This is not technically a question, but I can see some good enhancements/features as part of the release
Please let me know your thoughts if you haveimplemented in clustered systems. I will wait for a release or two before implementing into our prod.
this is the 6.6 features in Japanese
Ver.6.6 の日本語資料はこちらです。
https://www.macnica.net/splunk/release66.html/
what is "volume-based data forwarding"?
@a212830, or as I lovingly call you, Mr. Lazy Pants 🙂
http://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/MeetSplunk#What.27s_New_in_6.6
(We know each other IRL. Hence this is teasing, not trolling...yet lol)
It sounds like this feature will be my number one reason to move forward to 6.6 sooner rather than later:
"Avoidance of search disruption by automatically ensuring replicated data is available prior to taking a node offline."
We regularly get complaints from users about seeing "Your search results may be incomplete" during a cluster restart. However, the release notes aren't super clear whether this applies to a rolling restart or just "./splunk offline". I reached out to my SE for more info, and I also posted on the blog post iventsekar linked.
I'm also looking forward to line numbers in the SPL -- this will make documenting changes to alerts/reports a little more straight forward. I have had some users beg me to install 6.6 today for the dark themed search bar 🙂
I want to note that I heard from my SE and this change is only for taking down a single peer, but will be expanded to rolling-restarts in the future.
Completely agree. There are so much good improvements as per release notes
Good reading -
I am looking for the dataset and dashboard related features, will check them and update.
Next up is the new Trellis Layout, which provides a more efficient way to run the dashboard and saves time building multiple panels! Have you ever needed to create multiple single value indicators across the top of your dashboard? What about multiple timecharts, with each showing a slightly different measure on the same search? To do this you probably had to edit the Simple XML, copy & paste the original chart over and over again and change the search parameters ever so slightly. Now with Trellis, this can be done directly from the GUI. Multiple charts will be created on the fly—all using a single base search. Here’s an example. ( Pic at the blog)
I love Trellis Layout. Makes it so much easier to compare trends!
Trellis graphs are very cool! Love them.
Docs for Trellis Layout are available here. They describe how you can use trellis layout to split search results over a field or aggregation and generate visualization fragments for each field value:
docs.splunk.com/Documentation/Splunk/6.6.0/Viz/VisualizationTrellis
And docs for the new drilldown editor UI (as well as new content on using drilldown for dashboard interactivity) are available here:
http://docs.splunk.com/Documentation/Splunk/6.6.0/Viz/DrilldownIntro