What's New: Splunk Enterprise 8.2

-

 

Splunk Enterprise 8.2, has focused their development offers across a number of themes: insights, admin productivity, data infrastructure, and performance. Be sure to check out Splunk Docs for a complete and definitive guide on how and where you can access and use these new features.

Insights

Dashboard Studio is now generally available (GA) and is now integrated directly into Search & Reporting, alongside the Classic Dashboard experience. Dashboard Studio is the new and intuitive dashboard-builder for creating visually-compelling dashboards with advanced visualization tools and fully customizable formats. Also, Splunk Secure Gateway (SSG) App is now delivered as part of Splunk Enterprise. SSG lets you configure your Connected Experiences mobile deployment and register devices to a Splunk instance.




Dashboard Studio in action

Admin Productivity

Spunk has done a lot in this release to help admins do more with less. The Splunk Health Report also now displays information rolled up in a distributed environment so that you don’t have to login to every node. It is added a way to monitor I/O Wait and Ingestion Latency in the Splunk Health Report. 



Distributed Health Report

Splunk is also introducing a new set of internal logs that track configuration file changes at the filesystem level for auditing purposes. Additionally, check out a new app “Knowledge Object Management” on Splunkbase for tracking asset usage and reporting. Look for more updates in the future on improved experience with auditing.

Infrastructure & Data

A key capability shipping in this release is Federated Search in hybrid deployments. There may be times when you want to run a single query across different Splunk deployments. This may especially apply if some deployments require regional presence or are subject to data policies. Federated Search in Splunk Enterprise 8.2 supports searching for On-prem to On-prem environments, and On-prem to Splunk Cloud.  

Also new is the support for merging buckets in standalone (single node) instances. This is one step in a series of enhancements that are expected to address indexer clustering performance and stability following system activities such as restarts. This should start to enable customers to achieve larger bucket sizes to more optimally and smoothly scale their deployments. 

Performance

As always, Splunk continue to make advancements in the performance of the software. We have a host of improvements in this release. Customers can expect up to 10X faster scheduling of searches, especially in cases where large a number of searches are scheduled every minute and saved search configuration files are updated frequently. Splunk has also improved schedule report performance. Now they provide an option for durable search processing to achieve delivery guarantee, and ensures that scheduled reports do not lose events over time, even when errors occur. Improvements to speed up searchable rolling restarts, whenever deployment architecture allows it are made. Other improvements include improved kvstore backup and restore experience, and compression techniques for bundle pushes, improving the availability and resilience of Splunk. Be sure to check out our release notes for more!

 

Reference link

A.K

Comments

Post a Comment

Popular posts from this blog

CISA and ENISA enhance their Cooperation

-
Image
  The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness. Geopolitics have shaped the cyber threat landscape, bringing like-minded partners closer together in the wake of common cyber challenges and advances in digital technologies. Today at the EU-US Cyber Dialogue, ENISA and CISA announced the signing of their Working Arrangement as an important milestone in the overall cooperation between the United States and the European Union in the field of cybersecurity, also following the Joint Statement of European Commissioner Thierry Breton and U.S. Secretary for Homeland Security Alejandro Mayorkas of January 2023. ENISA’s International Strategy directs the Agency to be selective in engaging with international partners and to limit its overall approach in international cooperation to those are
Read more

The Imperva Content Delivery Network (CDN) to Improve website experience globally

-
Image
Today’s website visitors expect a fast and efficient user experience with no delays or site performance issues. However, high traffic volumes and global reaching websites mean website managers are faced with the challenge of added latency and slow page load times, which can result in lost business. According to WebSiteBuilderExpert.com, 1 in 4 site visitors would abandon a website that takes more than 4 seconds to load. And 46% of site visitors do not revisit poorly performing websites, according to Unbounce.com. A strong Content Delivery Network   (CDN) is critical for website managers and businesses that rely on their websites for success, and here are ten reasons why. Improve your engagement Faster site speed times and more responsive websites bring results in more conversions. As little as a  one-second delay  in page load time can reduce customer satisfaction by 16%. Slow page load times According to  Unbounce , ‘Nearly 70% of consumers admit that page speed influences their likel
Read more

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes

-
Image
On Feb. 13, 2024, Microsoft issued a  patch  for CVE-2024-21412, a  Microsoft Defender SmartScreen  vulnerability revolving around internet shortcuts. Previously, we discovered that an advanced persistent threat (APT) group we track under the name Water Hydra has been exploiting CVE-2024-21412 in a sophisticated campaign targeting financial market traders, allowing the group to bypass Microsoft Defender SmartScreen and infect its victims with the DarkMe remote access trojan (RAT). Threat actors are constantly finding new ways of identifying and exploiting gaps to bypass security measures. We found that the bypass of CVE-2023-36025 (a previously patched SmartScreen vulnerability) led to the discovery and exploitation of CVE-2024-21412. This highlights how threat actors can circumvent patches by identifying new vectors of attack around a patched software component. It is important that organizations are able to identify and mitigate vulnerabilities, especially zero-days, in a timely mann
Read more