your data expires, ensuring the storage numbers you see are an accurate reflection of your actual usage.