Splunk Enterprise and Splunk Cloud
Hello forest. Hello trees. We've never seen you so clearly before.
The Power to Analyze Your World
Splunk software is the easy, fast and secure way to search, analyze and visualize the massive streams of machine data generated by your IT systems and technology infrastructure—physical, virtual and in the cloud. Use Splunk software and your machine data to deliver new levels of visibility, insight and intelligence for IT and across the business.
Splunk Cloud and Splunk Enterprise offer you access to the same great set of features. Use them in any combination you like. With hybrid search you’ll always have a unified view.
Collect and Index
Index Anything, In Real Time
Collect machine data in real time from applications, web servers, databases, networks, virtual machines, mobile devices, IoT sensors, mainframes and much more.
You can also combine and enrich your machine data with Hadoop-based data, as well as traditional data from relational databases and data warehouses.
Getting Data In
With a variety of standard and custom input methods, Splunk software can ingest all kinds of data types and sources. File-based data can be sent via forwarders that reside directly on the data sources, while DevOps, IoT and other data can be directly ingested using the Event Collector API, or a TCP/UDP port. You can pull data from API-based sources using Modular Inputs and other methods. Common IT, security and application data sources can also be onboarded and analyzed directly with hundreds of free apps and add-ons.
Metrics are numerical data points captured over time can be compressed, stored, processed and retrieved more efficiently than logs. They are natively supported as first-class data, fit for scale and performance. Use of metric data boosts all around speed by at least 20X over previous releases (before version 7.0).
You don’t have to rely on brittle, predefined schemas. You can ask any question of your data because the schema is automatically created at search time, and can even run against data that’s being ingested in real time. Because the data is always maintained in its raw format, there’s no need for costly ETL or data normalization, and there’s no need to manually recreate a schema when new data types are added or new searches are run.
Time-Based Event Chronology
With data being ingested in real time, extracting and normalizing timestamps becomes imperative to troubleshooting (what went wrong when), investigations, and understanding the end-to-end flow of transactions. Splunk software automatically determines the time of any event—even with the most atypical or non-traditional formats. Data that does not have a timestamp is handled by inferring a timestamp based on context.
Search and Investigate
Splunk Search Processing Language (SPL™)
SPL is our secret sauce. This powerful query language is what enables you to operate on your machine data. With support for five different types of correlation (time, transactions, sub-searches, lookups, joins) and over 140 analytical commands, you can conduct deep analysis, use event pattern detection and other machine learning methods to predict outcomes and even discover new opportunities in your data. Learn more.
Analyze behavior and activity in real time and see the historical context from the same interface. You can go beyond simple Boolean searches into fielded searches, statistical searches and sub-searches. You can immediately visualize results, see patterns and correlate on anything you want. Save your searches and schedule them to run at intervals to power informative dashboards.
Sending an email, placing an order on a website or connecting a VOIP call will create a number of events across different IT components. Search for these collections of events that are all part of the same transaction, identifying where issues occurred—or opportunities—across transactions.
Zoom in and out on a timeline of results to quickly reveal trends, spikes and anomalies. Dynamically drill down in dashboards anywhere in a chart to the raw events or define custom views and eliminate noise to get to the needle in the haystack.
Optimize large dataset query performance. Use data sampling to produce results up to 1,000 times faster, helping you analyze very large datasets in real time.
Correlate and Analyze
Machine Learning Toolkit
Use built-in Splunk analytics or your own custom machine learning models to tackle impactful issues or opportunities in your company—from avoiding disruptive downtime to optimizing business results. You can easily build custom models using the guided experience of the Splunk Machine Learning Toolkit, which includes an improved API, role-based access controls for machine learning models and out-of-the-box algorithms that allow for a wider range of applications with greater efficiency. Not to mention algorithms from popular open source Python libraries. Learn more.
Correlate Complex Events
Event correlation is finding relationships between seemingly unrelated events in data from multiple sources. For example, you can track a series of related events as a single transaction to measure duration or status. Then you can automate the results of correlations to generate alerts or support business metrics. Splunk software supports event correlations using time and geographic location, transactions, sub-searches, field lookups and joins.
Event Annotation adds additional context that unifies and correlates log events, annotations and metrics into a single view. It’s simpler than ever to surface insights from your data by visually overlaying events on to time-series data.
Event Pattern Detection
Automatically detect meaningful patterns in machine data, regardless of data source or type. Zoom in and out using a visual timeline to identify trends and spikes, and drill down into the results.
Use different types of datasets (data models, tables, lookups) to define and maintain structured collections of data that can be used as building blocks for analysis and reporting. Data models describe rich relationships in machine data to aid in rapid analysis without the need for further data preparation. Tables provide a structured view into complex data. Lookups enrich and extend the usefulness of your event data through interactions with external resources.
Table Datasets and Pivot
Create table-based views of data that can be used for focused analysis by a wide range of users. Explore tables using an intuitive interface that allows you to enhance, refine, filter and aggregate data—all without using SPL. Prepare tables, share with other users, and use Pivot to create focused reports and dashboards. Learn more.
Visualize and Report
Choose from a wide range of charts and visualizations to make results understandable and actionable. Intuitive charts and interactive visualizations make sense of complex data, letting you identify problems, opportunities and potential issues. Splunk software provides a rich set of visualizations and makes it simple to create and share new ones in Splunkbase. Learn more.
