What is Splunk?
Splunk is the search engine for logs and IT data. It's software that indexes and enables you to search, navigate, alert and report on all the data logged by any application, server or network device in real-time.
What's new in Splunk 3.1?
Search strings can now contain variables that are rendered as form elements in the SplunkWeb interface. When used with Saved searches, inexperienced users can search efficiently without knowing the details of the search language. This feature simplifies searching by asking the user to input exactly the parameters he is looking for, instead of a complete and potentially complex search.
Search language simplification
As part of a general effort to simplify the search language, equal signs can now be used where double colons were required. In prior releases, search field syntax required a double colon but extracted field syntax required an equal sign. For example, host::splunker for the host search field and myfield=value for the extracted field myfield. Now search and extracted fields can both be used with equal signs in searches.
With the introduction of enhanced archiving and export, customers now have the capability to flexibly archive their Splunk data based on time and size, critical for large and long-term data storage issues common with compliance mandates. This data can be easily resurrected back into Splunk for historical searches, and data can be exported simply and easily to put Splunk-gathered data anywhere an operator desires.
New release: Splunk for Windows (preview version)
Download Splunk 3.1.5
Download Splunk for Windows (XP Professional, Server 2003)