What's new

Learn about what's new in this release of Splunk Cloud Platform.

This page summarizes the new features and enhancements in each release of Splunk Cloud Platform. Use the Version drop-down list to see information for other versions of Splunk Cloud Platform.

The product features deployed in your environment might vary depending on your topology, deployment type, and configuration settings.

Also discover what's new in the following features of Splunk Cloud Platform:

Version 10.5.2605

Learn about what's new in this release of Splunk Cloud Platform.

New feature, enhancement, or change Description

DDAA for AWS: Optimized Restore Workflow

You can now restore your data faster with the optimized restore workflow for the Dynamic Data Active Archive (DDAA) on AWS. This reduces restore times by 1 to 5 hours. Actual performance gains depend on your specific restore size, data characteristics, and cloud-side response times.

Targeted app installation on Victoria Experience

Splunk Cloud Platform now supports targeted app installation on Victoria Experience. Targeted app installation lets you install apps on specific search heads and search head clusters, instead of deploying apps to all search heads by default.

This feature restores the app management experience available in Classic Experience and Splunk Enterprise, giving you precise control over app visibility, RBAC, and resource utilization across your deployment.

For more information, see Targeted app installation on Victoria Experience.

Universal Forwarder Certification on Splunk 10.5

Universal Forwarder is certified on Splunk Cloud Platform 10.5. This includes both main and exotic platforms for Universal Forwarder.

OAuth 2.1 Authorization Grant Flow Support

Splunk now acts as a robust OAuth 2.1 Authorization Server, providing a secure and standardized way for AI agents, third-party applications, and custom-developed solutions to integrate with your Splunk environment. This powerful feature leverages the latest security protocols, including mandatory PKCE, to ensure that external applications can securely access Splunk data and services by honoring existing user roles and permissions, enabling delegated access without ever exposing your Splunk credentials. This allows you to safely unlock the full value of your machine data across your entire ecosystem, fostering innovation while maintaining enterprise-grade security and granular control over data access.

Scheduled Search Frequency Limits

Splunk Cloud Platform now lets you control how frequently saved searches run by setting minimum schedule intervals for roles and trigger action types. You can also restrict complex cron expressions to ensure compatibility with Splunk search schedule skew.

Use scheduled search frequency limits to prevent resource contention, skipped searches, and overload of external services such as email alert systems, particularly in large search head cluster environments.

For more information, see Scheduled search frequency limits.

Fine-grained access to field extraction and field transformation knowledge objects

Splunk admins now have improved options for assigning permissions to roles for access to knowledge objects. The following new capability grants admins increased flexibility in assigning access to knowledge objects and replaces the admin_all_objects capability. This list will continue to be updated as fine-grained capabilities are added to other knowledge objects over time.

  • The edit_field_extraction capability
  • Lets a user view and edit all field extraction and field transformation objects without explicit read and write permissions on those objects. Assign this capability instead of the admin_all_objects capability to grant permission to manage field extraction and field transformation objects.

For more information, see the Table of Splunk Enterprise capabilities in Securing the Splunk Platform.

Option to turn on or off the sparkle icon and its tooltip for Splunk AI Assistant in the Search app

Administrators now have the ability to turn off the sparkle icon for Splunk AI Assistant for Splunk platform deployments that aren't ready to use the Splunk AI Assistant yet. To remove the AI sparkle icon and its corresponding tooltip from the Search bar in the Search app in Splunk Web for all users of the deployment, turn off the toggle for the Splunk Search AI Assistant in Search preferences, which is accessible from Server settings in Settings. For more information, see Turn off the sparkle icon for Splunk AI Assistant in the _Search manual_.

OpenAPI -based Configuration Management API REST Endpoints

You can now create and update your Splunk Cloud Platform instance configurations using REST API endpoints that are based on the OpenAPI specification. This new method of configuration is in addition to the standard REST API methods for configuration. See Use the Configuration Management API to manage configuration files for more information.

