Splunk Enterprise 6.5 New Features – Part II
In Part I of the Splunk Enterprise 6.5 New Features blog post we looked at the ways in which Splunk Enterprise 6.5 made improvements to managing your Splunk environment. In this post we will take a look at the new Search IDE and dashboard features in Splunk Enterprise 6.5!
Search IDE
After examining the data I set out to create some dashboards and experience the new Search IDE firsthand. A few simple new features, but ones I am sure the Splunk Community have been waiting for. The syntax highlighting present in many code editors is visible when writing search queries. Different SPL categories are assigned colours based on function. Autocomplete is another helpful feature as it can recommend completed queries using the existing information present in your search.
Dashboard Edit Experience
Standard IDE functionality also extends to the XML source editor which supports inline validation of Simple XML. Users can now also preview the changes to their dashboard before they are saved.
Dashboard Refresh
After I created the dashboard panels I was able to look at some of the new dashboard refresh features. Panels can now be refreshed at set intervals straight through the UI, along with choosing a “Refresh Indicator” which can add a “Preview and Progress Bar” to a dashboard panel; further customizing the way in which data is presented to the user.
Conditional Table Formatting & Number Formats
Further customization of tables can be done straight from the UI. This includes: setting colours for table cells based on defined conditions, adding units, rounding numbers, etc.
In the end, my dashboard looked like this:
The winner for me in this release is the number of tasks which could be performed through the UI. The dashboard I created took less time than it would have with previous versions of Splunk… and more easily. I could invest less time when it came to cleaning and presenting the data because I no longer needed to go back and revise the original search queries I had written; and as we all know some of these queries can get pretty complex. I am sure for people running large environments their new features would revolve around improvement to cluster management through the UI. The ability to manage the synchronization of buckets and configuration bundles among cluster members with the click of a few button is something a lot of Splunk are going to enjoy.
Download the new release and try it out for yourself today!
Looking to expedite your success with Splunk? Click here to view our Splunk service offerings.
© Discovered Intelligence Inc., 2016. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.
