Splunk Enterprise 6.3 – Shaking It Up!


Today at the Splunk .conf2015 User Conference we literally shook thinks up with the announcement of Splunk Enterprise and Cloud Release 6.3.

The crowd shook their cell phones while the new HTTP Event Collector sent the data from every device to a central console that tracked the motion, mapped the results, and eventually fired a cannon using the new Custom Alert Action feature integrated into a Citrix Octoblu device controller.

It was a fun way to highlight several cool new features of 6.3:

The HTTP Event Collector directly onboards data from applications, DevOps and IoT devices in real-time, scaling to millions of events per second. Developers can use a standard HTTP/JSON API or logging libraries. Those that are using Docker or creating microservices with AWS Lambda can use Event Collector directly from those environments too. IoT device software can use the same direct API or send events via a growing list of integrated IoT services like AWS Kinesis, Xlively, and Citrix Octoblu.

Custom Alert Actions make it simple for 3rd party or custom developers to create rich integrations or actions that can be automatically triggered by Splunk alerts. The user has a simple pull-down menu to choose among the integrations installed. Splunk and partners have already created a dozen integrations including ServiceNow, Slack, Big Panda, Citrix Octoblu, Webhook and more.

Geospatial Visualizations and Single-Value Displays allow customers to use widely-available Choropleth maps and context-rich KPI displays to easily visualize, understand and communicate results. And the new Anomaly Detection command now brings histogram-based analysis to the Splunk analytics arsenal.



Release 6.3 also has a focus on performance, management and TCO. Release 6.3 utilizes your available system CPU capacity to reach new levels of speed and capacity. If, like many, your using systems with 12 cores or more, Splunk Enterprise now lets you put those cores to work more efficiently. It all depends on your workload and configuration but 6.3 can:

  • Double or more the speed of many common search and reporting activities
  • Index data at double the rate
  • And increase the overall capacity of your deployment by 20% or more


What can it mean?

  • A critical report can be completed in as little as ¼ the time
  • Real-time data can be ready for analysis in half the time
    And increased capacity means that you can get more from you hardware investment
  • In fact, Splunk now requires just 1/3 the hardware it did two years ago, lowering Splunk deployment TCO by over 50%


We’re also working with Cisco to test 6.3 on a 32 core Cisco UCS system. The results so far show that vertical scaling effects are even stronger – with rare searches executing at 6x the speed. Check out Bharath Aleti’s Cisco blog post: Enhancing the Splunk experience with Cisco UCS. Watch for more detail in the coming weeks, meantime they were excited enough to make a short executive video that you can see here:

On the management side there are also new important features:

The latest Distributed Management Console provides interactive topology views of your entire deployment including mappings of forwarders, indexers and search heads, as well as system status and health alerting

Data Integrity Control helps ensure Splunk data fidelity for security and compliance by detecting if indexed data has been compromised.

There you have it. The latest release is designed to deliver breakthroughs in performance, management, data onboarding and integration, all at a lower cost of deployment TCO than ever before. Enjoy!

Follow all the conversations coming out of .conf2015:



Kevin Faulkner
Sr. Director, Product Marketing
Splunk Inc.

One Trackback

  1. […] to check out something with some real integrity – the new Data Integrity feature added to Splunk 6.3, now generally available from Splunk. This allows you to prove that your indexed data has not been […]