Splunk .conf23: Introducing S3SPL and App Updates

Welcome to our blog, where we bring you exciting news from the upcoming Splunk .conf23 User Conference! The Splunk community awaits the annual event, which promises to be exceptional this year. We are thrilled to share that we will launch one brand-new Splunk app and unveil significant updates to two existing apps. Join us as we explore the enhancements and capabilities of these innovative solutions.

Introducing S3SPL

The S3SPL Add-On for Splunk enables your data stored in S3 for immediate insight using custom Splunk commands. The data source does not matter as long as it is stored in S3 and can be queried using S3 Select. This includes JSON, CSV, Parquet, and even files written by Splunk Ingest Actions.

Key Features:

  • Query S3 using S3Select in an ad-hoc fashion using WHERE statements
  • Save queries and share them with other users
  • Configure queries to manage timestamps based on defined field names automatically
  • Configure queries with replacements to adapt queries to the current requirement on the fly
  • Create queries and preview results using an interactive workbench

Download the app from Splunkbase.

Alert Manager Enterprise Update

Our latest release (1.2) has improved and extended existing functions and features:

Tags

  • Tags can now also be assigned using savedsearches.conf attributes.
  • Our Security Knowledge Pack now supports the following frameworks:
    • CIS v7 (CIS20)
    • CIS v8 
    • NIST
    • CVE

Notifications

  • Configure existing Splunk Alert Actions as notification channels. This feature opens up a vast number of new ways how to notify users and systems.
  • Slack Apps (successor to Webhooks) are now supported.
  • Choose if appended events will trigger a notification.

 

ElasticSPL Update

We have made the following improvements in our latest version (1.2) of ElasticSPL:

Overall Improvements

  • Implemented Splunk-like permission model
  • Implemented update framework for future updates

Workbench Improvements

  • Improved workbench performance
  • Added table, raw, and visualization view
  • Allowing for full queries by leveraging the Splunk Search API
  • Added support for post-processing commands

Visit our booth at the Splunk User Conference Partner Zone to learn more about our new S3SPL Add-on, the exciting Alert Manager Enterprise and ElasticSPL updates, and our existing UTStream app for Cribl Stream integration. Our team will be available to answer your questions and showcase the app’s enhanced capabilities.

 

Conclusion

The Splunk User Conference is the perfect platform to unveil our new Splunk app and showcase the significant updates to two existing apps. With these cutting-edge solutions, organizations can unleash their data’s full potential, confidently make data-driven decisions, and optimize their operations.

Join us at the .conf23 to witness these groundbreaking developments and embark on a new era of data exploration with Splunk. You will find us in the source=*Pavillion in the Partner Zone.

© 2023 by Datapunctum AG