Splunk 9.3 has been released and there are some new features that we would like to share with you. In the release notes you can find all the features added to this release.
It is now possible to schedule PDF or PNG exports for Dashboard Studio dashboards. For users to be able to do this you have to give them the ‘list_settings’ capability. There are a few limitations that you should consider, see the Splunk Documentation for the details.
A nice bonus is the ability to use the API to fetch a PNG, this means that you can use your automation tooling to fetch a PNG of a dashboard and display that on a website. This is much easier than using embedded reports.
Instead of Python 3.7 the new default is now Python 3.9, you could override this in your app settings but we highly recommend testing all your Python scripts in a test environment with Splunk 9.3 before upgrading on production.
On busy search heads it is now possible to apply a memory reduction measure for the Splunkd process. In the Splunk conf description it does state that you should consult Splunk support before enabling this setting.
If you used role-based field filters then you should know that after upgrading these filters will no longer work. You might want to check out the new field filter option, but keep in mind that you can no longer use the following commands: mpreview, mstats, tstats, typeahead, and walklex
If you use Splunk Enterprise Security you probably won’t be able to use this since Splunk Enterprise Security relies heavily on tstats. For more information click this link.
If you have not yet automated your Splunk indexer cluster upgrade you might want to check out this app that helps you. Do note that using systemd for Splunk is currently not supported.
https://docs.splunk.com/Documentation/Splunk/9.3.0/Indexer/AutomatedIDXCrollingupgrade