What's new

Learn about what's new in this release of Splunk Cloud Platform.

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

Also discover what's new in the following features of Splunk Cloud Platform:

Version 10.3.2512

Learn about what's new in this release of Splunk Cloud Platform.

Feature Description
Custom pipeline templates in SPL2-based apps

You can now create custom pipeline templates and make them available to Edge Processor and Ingest Processor users through an SPL2-based app.

This feature includes updates to the following SPL2 REST API endpoints:

  • services/orchestrator/v1/spl2/modules

  • services/orchestrator/v1/spl2/modules/{resourceName}

See the following documentation:
Modernization of Splunk Dashboards and Analytics Workspace Splunk dashboards (Classic and Dashboard Studio) and Analytics Workspace will update to the latest UI components and libraries, providing a modernized and consistent look and feel with the Splunk platform.
Granular Capabilities for Alert Actions Splunk introduces new granular capabilities for alert action management, letting admins define which users can read or edit alert actions by assigning specific capabilities in the authorize.conf configuration file. The edit_alert_actions and list_alert_actions capabilities provide for fine-grained control over who can update or view sensitive alert configurations in the alert_actions.conf file. This feature enforces least-privilege access, reduces compliance risks associated with broad admin roles, and aligns alerting workflows with enterprise security requirements, all while maintaining operational flexibility.

See Configure roles for fine-grained management of alert action objects.
Index-based Search Targeting

Index-Based Search Targeting is a new enhancement for Federated Search in transparent mode. This feature allows administrators to route search requests directly to specific providers based on index-to-host mappings, providing you with greater control over your search environment. Index-based search targeting provides the following key benefits:

  • Enhanced Security: By restricting searches to specific hosts, you minimize the exposure of sensitive information and ensure that query logs are only accessible where necessary.

  • Optimized Performance: Reduce system overhead and improve search speeds by eliminating unnecessary requests, which allows your infrastructure to focus resources only on relevant search providers.

This update ensures a more secure, streamlined, and efficient search experience across Federated Search for Splunk environments.

Administrators can now use the following new REST endpoint arguments to configure index-based provider selection for Federated Search for Splunk by specifying which indexes federated search heads can access from federated providers when operating in transparent mode:

  • The data/federated/settings/general endpoint: The allowIndexBasedProviderFiltering argument enables index-based filtering for federated providers.

  • The data/federated/provider/{federated_provider_name} endpoint: The fedSrchIndexesAllowed argument specifies the indexes that are accessible from each federated provider.

See Federated search endpoint descriptions in the REST API Reference.
Search History Replication in Search Head Cluster Splunk Cloud now ensures that your search history is seamlessly available across all nodes in a Search Head Cluster. Search history is replicated using KVStore, so you can always access your previous searches regardless of which Search Head node you log in to. With this update, a previous issue that caused the loss of up to 90 days of search history during initial migration has been fully resolved. Your existing search history is preserved and migrated automatically, providing a consistent and reliable experience for every user in clustered environments.
OAuth 2.1 Authorization Grant Flow Support Splunk now acts as a robust OAuth 2.1 Authorization Server, providing a secure and standardized way for AI agents, third-party applications, and custom-developed solutions to integrate with your Splunk environment. This powerful feature leverages the latest security protocols, including mandatory PKCE, to ensure that external applications can securely access Splunk data and services by honoring existing user roles and permissions, enabling delegated access without ever exposing your Splunk credentials. This allows you to safely unlock the full value of your machine data across your entire ecosystem, fostering innovation while maintaining enterprise-grade security and granular control over data access. See Configure the Splunk Platform as an Open Authorization version 2.1 authorization server.

Config Tracker

Config Tracker provides centralized visibility into configuration changes made within Splunk cloud. It automatically records what changed, when, and who changed it, for supported configuration interfaces– Splunk Web UI, CLI and REST endpoint. This feature enables auditability, improves operational confidence, and accelerates troubleshooting by giving administrators a reliable change history.​

For more information, see Tracking configuration changes with audit logs.

Splunk Configuration Validation

Config Validation introduces a new platform capability that automatically verifies Splunk configuration changes before they impact production. It checks every .conf update against Splunk-defined schemas, version compatibility rules, and deployment constraints, detecting invalid, unsupported, or risky settings early. This dramatically reduces upgrade failures, outages, and troubleshooting time while enabling more automated, compliant, and predictable operations across Cloud and Enterprise environments.

For more information, see Validating configurations using the btool REST API.

OpenSSL upgrade

To enhance system security and ensure long-term stability, the OpenSSL library has been upgraded from version 3.0.18 to 3.5.5, the latest Long Term Support (LTS) version. This update provides the latest security patches and improved performance.
Switch between multiple Splunk Observability Cloud organizations in the Search & Reporting app and Related Content You now have access to multiple Splunk Observability Cloud organizations in the Search & Reporting app, as well as in its Related Content panel. You can switch between organizations in the same search for holistic visibility across observability organizations to see log data that is critical for ITOps and central monitoring teams. Now users can also override the default organization.

See the following:
Dashboard Studio enhancements See What's new in Dashboard Studio.