From Splunk 5.x to 7.0: Just what have you been missing out on?

In previous posts we discussed the EOL announcement for Splunk 5.x, as well as the support and security benefits on offer when upgrading to the new Splunk 7.0 (links below).

To ensure we have covered all the details you might need we will now take you on a full journey from 5.x to 7.0. We’ll explore exactly what you may have missed since the launch of 6.0 in 2013, including notable features that were added and the platforms that were removed along the way.

Here are our top ten changes that have the biggest impact on Splunk users:

1. A new User Interface (UI) (6.0 to 7.0)

The Splunk UI changed dramatically from 5.x to 7.0, moving from a HTML table-driven UI to one based on modern development techniques and frameworks. A simple to use dashboard editor was also launched which opened dashboard creation out to the majority of Splunk users (regardless of skill level), as well as a new homepage with easier navigation between dashboards.

2. Introduction of clustering (6.1 to 6.2)

Clustering offered a completely new model of how your data could be distributed and shared across your infrastructure, while also allowing horizontal scaling of your Splunk instance to improve performance.

3. Data visualisation improvements (6.0 to 7.0)

Splunk’s data visualisation capabilities improved massively throughout 6.x and into 7.0, turning it into a perfect tool to use for real data context, 10ft monitoring displays, management reports and visual investigations into your data.

4. Addition of forwarder management UI (6.1)

The deployment server capabilities (otherwise known as the forwarder management UI) added in 6.1 allow for the central app and configuration management of your forwarder estate, making the management of a large forwarder estates a much more simple and straightforward process.

5. Goodbye Splunk on Splunk (SOS), hello Distributed Monitoring Console (DMC) (6.2 to 6.5)

SOS was a useful support tool from 5.x for configuration insights and debugging performance, but its fatal flaw was that it consumed part of your Splunk license via data ingest, data storage and more. This was replaced in 6.2 by the DMC, now called the Monitoring Console as of 6.5, and is designed to run on a dedicated instance for monitoring of your Splunk environment’s health and performance, saving your data usage.

6. Creation of data models and pivot tables (6.x)

Data models introduced a way to address the summarised data as objects, allowing someone to interact with data without having to learn the search language, while pivot tables introduced a new way of creating dashboards and panels as well as exploring data in Splunk.

7. Collaborative Splunk analytics for Hadoop deployments (6.5)

Splunk Analytics for Hadoop (originally known as Hunk) allows Splunk to be used as a search UI for data held in Hadoop systems. This capability allows customers who already have a large data lake solution using Hadoop to still gain benefit and features from Splunk to query, correlate and investigate that data source.

8. Release of Machine Learning Toolkit (MLTK) (6.4 to 7.0)

The launch of MLTK in 6.4 allowed you to apply supervised ML models and training to your Splunk data, creating predictions on your datasets and correlations of data over large data samples for classification type problems. ML is now even more integrated across Splunk since the launch of 7.0, letting you manage your datasets within Splunk and link into systems like Apache Spark to ensure stellar performance for building and training your ML models. It also provides a custom API to allow builds of bespoke ML algorithms.

9. New metrics innovations (7.0)

Metrics is a new type of data source, based on CollectD and StatsD protocols, taking in metric data from Internet of Things (IoT) devices, containers and infrastructure into a specialised and optimised index, allowing you to run searches on key KPIs in your data.

10. Launch of premium apps (6.x to 7.0)

As part of the 6.x releases Splunk now offer premium apps, helping to solve real business problems and address challenges, both in the IT operations and security spaces. Key apps include IT Service Intelligence (ITSI), which provides a KPI-driven view into your Splunk data, and Enterprise Security, a SIEM solution built to run on top of Splunk providing security insight and investigation capabilities.

Detailed information on all of these changes, along with a collection of all version changes from 5.0 onwards is available for free on Medium.

Access the full article here

Further Reading:

Published date:  12 January 2018

Written by:  Paul McDonough

comments powered by Disqus

Filter By Service

Filter By Date