federated search
Unified analytics for your hybrid data
Search and run analytics across data lakes. Combine federated search with flexible data management to eliminate costly, complex data movement.
Features
Query distributed data in place
Analyze your data wherever it lives
Search across external data lakes like Azure, Amazon S3, and others without moving or duplicating data, expanding visibility while eliminating the latency and storage costs of data movement.
Intelligent, scalable data preparation and routing
Build pipelines that filter, mask, transform, redact, and aggregate streaming data before routing it to Splunk or external data lakes. AI-powered field extraction and flexible schema options make data easier to structure, search, and analyze across your environment.
Unified analytics using SPL2 query language
Simplify analysis across streaming and historical data with SPL2 pipeline-based query language. Reuse queries and functions between search and pipelines. Accelerate pattern detection and automate investigation workflows with Splunk AI Assistant and Cisco AI Canvas.
Automated schema resilience
Avoid query failures caused by upstream schema drift. Use dynamic schema inference to automatically map external data sources, ensuring consistent query results even as data structures evolve, eliminating the need for manual pipeline maintenance.
Federated Search FAQs
You use Federated Search to execute queries against external data lakes directly, bypassing traditional data ingestion. Splunk Federated Search reduces overhead and accelerates time to insight for ad hoc investigations. It’s designed for ease of use and fast performance using Splunk’s powerful analytics engine and SPL query language.
Federated Search is ideal for low-frequency, ad-hoc searches on data stored in Amazon S3, Snowflake, Delta Lake, Iceberg, Azure Blob, and more. Common use cases include security investigations over historical data, statistical analysis, data enrichment, and data exploration without ingesting data into Splunk.
Key benefits include:
- Reduces TCO by eliminating unnecessary data duplication and letting you control where you store data — while providing unified search and analytics wherever your data resides.
- Provides a unified, powerful search experience while keeping data in its native environment.
- Eliminates ingestion latency for faster AI model training and inference.
Costs are based on data volume scanned. Contact us for pricing details.
Related products and solutions
Splunk Platform
Power unified security, full-stack observability, and limitless custom applications with AI-ready machine data at scale.
Data Optimization
Manage and access data strategically, based on its value to the business.
Data Management
Reduce costs and tailor data flows to meet business and compliance needs.
