Turn Machine Data Into Powerful Insights
Splunk Enterprise is the industry-leading platform for operational intelligence. Collect and index any machine data from virtually any source in real time. Search, monitor, analyze and visualize your data to gain new insights and intelligence. Index everything for deep visibility, forensics and troubleshooting. Work smarter as you and your team share searches and add knowledge specific to your organization. Create ad hoc reports to identify trends or prove compliance controls. Create interactive dashboards to monitor for security incidents, service levels and other key performance metrics. Analyze user transactions, customer behavior, machine behavior, security threats and fraudulent activity, all in real time.
Index Any Data
Index any machine data regardless of format or location--logs, clickstream data, configurations, sensor data, traps and alerts, change events, the output of diagnostic commands, data from APIs and message queues, and even multi-line logs from custom applications. With no predefined schema, data can be indexed from virtually any source, format or location. Then it's available for troubleshooting, security incident investigations, network monitoring, compliance reporting, business analytics and other valuables uses.
Search and Investigate
Search real-time and historical data using the same interface. Use familiar search commands to define, limit or widen your search. Search doesn't stop there. Use statistical reporting commands, update transaction counts and calculate metrics, and even look for specific conditions within a rolling time window. The search assistant offers type-ahead suggestions and contextual help so that you can leverage the full power of the Search Processing Language (SPL™).
Interact with Search Results
Interact with your search results in real time. Zoom in and out on a timeline of your results to quickly reveal trends, spikes and anomalies. Click to drill down immediately into your results and eliminate noise to get to the needle in the haystack. Whether you're troubleshooting a ticket, investigating a security alert or simply discovering your data, you'll get to the answer in minutes rather than hours or days and avoid the need to escalate to other groups to get the data you need.
Make Data More Meaningful
Splunk Enterprise automatically extracts knowledge from your machine data. You can add more knowledge and meaning by identifying, naming and tagging fields and data points. You can even add information from external asset management databases, configuration management systems and user directories. Easily define data models that describe relationships in underlying machine data to power the Pivot interface, which enables any user to build powerful reports without mastering the search language.
Correlate Complex Events
Splunk Enterprise search makes it easy to establish or find relationships between seemingly unrelated events or activity. Use Splunk Enterprise to correlate machine data based on time, external data, location, sub-searches or joins. Identify related events as a transaction or session. Visualize trends and characteristics in reports and dashboards.
Monitor and Alert
Turn searches into real-time alerts and automatically trigger notifications via email or RSS, execute remedial actions, send an SNMP trap to your system management console or generate a ticket at a service desk. Alerts can be triggered based on a variety of thresholds, trend-based conditions and other complex searches. Gain additional information at the time of the alert to assist with faster root cause analysis and problem resolution.
Report and Analyze
Empower every user in your organization to rapidly analyze data. Build reports, advanced graphs and charts to understand important trends, create advanced visualizations, summarize top values and view the frequency of conditions. Forecast highs and lows, plan systems resources and anticipate workloads with new predictive visualizations. The pivot interface allows users to manipulate and interact with machine data to create robust, information-rich reports from scratch without learning the search language. Save reports, integrate them into dashboards and or share them with management or other colleagues via PDF. Embed your important charts and reports in other third-party business applications so that insights from your data are available wherever they're needed. Built-in performance technology delivers your mission-critical insights at blazingly fast speeds, all at the check of a box.
Custom Dashboards and Views
Create custom dashboards in a few clicks with the dashboard editor. Dashboards integrate multiple charts and views of your real-time data for the needs of different users—technical and non-technical. Analyze your data further with chart overlay and pan and zoom controls. You can personalize dashboards for anyone on any device.
The Splunk Mobile App
The Splunk Mobile App lets you experience Splunk Enterprise and gain mission critical Operational Intelligence anywhere. Access your dashboards, easily share insights, receive real-time alerts at any time from any location, and always stay connected to your Splunk Enterprise deployment. The Splunk Mobile App connects to your Splunk Enterprise deployment through the Splunk Mobile Access Server, which provides seamless and secure access to your Splunk Enterprise deployment. Download the Splunk Mobile Access Server for free. Download the free Splunk Mobile App from the app store.
Do more by taking advantage of hundreds of apps and other content that run on top of Splunk Enterprise. These apps deliver a targeted user experience for different roles and use cases. There are a growing number of apps, built by our community, partners and Splunk—browse what's out there or even create and post your own, all through the Splunk apps website.