Splunk 4.3 is out for a few days, and this new release contains some nice improvements:
- Sparklines (like in BlueCoat): * | chart sparkline count by host gives the following result:
- Flash is replaced by HTML5 (for recent browsers; flash is still used for old browsers), but the behaviour of flashtimeline or reports is kept unchanged. Allows mobile device usage for accessing Splunk dashboards.
- Real-time backfill for Real-time Views by default
- Dashboards can be edited by users using drag and drop, without having to use XML.
- IPV6 support for searches, web interfaces and distributed deployments
- Bloom filters to enhance performance
- Structured data field extraction for JSON and XML
- Data preview is now available when importing data from files
And some more new stuff…