Dashboards integrate multiple charts, views and reports and re-usable panels. Quickly build and personalize dashboards for management, business or security analysts, auditors, developers and operations teams. Dashboard panels can be built and shared through a shareable library, allowing them to be added to any dashboard. Workflows enable users to click through to another dashboard, form, view or external website. And you can always click through dashboard results to get to the underlying data.
Create mashups with other web-based apps, such as Tivoli, SAP, security consoles and more, to provide a seamless view across silos. Charts and timelines don’t use Flash, which means dashboards can also be viewed and edited on tablets, smartphones and non-Flash browsers. Access your dashboards and reports on-the-go with the Splunk Mobile App.
Automate and Share Reports
Reports can be created in real time or scheduled to run at any interval, used in dashboards, or saved and shared in secure, read-only formats, such as PDF Reports. Data can also be shared via ODBC.
Monitor and Alert
Monitor Events and KPIs
Search and analysis solve problems and uncover opportunities, but continuous monitoring of events, conditions and critical KPIs helps keep your operations running smoothly. Use scheduled searches to create the real-time dashboards and visualizations that keep the team and management informed. For out-of-the box monitoring dashboards for common IT, security and application sources you can find hundreds of free apps in Splunkbase.
Alerts can signal real-time critical events, and also impending conditions before they occur. The custom alert actions feature makes it simple to invoke any third-party application or trigger actions, such as sending emails or executing remediation scripts. Alerts can be set to any level of granularity and can be based on a variety of thresholds, trend-based conditions and complex patterns, such as abandoned shopping carts, brute force attacks and fraud scenarios.
Security and Administration
Secure Data Access and Transport
Splunk software supports advanced anonymization to mask confidential data from results. It also provides encrypted access to data streams using protocols such as TCP/SSL, and user access is secured using protocols such as HTTPS or SSH for command-line access.
Granular Access and Audit Controls
Role-based access and audit controls allow you to control and monitor the actions users can take and what data, tools and dashboards they can access. You can build your own roles to map to your organization’s policies for different classes of users. You’ll also want to integrate with LDAP and Active Directory and map groups to different roles.
Splunk software supports SAML integration for single sign-on via most popular identity providers and comes pre-configured for a growing number of providers like Okta, PingFederate, Azure AD, CA SiteMinder, OneLogin and Optimal IdM. Splunk can also integrate with other authentication systems, including LDAP, Active Directory and e-Directory, and supports integration with Duo two-factor authentication.
Have confidence that data hasn’t been tampered with. Indexed data can be hashed to ensure fidelity over time. Individual events and streams of events can be signed. Splunk also provides message integrity measures that prove no one has inserted or deleted events from the original stream.
Splunk Enterprise has been granted Common Criteria certification (VID # 10807) by National Information Assurance Partnership (NIAP).
Scale and High Availability
Splunk Enterprise is based on a distributed architecture that scales horizontally across commodity servers to support unlimited users and data volumes. It also scales vertically, increasing search and indexing speed and capacity to take advantage of available CPU power. With Splunk Enterprise you can also archive data and tier storage based on your needs—including rolling cold or unused data to Hadoop. The architecture supports multi-site clustering, high-availability, and disaster recovery configurations to ensure continuous availability.
Splunk Cloud customers benefit from the performance, scale and robustness of this same architecture.
The Splunk Monitoring Console for Splunk Enterprise provides a complete system and feature monitoring interface, including topology views, system status and health alerting, for all components of an on-premises deployment. The console creates a single interface to view the status, performance, capacity and interconnectivity of these components, allowing the admin to optimize solution operation and efficiency.
A tailored Monitoring Console service is also available for Splunk Cloud customers, although most administrative management is handled by Splunk.
You can embed Splunk reports and data in any application or use our ODBC integrations to access Splunk data in applications such as Microsoft Excel or Tableau. Automatically trigger actions in ticketing or other systems with Splunk alerts. Rich SDKs let your team integrate Splunk data and functionality in any desired manner.
Data retention costs are a significant part of your analytics budget, so Splunk Enterprise offers two options to help you reduce historical data storage costs by up to 80% while retaining Splunk search capabilities. You can keep historical data within Splunk and reduce the data footprint of seldom-analyzed, cold data. Or, you can roll your data to an existing Hadoop or Amazon Simple Storage Service (Amazon S3) data lake.
Integrates With Hadoop
Seamlessly search your Hadoop data within Splunk Enterprise. Enrich Hadoop data with Splunk search results and import Hadoop data into Splunk Enterprise. Roll historical Splunk Enterprise data into your existing Hadoop distribution. Learn more.
Apps and Premium Solutions
Apps deliver a user experience designed to make Splunk software immediately useful and relevant for typical tasks like monitoring and reporting for specific IT and security needs. There are hundreds of free apps from Splunk, our partners and our community, and the platform makes it simple to create your own. Learn more.
Splunk Premium Solutions
These purpose-built solutions go beyond apps to enable you to manage your broader environments. They offer rich dashboards and key performance indicator (KPI) tracking, investigative capabilities, embedded machine learning, workflows and more to help you drive operational excellence. Splunk Premium Solutions include: Splunk Enterprise Security, Splunk User Behavior Analytics and Splunk IT Service Intelligence.
Extend the Power of Splunk
Apps are a cornerstone of the value of Splunk. And we’ve made it easy for developers and customers to rapidly create apps that solve targeted problems. Take advantage of the many resources available to help you build, package, certify, and promote your apps. Learn more.