What is Splunk?

It's Software — Download and Install It in 5 Minutes

Splunk is a self-contained software package that runs on all major operating systems - just pick your platform, download and install. You're up and running with a web interface for users and an engine for indexing your IT data.

Splunk can index any IT data from any source in real time. We call this Universal Indexing. Point your servers or network devices' syslog at Splunk, set up WMI polling, monitor any live logfiles, enable change monitoring on your filesystem or the Windows registry, schedule a script to grab system metrics. No matter how you get the data, or what format it's in, Splunk will index it the same way - without any specific parsers or adapters to write or maintain. It stores both the raw data and the rich index in an efficient, compressed, filesystem-based datastore, with optional data signing and auditing if you need to prove data integrity.

But what if the data you need isn't available over the network or visible to the server where Splunk is installed? No problem. You can deploy the same Splunk software across your staging and production environment servers to monitor local application logfiles, capture the output of status commands on a schedule, grab performance metrics or watch the file system for configuration, permissions and attribute changes. These Splunk forwarders securely send this data in real time to your central Splunk server. They run with a minimal footprint and can be centrally controlled with the Splunk built-in deployment server. You can even use them to clone data to multiple Splunk indexers for high availability and route a subset of the data to other systems.

We've spent years tuning Splunk's core technology so it can index hundreds of gigabytes a day on a single commodity Windows, Linux or Unix server. But what if you have terabytes a day? No problem. You can add more index servers for different datasources, applications or datacenters. Or load balance data to multiple index servers. Users can see all these servers as a single logical datastore thanks to distributed search.

Once all your IT data is continuously indexed by Splunk, you're in control of it. Integrate with LDAP and Active Directory and map groups to Splunk roles. Filter what data users see by role. Set up an archiving policy based on datastore size or age. And because all the data needed to troubleshoot, investigate security incidents and demonstrate compliance is persisted in Splunk, you can restrict access on sensitive production servers.

Now you’re indexing and leveraging all your IT data, wouldn’t it be great to install Apps on Splunk that let you do even more? Well you can. Choose from Apps for managing operating systems - Windows, Linux and Unix; for use cases - enterprise security, PCI compliance and change management; and for troubleshooting and reporting technologies - Blue Coat, Cisco and F5. Easily browse and dynamically switch between Apps running on your Splunk instance using the Splunk Launcher interface. Want to build your own? Splunk's App Development Framework makes it easy for customers, partners and the community to innovate on Splunk and get more from IT Search.