Splunk 3.4.10

Splunk 3.4.10 is designed to support you with a Silicon Valley company inventing large-scale, high-speed indexing and search technology for IT infrastructures. The company's freely downloadable software indexes and makes it possible to search and navigate data from any application, server or network device in real time. Logs, configurations, messages, traps and alerts, scripts and metrics. If a machine can generate it - Splunk can eat it. It's easy to download, install and use, and is very powerful.

More than 450 enterprises, government organizations, and service providers and more than 125,000 users achieve higher availability, investigate security incidents in record time, and meet compliance requirements at lower costs with Splunk.

Major Features:

1. Splunk is the IT Search company changing the way organizations manage, secure and audit their IT infrastructures. Splunk is software that lets you search and analyze all your IT infrastructure data from a single location in real time.
2. It's Software. Download and Install It in 5 Minutes
   • Splunk is a self-contained software package that runs on lots of different operating systems. Just pick your platform, download and install.
     
3. Index Live Data
   • Splunk can index any IT data from any source in real time. We call this Universal Indexing. Point your servers or network devices' syslog at Splunk, set up WMI polling, monitor any live logfiles, enable change monitoring on your filesystem or the Windows registry, schedule a script to grab system metrics, and more.
4. Deploy Splunk Everywhere
   • You can deploy the same Splunk software across your staging and production environment servers to monitor local application logfiles, capture the output of status commands on a schedule, grab performance metrics or watch the file system for configuration, permissions and attribute changes.
5. Scale It Out
   • We've spent years tuning the Splunk core technology so it can index hundreds of gigabytes a day on a single commodity Windows, Linux or Unix server.
     
6. Secure Data Access and Archiving
   • Once all your IT data is continuously indexed by Splunk, you're in control of it. Integrate with LDAP and Active Directory and map groups to Splunk roles. Filter what data users see by role. Set up an archiving policy based on datastore size or age.
     
7. Search
   • What's so brilliant about Splunk is the way you can search for anything in your IT data. Don't know what you're looking for? Just start typing and Splunk's typeahead suggestions will show you what's in your data.
8. Add Knowledge
   • Splunk takes search where it's never been before, by automatically extracting knowledge from your IT data and letting users add their own knowledge on-the-fly. Knowledge about events, fields, transactions, patterns and statistics can be added to your data. You can identify, name and tag this data as well.
     
9. Alert
   • Any search can be saved and scheduled for continual monitoring and can trigger alerts via email or RSS. You can even kick off a script to take remedial actions, send an SNMP trap to your system management console or generate a ticket at a service desk. Alerts can be based on a variety of threshold and trend-based conditions.
10. Report
    • If you've ever wanted to generate a report on-the-fly from hard to understand IT data, you'll love Splunk. Splunk's amazing ability to extract fields, patterns and transactions in your IT data lets you summarize any search results as a visual report.
    • Sharing and collaboration has empowered everyone in the enterprise except IT, until now. With Splunk you can control shared access to your IT data by role, group or user.
      

Enhancements:

• An issue with linebreaking Windows Event logs and the light forwarder has been resolved. (SPL-22002)
• Issues relating to the removal or overwriting of configuration files when upgrading Splunk apps (including forwarders) has been resolved. (SPL-21627, SPL-21403)
• Changes to setup.conf in /etc/apps/local for the Splunk light forwarder are now recognized correctly. (SPL-20405)
• Heartbeat has been reimplemented on Splunk forwarders. File descriptors will be recovered when a forwarder stops sending heartbeats (SPL-19279)
• The Splunk light forwarder can now be enabled when running as a non-root user (SPL-22484)
• Enabling the Splunk light forwarder via Splunk Web now works correctly. (SPL-21096)
• An issue causing an error ("scrubber error") with mismatched timezone specifications in anonymizer has been resolved. (SPL-20851)
• The timechart command now supports extracted fields with spaces by converting the spaces to underscores. If your deployment relies on this not occurring, set CLEAN_KEYS to false in transforms.conf. This value defaults to true. (SPL-20563)
• An issue with a hostname-restricted port being left in CLOSE_WAIT state when the port was connected to by something other than that hostname has been resolved. (SPL-20172)
• An issue with "perpetual" licenses not being displayed correctly on Solaris has been resolved. (SPL-18770)
• An issue with Splunk instances becoming unresponsive related to SSL calls blocking has been resolved. (SPL-18565, SPL-16598, SPL-20641)
• The last event in Windows Event Logs is now picked up correctly. (SPL-17283)
• File system change monitor no longer reports spurious "adds" when monitoring top-level drive letter directories. (SPL-18066)
• Backslashes in props.conf are no longer incorrectly escaped in files by deployment server. (SPL-22051)
• A crash encountered when using the interactive field extractor has been resolved. (SPL-22179)
• The -index flag for the spool CLI command now works properly. (SPL-22074)
• Export scripts on Windows now function correctly. (SPL-20493)
• The tcpdump-endpoints transform in system/default/transforms.conf now correctly create dest_ip and dest_port as defined in the Common Information Model. (SPL-22543)