The latest version Splunk (5.0) is now out, with some nice improvements:

  • The most visible missing feature for users (customers ?) is PDF report generation: Splunk is now able to generate natively PDF reports (including for report scheduling). You can forget the crappy PDF report app .

  • Report acceleration (similar to ArcSight trends) that allows fast reports generation even on huge amount of data is now accessible with one click action. It differs from summary indexing on a few points: it is done on the indexer, it does not requires a summary index, but all searches does not qualify for it. For the latest one, continue to use summary indexing.

  • Index replication: for high-availability deployments, you now have an option to replicates indexes to avoid losing data.
  • There are other improvements about the API and a focus on big data. Read more here.

October 31, 2012, 4:00 am lock

Add your own comment or set a trackback

Currently no comments

  1. No comment yet

Add your own comment

To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image

Follow comments according to this article through a RSS 2.0 feed