Product Features

Splunk Enterprise and Splunk Cloud

Hello forest. Hello trees. We've never seen you so clearly before.

The Power to Analyze Your World

Splunk software is the easy, fast and secure way to search, analyze and visualize the massive streams of machine data generated by your IT systems and technology infrastructure—physical, virtual and in the cloud. Use Splunk software and your machine data to deliver new levels of visibility, insight and intelligence for IT and across the business.

Splunk Cloud and Splunk Enterprise offer you access to the same great set of features. Use them in any combination you like. With hybrid search you’ll always have a unified view.


Collect and Index

Collect and index any machine data from virtually any source, format or location in real time.

Index Anything, In Real Time

Collect machine data in real time from applications, web servers, databases, networks, virtual machines, mobile devices, IoT sensors, mainframes and much more.

You can also combine and enrich your machine data with Hadoop-based data, as well as traditional data from relational databases and data warehouses.

Getting Data In

With a variety of standard and custom input methods, Splunk software can ingest all kinds of data types and sources. File-based data can be sent via forwarders that reside directly on the data sources, while DevOps, IoT and other data can be directly ingested using the Event Collector API, or a TCP/UDP port. You can pull data from API-based sources using Modular Inputs and other methods. Common IT, security and application data sources can also be onboarded and analyzed directly with hundreds of free apps and add-ons.


Metrics are numerical data points captured over time can be compressed, stored, processed and retrieved more efficiently than logs. They are natively supported as first-class data, fit for scale and performance. Use of metric data boosts all around speed by at least 20X over previous releases (before version 7.0).


You don’t have to rely on brittle, predefined schemas. You can ask any question of your data because the schema is automatically created at search time, and can even run against data that’s being ingested in real time. Because the data is always maintained in its raw format, there’s no need for costly ETL or data normalization, and there’s no need to manually recreate a schema when new data types are added or new searches are run. 

Time-Based Event Chronology

With data being ingested in real time, extracting and normalizing timestamps becomes imperative to troubleshooting (what went wrong when), investigations, and understanding the end-to-end flow of transactions. Splunk software automatically determines the time of any event—even with the most atypical or non-traditional formats. Data that does not have a timestamp is handled by inferring a timestamp based on context.

Search and Investigate

Search and navigate all your machine data in real time.

Splunk Search Processing Language (SPL™)

SPL is our secret sauce. This powerful query language is what enables you to operate on your machine data. With support for five different types of correlation (time, transactions, sub-searches, lookups, joins) and over 140 analytical commands, you can conduct deep analysis, use event pattern detection and other machine learning methods to predict outcomes and even discover new opportunities in your data. Learn more.

Real-Time Search

Analyze behavior and activity in real time and see the historical context from the same interface. You can go beyond simple Boolean searches into fielded searches, statistical searches and sub-searches. You can immediately visualize results, see patterns and correlate on anything you want. Save your searches and schedule them to run at intervals to power informative dashboards.

Transaction Search

Sending an email, placing an order on a website or connecting a VOIP call will create a number of events across different IT components. Search for these collections of events that are all part of the same transaction, identifying where issues occurred—or opportunities—across transactions. 

Interactive Results

Zoom in and out on a timeline of results to quickly reveal trends, spikes and anomalies. Dynamically drill down in dashboards anywhere in a chart to the raw events or define custom views and eliminate noise to get to the needle in the haystack. 

Data Sampling

Optimize large dataset query performance. Use data sampling to produce results up to 1,000 times faster, helping you analyze very large datasets in real time. 

Correlate and Analyze

Find the relationships within your data. Easily. Correlate complex events from multiple data sources across your IT infrastructure so you can monitor more meaningful events.

Machine Learning Toolkit

Use built-in Splunk analytics or your own custom machine learning models to tackle impactful issues or opportunities in your company—from avoiding disruptive downtime to optimizing business results. You can easily build custom models using the guided experience of the Splunk Machine Learning Toolkit, which includes an improved API, role-based access controls for machine learning models and out-of-the-box algorithms that allow for a wider range of applications with greater efficiency. Not to mention algorithms from popular open source Python libraries. Learn more.

