Universal Indexing

How can Splunk work with any type of logs or IT data? Because your IT infrastructure and your IT data are always changing, we learn each type of source and different types of events on-the-fly. The more data you index with Splunk the smarter it gets.

1. Access Raw Data Streams

Access raw data streams in real time from files, queues, ports, databases and other Splunk Servers configured to forward data.

2. Learn Sources

Sample each stream and learn its format automatically. Data streams are recognized and classified into different source types. Source type knowledge accumulates over time to speed up processing of raw data streams.

3. Find Events and Timestamps

Find and normalize timestamps and identify event boundaries within the raw data streams. The Splunk Server cleverly recognizes multi-line stack traces and XML logs as single events.

4. Classify Events

Automatically classify events into unique event types. It assigns a common event type to all events with the same syntax. Works on new and unknown data types.

5. Dense Indexing

Index full event content including major and minor segments. The original data and the Splunk indexes are persisted in an efficient datastore engineered specifically for large-scale log and IT data.