The Splunk Free license is intended for individual use. The Splunk Enterprise and Splunk Cloud licenses offer added capabilities to support multi-user, distributed deployments and includes alerting, role-based security, single sign-on, scheduled PDF delivery, clustering, premium Splunk apps and support for much higher data volumes.

Feature Description Splunk Free Splunk Enterprise Splunk Cloud
Indexing Volume Maximum indexing volume per day 500MB/day Unlimited
(according to license)
5GB/day to multi-TB/day
(according to license)
Data Onboarding Wizard-based workflow to simplify onboarding of any data source      
Universal Indexing Universal real-time indexing of machine data      
Search Ad hoc search across real-time and historical data      
Distributed Search Search across multiple Splunk deployments; supports load balancing and failover      
Alerting Alert for individual and correlated real-time events      
Reporting Ad hoc reports across real-time and historical data      
Knowledge Mapping Knowledge mapped to machine data artifacts      
Dashboards Highly customizable and interactive dashboards integrating real-time machine data and charts, reports and tables      
Data Model Used to define consistent relationships in machine data      
Table Datasets and Pivot Prepare tables, share with other users, and use Pivot to create focused reports and dashboards.      
Machine Learning Toolkit Detect, predict, prevent what matters most to your organization.      
Event Pattern Detection Automatically discovers patterns in your data with a single click      
High Performance Analytics Store High performance analytics technology      
Report Acceleration Transparent data summarization technology      
Embedded Reports Embed charts and reports in other third-party business applications external to Splunk Enterprise      
PDF Delivery Scheduled and automated PDF generation and delivery of reports and dashboards      
Access Control and Single Sign-On Integrated role-based access control and user authentication with LDAP directory and single sign-on integration      
Single-site Clustering High availability architecture for machine data availability in a single site deployment      
Management Console Centrally manage the health and performance of distributed Splunk deployments      
Multi-site Clustering High availability architecture for disaster recovery in a multi-site deployment     On request
Universal Forwarder Forwarding of data securely and reliably from remote systems in real time      
Forwarder Management UI for monitoring and deploying Forwarder configurations      
Rich Developer Environment Developer platform for building enterprise apps that leverage Splunk modern web languages      
Apps Access to hundreds of partner, community and Splunk apps from the Splunk apps website      
Premium Solutions Access to premium Splunk solutions      
Standard Support Access full product documentation, Splunk apps, Splunk Answers and IRC channel      
Enterprise Support Direct access to Splunk Customer Support, ability to manage cases online, tailored support levels      

Ask an Expert

Need help with your environment and requirements? Send us your questions and we will get back to you as soon as possible.


If you need immediate assistance, check out our community forum, Splunk Answers.

Contact Us
vi ly expert