Correlate Complex Events

Event correlation is finding relationships between seemingly unrelated events in data from multiple sources. For example, you can track a series of related events as a single transaction to measure duration or status. Then you can automate the results of correlations to generate alerts or support business metrics. Splunk software supports event correlations using time and geographic location, transactions, sub-searches, field lookups and joins.

Event Annotation

Event Annotation adds additional context that unifies and correlates log events, annotations and metrics into a single view. It’s simpler than ever to surface insights from your data by visually overlaying events on to time-series data.

Event Pattern Detection

Automatically detect meaningful patterns in machine data, regardless of data source or type. Zoom in and out using a visual timeline to identify trends and spikes, and drill down into the results.


Use different types of datasets (data models, tables, lookups) to define and maintain structured collections of data that can be used as building blocks for analysis and reporting. Data models describe rich relationships in machine data to aid in rapid analysis without the need for further data preparation. Tables provide a structured view into complex data. Lookups enrich and extend the usefulness of your event data through interactions with external resources.

Table Datasets and Pivot

Create table-based views of data that can be used for focused analysis by a wide range of users. Explore tables using an intuitive interface that allows you to enhance, refine, filter and aggregate data—all without using SPL. Prepare tables, share with other users, and use Pivot to create focused reports and dashboards. Learn more.

Visualize and Report

Make more sense of the huge volumes of data at your disposal. Create custom dashboards and views for different types of users across your organization, technical and non-technical. Generate custom reports in PDF format or export results for broader use.


Choose from a wide range of charts and visualizations to make results understandable and actionable. Intuitive charts and interactive visualizations make sense of complex data, letting you identify problems, opportunities and potential issues. Splunk software provides a rich set of visualizations and makes it simple to create and share new ones in Splunkbase. Learn more.


Dashboards integrate multiple charts, views and reports and re-usable panels. Quickly build and personalize dashboards for management, business or security analysts, auditors, developers and operations teams. Dashboard panels can be built and shared through a shareable library, allowing them to be added to any dashboard. Workflows enable users to click through to another dashboard, form, view or external website. And you can always click through dashboard results to get to the underlying data.

Create mashups with other web-based apps, such as Tivoli, SAP, security consoles and more, to provide a seamless view across silos. Charts and timelines don’t use Flash, which means dashboards can also be viewed and edited on tablets, smartphones and non-Flash browsers. Access your dashboards and reports on-the-go with the Splunk Mobile App.

Automate and Share Reports

Reports can be created in real time or scheduled to run at any interval, used in dashboards, or saved and shared in secure, read-only formats, such as PDF Reports. Data can also be shared via ODBC.

Monitor and Alert

Go from reactive to proactive. Use the dashboards to continually monitor events, conditions or KPIs. Set alerts to indicate critical conditions and automatically trigger custom actions.

Monitor Events and KPIs

Search and analysis solve problems and uncover opportunities, but continuous monitoring of events, conditions and critical KPIs helps keep your operations running smoothly. Use scheduled searches to create the real-time dashboards and visualizations that keep the team and management informed. For out-of-the box monitoring dashboards for common IT, security and application sources you can find hundreds of free apps in Splunkbase.

Proactive Alerting

Alerts can signal real-time critical events, and also impending conditions before they occur. The custom alert actions feature makes it simple to invoke any third-party application or trigger actions, such as sending emails or executing remediation scripts. Alerts can be set to any level of granularity and can be based on a variety of thresholds, trend-based conditions and complex patterns, such as abandoned shopping carts, brute force attacks and fraud scenarios.

Security and Administration

You need to keep your machine data secure—it’s one of the most valuable information assets you have. Splunk software provides secure data handling, access controls, auditability, assurance of data integrity and integration with enterprise single sign-on solutions.

Secure Data Access and Transport

Splunk software supports advanced anonymization to mask confidential data from results. It also provides encrypted access to data streams using protocols such as TCP/SSL, and user access is secured using protocols such as HTTPS or SSH for command-line access.

