What is Splunk?

Splunk is an IT search and analysis engine. It's software that lets you index, search, alert and report on live and historical IT data – giving you visibility across your entire IT infrastructure from one location in real time. Reduce the time to troubleshoot IT problems and security incidents to minutes or seconds instead of hours or days. Monitor your entire IT infrastructure to avoid service degradation and downtime. Report on all your compliance controls at a lower cost and in a fraction of the time. Download Splunk for free and try it for yourself.

Download Splunk

It's Software – Download and Install It in 5 Minutes

Try Splunk on your laptop and then scale it to your datacenter. It's a self-contained software package that runs on all major operating systems – just pick your platform, download and install. You're up and running with a web interface for users and an engine for indexing your IT data.

Watch the "New in Splunk 4" video
download splunk
index any data

Indexes Any Data

Splunk indexes any kind of IT data from any source in real time. Point your servers’ or network devices’ syslog at Splunk, set up WMI polling, monitor live logfiles, enable change monitoring on your filesystem or the Windows registry, or schedule a script to grab system metrics. Splunk indexes all your IT data without the need for any specific parsers or adapters to purchase, write or maintain. Both the raw data and the rich index are stored in an efficient, compressed, filesystem-based datastore with optional data signing and auditing for data integrity.

Learn more about IT data

Forwards Data from Remote Systems

Splunk forwarders – lightweight Splunk servers with indexing turned off – can be deployed in situations where the data you need isn't available over the network or visible to the server where Splunk is installed. Splunk forwarders can monitor local application logfiles, capture the output of status commands on a schedule, grab performance metrics from virtual or non-virtual sources or watch the file system for configuration, permissions and attribute changes. Forwarders send data securely to the central Splunk server in real time. They are lightweight, can be deployed quickly and at no additional cost.

Watch the "Deploying Splunk" video Read the "Splunk Forwarders" technical brief
forward data from remote systems via splunk forwarders
splunk vertical scaling

Indexes and Searches Terabytes of Data

Splunk lets you search billions of events in seconds on a single commodity server. As daily volumes and data sources grow, you can scale indexing performance by adding more indexers on commodity hardware. Spreading the incoming load across more indexers lets you index faster. Perhaps more importantly, Splunk search performance improves linearly by spreading indexed data across more indexers. Automatic load balancing optimizes workloads and response times, and built-in failover support provides redundancy. Splunk can also be configured to use a SAN or other storage device for long term storage needs.

Watch the "Splunk Search Architecture" video Read the "Splunk and MapReduce" technical paper

Scales Across Datacenters

Splunk distributed search lets your search span multiple deployments within a datacenter or globally across all your datacenters. With role-based access you can control how far a given user's search will span. Regional users can see data from regional systems and enterprise-wide users can see data from all datacenters. The Splunk vision is for every authorized employee to get the view into the IT data that they need; whether for investigations, or reports and dashboards, or analysis to continually improve IT operations and gain valuable business insights. Securely connecting your Splunk installation takes just minutes, allowing you to design a manageable enterprise data fabric.

Watch the "Scale Splunk" video Blog: "Scaling Splunk 101" by Erik Swan, Splunk CTO
splunk distributed search across datacenters
role base access controls

Provides Role-Based Security

Underlying everything Splunk does is a robust security model. Every Splunk transaction is authenticated, including user activities through the web user interface, command line interface and system activities through the Splunk API. You can define your own roles for Splunk users with more than 60 control points that limit functionality by user type. These fine-grained access controls limit the searches, alerts, reports, dashboards and views that different Splunk roles can see. Splunk also integrates with external LDAP-compliant directory servers and Active Directory servers to enforce enterprise-wide security policies. Since all the data needed to troubleshoot, investigate security incidents and demonstrate compliance is persisted in Splunk, you can restrict access to sensitive production servers.