Now you can cut the grep
Where There Are Logs, There's Fire
IT fires happen. Splunk Light can help speed your efforts to put out those fires by gathering all of your log data in one place, with a powerful search and analytical language for real-time analysis. Quickly and proactively analyze problems and take immediate action—all without having to manually gather, organize and sift through gigabytes of log data. Give your small IT team the power to fight, and even prevent, IT fires. No hoses necessary.
Collect and Index All Log Files
Flexible Data Input
Collect and index log data from just about any source imaginable from network traffic to web servers to custom applications. Just point Splunk Light at your data and an intuitive user interface guides you through the rest.
Forwards Data From Remote Systems
Splunk Forwarders collect data that isn’t available over the network or visible to the server where Splunk software is installed. They deliver reliable, secure, real-time universal data collection for tens of thousands of sources. Learn more.
No Rigid Schemas
Splunk Light has no predefined schema. Any interpretation you need to do on the data, such as extracting a common field, or tagging a subset of hosts, is done at search time.
Splunk software automatically determines the time of any event. Any missing timestamps can be inferred based on context.
Search and Investigate Across All Logs
Search and Investigate Anything
Freeform search, combined with real-time indexing, supports rapid searches using intuitive Boolean, nested, quoted string and wildcard approaches. This allows users to quickly iterate and refine searches without knowing anything about specific data formats.
Powerful Search Processing Language
The Splunk Search Processing Language (SPL™) is a query, analytical and visualization language that provides a powerful means to operate on your data. It supports four different types of correlations (time, transactions, sub-searches, joins) and over 140 analytical and visualization commands.
Search real-time streaming data and indexed historical data from the same interface. Users can analyze current behavior and activity and see the historical context to get the full picture.
Combine time and term searches to look across every tier of your infrastructure for errors and configuration changes in the precise seconds before a system failure occurs.
An interactive interface dramatically improves the users' experience and the speed with which tasks are accomplished. Zoom in and out on a timeline of results to quickly reveal trends, spikes and anomalies. Dynamically drill down in dashboards to the raw events or custom views.
Correlate and Analyze Across All Systems
Correlate Complex Events
Splunk Light enables you to correlate complex events from multiple data sources across your IT infrastructure so you can monitor and analyze more meaningful events, including the lifecycle of an entire transaction. Supported correlations include time-based, transaction-based, sub-searches and joins.
Event Pattern Detection
Splunk Light automatically detects meaningful patterns across your machine data, regardless of data source or type. It then enables users to zoom in and out using a visual timeline so they can identify trends, spikes and drill down into the results.
Monitor and Alert Proactively
Continuously Monitor for Specific Conditions
Alerts can be based on a variety of thresholds and trend-based conditions, and to any level of granularity. Alerts can go beyond simple Boolean searches into fielded searches, statistical searches and sub-searches. You can correlate on anything you want and alert on complex patterns such as server or network performance degradation, brute force attacks and fraud scenarios.
Turn Searches Into Real-Time Alerts
Searches can be saved and scheduled for continual monitoring and can trigger alerts via email or RSS.
Have Alerts Take Action
Alerts can be set to run scripts that take remedial actions, send an SNMP trap to your system management console or generate a service desk ticket.
Visualize and Report on Your Whole IT Infrastructure
Report on Search Results
Easily build advanced graphs, charts and sparklines from search results and visualize important trends, see highs and lows, summarize top values and report on the most and least frequent types of conditions. And because fields are identified as you search, you can specify new fields without re-indexing your data.
Real-Time, Interactive Dashboards
Dashboards integrate multiple charts, views and reports of live and historical data to satisfy the needs of different users. You can add workflows enabling users to click through to another dashboard, form, view or external website. Quickly build and personalize dashboards for management, business or security analysts, auditors, developers and operations teams.
Quickly create dashboards using prebuilt panels that are shareable and integrate multiple charts and views of your data.
Edit dashboards using a simple drag-and-drop interface; integrated charting controls mean you can change chart types on-the-fly.
Dashboards Wherever You Are
Charts and timelines in Splunk Light don’t use Flash, which means dashboards can be viewed and edited on tablets, smartphones and non-Flash browsers.