The latest version Splunk (5.0) is now out, with some nice improvements:
- The most visible missing feature for users (customers ?) is PDF report generation: Splunk is now able to generate natively PDF reports (including for report scheduling). You can forget the crappy PDF report app .
- Report acceleration (similar to ArcSight trends) that allows fast reports generation even on huge amount of data is now accessible with one click action. It differs from summary indexing on a few points: it is done on the indexer, it does not requires a summary index, but all searches does not qualify for it. For the latest one, continue to use summary indexing.
- Index replication: for high-availability deployments, you now have an option to replicates indexes to avoid losing data.
There are other improvements about the API and a focus on big data. Read more here.