Audit logs for ACS actions

To enhance transparency, security, and auditability, you can now view audit logs of actions made using the Admin Configuration Service (ACS) API. These audit logs include comprehensive request information about who initiated then change, when it occurred, what resource was changed and how, and whether the change was applied successfully. With these audit logs, you can track changes made to control plane items such as IP allow lists.

Federated Search for Splunk is optimized when remote search heads run the Splunk platform 10.4 or higher

Federated Search for Splunk can connect federated search heads running the Splunk platform version 10.4 or higher, including Splunk Enterprise 10.4.0 and Splunk Cloud Platform 10.4.2604, to remote search heads running lower supported versions of the Splunk platform. However, optimization features introduced in the Splunk platform 10.4 are available only when both the federated search heads and remote search heads run version 10.4 or higher.

Remote search heads running lower versions might experience connectivity issues and might become incompatible with future releases. For the best experience and continued compatibility, upgrade all search heads to the Splunk platform version 10.4 or higher.

Federated Search for Snowflake

With Federated Search, you can now run federated searches from your Splunk Cloud Platform deployment over datasets located in Snowflake tables and views. Go to the Data Management app to set up this Federated Search offering.

See About Federated Search for Snowflake in Federated Search.

Federated Search for Microsoft Azure and Federated Search for Azure Databricks

With Federated Search, you can now run searches from your Splunk Cloud Platform deployment over federated datasets that you store in Azure Blob Storage containers, Azure Data Lake Storage containers, and Azure Databricks Delta tables that are stored in Unity Catalog. Go to the Data Management app to set up these Federated Search offerings.

See About Federated Search for Microsoft Azure and About Federated Search for Azure Databricks in Federated Search

Federated Search for DDSS

With Federated Search, you can now run searches from your Splunk Cloud Platform deployment over Dynamic Data Self Storage (DDSS) datasets that Splunk software stores in Amazon S3 buckets. Go to the Data Management app to set up this Federated Search offering.

See About Federated Search for DDSS in Federated Search.

Catalog

Catalog introduces a unified discovery experience for exploring data across Federated datasets and Splunk indexes. Users can browse, sort, and filter available datasets, then open detailed views with field schemas, dataset statistics, and contextual metadata to quickly evaluate relevance and take action.

See Discovering data for your investigations using the Catalog for more information.

Cisco Cloud Control

Cisco Cloud Control is to be a unified platform that provides cross-portfolio visibility and workflow capabilities across Cisco's networking, security, collaboration and observability products. It is intended to be the single-entry point into all Cisco and Splunk products for users, who oversee installing, configuring and managing software, endpoints, server and cloud accounts and for Security, Network and IT Analysts who mainly focus on troubleshooting and incident resolution.

Cisco AI Canvas + Splunk Cloud Platform Integration

Splunk integration with Cisco AI Canvas delivers single sign-on, seamless cross-launch between Cisco Cloud Control and Splunk, access to Splunk data and skills within AI Canvas, and Splunk AI Assistant capabilities surfaced through the Cisco Unified AI Assistant.

Identity enablement in support of AI Canvas and Cisco Cloud Control CA

Customers will have access to login to Cisco Cloud Control through Splunk, they will be able to cross launch between Splunk and Cisco Cloud Control without additional authentication, and they will be able to use the products within Cisco Cloud Control that are integrated with Splunk in a secure manner.

Modern Navigation to add Cloud Control Link for Controlled Availability

Add Cisco Cloud Control Logo in the Modern Navigation header for the Controlled Availability release of Cisco Cloud Control.

Management of password ACL permissions

You can now manage Access Control Lists (ACLs) for passwords through the new Credentials page. Password settings are now restrictive by default. Using the new page streamlines secret management and reduces the need for manual API interactions, enhancing system security and operational efficiency.

See Manage credentials used by apps and data inputs.