What’s New in Splunk Enterprise Version 10?
Author: Nik Wadge
Release Date: 08/09/2025
Splunk released version 10.0.0 on 28th July to surprisingly little fanfare; therefore, it arrived slightly under our radar. However, this is definitely not a version to be ignored, and today we’re going to take a high-level look at what’s new in Splunk Enterprise version 10.
Security Updates
First up, improved Security “under the hood” with FIPS 140-3 support, but there is also extended support for FIPS 140-2 until March 2026, allowing the time for moving to FIPS140-3 with a more constructive approach.
OpenSSL 3.0 is included along with Python 3.9 and all the modules required for interoperability, meaning TLS 1.3 and mTLS (mutual transport layer security) are now supported. OAuth2.0 is also now supported for SMTP servers, allowing for better security when connecting to email relays.
Security for Admins within the app is improved too, with a more granular approach to Role Capabilities with three new inclusions replacing the rather god-mode admin_all_objects capability.
There's also the new Audit Trail app, allowing for quick analysis of users, logons and any changes being made to Splunk's knowledge objects.
Trusted Domains for including external content into Splunk dashboards is now GUI-driven, making customisation easier.
Infrastructure Updates
However, some of the biggest changes are around the infrastructure of Splunk.
Data Management has been overhauled with the Edge Processor Service now included On-Prem, allowing for visibility and control over your Edge Processors directly from your Splunk instance. And Pipelines allow for sorting, filtering, and control over incoming data through SPL2, even if it’s already been parsed. Obscuring things like PCI, PPI, and IP addresses is a simple, GUI-driven process. Even changing the storage location data is sent to by the host, sending it is all done intuitively rather than through configuration files.
What else has changed?
• Sidecars add functionality such as SCIM, allowing for the removal of users assigned by SAML or LDAP once they are removed from the IdP's groups.
• Effective Configuration allows you to view your estates' Forwarders configurations directly from Splunk, no need to SSH into the forwarders and run btool any longer.
• Bulk Data Mover allows for moving data between indexes, previously a very time-consuming, complex and nearly impossible task.
• Dynamic Limits on Scheduled Tasks allows Splunk to relax limits on concurrent searches in times of low usage, allowing for a smoother execution of Scheduled Searches on heavily used instances.
• Improvement of Observability and OTEL collectors functions with previews, monitoring and dashboards all included.
• Federated Search has more functionality, allowing previously unsupported commands such as savedsearch, mcollect and sendalert or sendmail.
• Also, Favourites for knowledge objects for quick access,
SPL2 command security,
Dashboard Studio enhancements,
and more….
As you can see, Splunk 10 is a big deal! Many functions we’ve wanted and asked for, more admin-focused help and better interoperability with improved security throughout.
If you want to know more, please get in touch with our Splunk teams via our contact us page!
