What is Splunk?

It's Software. Download and Install It in 5 Minutes

Splunk is a self-contained software package that runs on lots of different operating systems. Just pick your platform, download and install. You're up and running with a Web interface for users and a datastore to index your data.

Splunk can index any IT data from any source in real time. We call this Universal Indexing. Point your servers or network devices' syslog at Splunk, set up WMI polling, monitor any live logfiles, enable change monitoring on your filesystem or the Windows registry, schedule a script to grab system metrics, and more. No matter how you get the data, or what format it's in, Splunk will index it the same way - without any specific parsers or adapters to write or maintain. It stores both the raw data and the rich index in an efficient, compressed, filesystem-based datastore - with optional data signing and auditing if you need to prove data integrity.

But what if the data you need isn't available over the network or visible to the server where Splunk is installed? No problem. You can deploy the same Splunk software across your staging and production environment servers to monitor local application logfiles, capture the output of status commands on a schedule, grab performance metrics or watch the file system for configuration, permissions and attribute changes. These Splunk forwarders securely send this data in real time to your central Splunk server. They run with a minimal footprint and can be centrally controlled with the Splunk built-in deployment server. You can even use them to clone data to multiple Splunk indexers for high availability, and route a subset of the data to other systems.

We've spent years tuning the Splunk core technology so it can index hundreds of gigabytes a day on a single commodity Windows, Linux or Unix server. But what if you have terabytes a day? No problem. You can add more index servers for different datasources, applications or datacenters; or you can even load balance data to multiple index servers. Users can see all these servers as a single logical datastore thanks to distributed search.

Once all your IT data is continuously indexed by Splunk, you're in control of it. Integrate with LDAP and Active Directory and map groups to Splunk roles. Filter what data users see by role. Set up an archiving policy based on datastore size or age. And because all the data needed to troubleshoot, investigate security incidents and demonstrate compliance is persisted in Splunk, you can restrict access on sensitive production servers.