Granular Access and Audit Controls

Role-based access and audit controls allow you to control and monitor the actions users can take and what data, tools and dashboards they can access. You can build your own roles to map to your organization’s policies for different classes of users. You’ll also want to integrate with LDAP and Active Directory and map groups to different roles.

User Authentication

Splunk software supports SAML integration for single sign-on via most popular identity providers and comes pre-configured for a growing number of providers like Okta, PingFederate, Azure AD, CA SiteMinder, OneLogin and Optimal IdM. Splunk can also integrate with other authentication systems, including LDAP, Active Directory and e-Directory, and supports integration with Duo two-factor authentication.

Data Integrity

Have confidence that data hasn’t been tampered with. Indexed data can be hashed to ensure fidelity over time. Individual events and streams of events can be signed. Splunk also provides message integrity measures that prove no one has inserted or deleted events from the original stream.

Common Criteria

Splunk Enterprise has been granted Common Criteria certification (VID # 10807) by National Information Assurance Partnership (NIAP).

Enterprise-Class Platform

Splunk software delivers the scalability, reliability and functionality you need for your enterprise-wide Operational Intelligence solution.

Scale and High Availability

Splunk Enterprise is based on a distributed architecture that scales horizontally across commodity servers to support unlimited users and data volumes. It also scales vertically, increasing search and indexing speed and capacity to take advantage of available CPU power. With Splunk Enterprise you can also archive data and tier storage based on your needs—including rolling cold or unused data to Hadoop. The architecture supports multi-site clustering, high-availability, and disaster recovery configurations to ensure continuous availability.

Splunk Cloud customers benefit from the performance, scale and robustness of this same architecture.

System Management

The Splunk Monitoring Console for Splunk Enterprise provides a complete system and feature monitoring interface, including topology views, system status and health alerting, for all components of an on-premises deployment.  The console creates a single interface to view the status, performance, capacity and interconnectivity of these components, allowing the admin to optimize solution operation and efficiency.

A tailored Monitoring Console service is also available for Splunk Cloud customers, although most administrative management is handled by Splunk.

Enterprise Integration

You can embed Splunk reports and data in any application or use our ODBC integrations to access Splunk data in applications such as Microsoft Excel or Tableau. Automatically trigger actions in ticketing or other systems with Splunk alerts. Rich SDKs let your team integrate Splunk data and functionality in any desired manner.

Storage Optimization

Data retention costs are a significant part of your analytics budget, so Splunk Enterprise offers two options to help you reduce historical data storage costs by up to 80% while retaining Splunk search capabilities. You can keep historical data within Splunk and reduce the data footprint of seldom-analyzed, cold data. Or, you can roll your data to an existing Hadoop or Amazon Simple Storage Service (Amazon S3) data lake. 

Integrates With Hadoop

Seamlessly search your Hadoop data within Splunk Enterprise. Enrich Hadoop data with Splunk search results and import Hadoop data into Splunk Enterprise. Roll historical Splunk Enterprise data into your existing Hadoop distribution. Learn more.

Apps and Premium Solutions

Add apps or premium solutions to enhance and extend your Splunk Enterprise or Splunk Cloud deployment.


Apps deliver a user experience designed to make Splunk software immediately useful and relevant for typical tasks like monitoring and reporting for specific IT and security needs. There are hundreds of free apps from Splunk, our partners and our community, and the platform makes it simple to create your own. Learn more.

Splunk Premium Solutions

These purpose-built solutions go beyond apps to enable you to manage your broader environments. They offer rich dashboards and key performance indicator (KPI) tracking, investigative capabilities, embedded machine learning, workflows and more to help you drive operational excellence. Splunk Premium Solutions include: Splunk Enterprise Security, Splunk User Behavior Analytics and Splunk IT Service Intelligence.

Developer Resources

Tools and guidance to help you build enterprise-ready apps.

Extend the Power of Splunk

Apps are a cornerstone of the value of Splunk. And we’ve made it easy for developers and customers to rapidly create apps that solve targeted problems. Take advantage of the many resources available to help you build, package, certify, and promote your apps. Learn more.