Product Features

Splunk® Light

Now you can cut the grep

Where There Are Logs, There's Fire

IT fires happen. Splunk Light can help speed your efforts to put out those fires by gathering all of your log data in one place, with a powerful search and analytical language for real-time analysis. Quickly and proactively analyze problems and take immediate action—all without having to manually gather, organize and sift through gigabytes of log data. Give your small IT team the power to fight, and even prevent, IT fires. No hoses necessary.

Free Cloud Trial  Free Download

Collect and Index All Log Files

The first step in preventing IT fires is to get a handle on all of your data. Splunk Light offers the following native features to centralize your log data.

Flexible Data Input

Collect and index log data from just about any source imaginable from network traffic to web servers to custom applications. Just point Splunk Light at your data and an intuitive user interface guides you through the rest.

Forwards Data From Remote Systems

Splunk Forwarders collect data that isn’t available over the network or visible to the server where Splunk software is installed. They deliver reliable, secure, real-time universal data collection for tens of thousands of sources. Learn more.

No Rigid Schemas

Splunk Light has no predefined schema. Any interpretation you need to do on the data, such as extracting a common field, or tagging a subset of hosts, is done at search time.

Automates Chronology

Splunk software automatically determines the time of any event. Any missing timestamps can be inferred based on context.

Search and Investigate Across All Logs

With Splunk Light you have one centralized place to search and find the source of the fire.

Search and Investigate Anything

Freeform search, combined with real-time indexing, supports rapid searches using intuitive Boolean, nested, quoted string and wildcard approaches. This allows users to quickly iterate and refine searches without knowing anything about specific data formats.

Powerful Search Processing Language

The Splunk Search Processing Language (SPL™) is a query, analytical and visualization language that provides a powerful means to operate on your data. It supports four different types of correlations (time, transactions, sub-searches, joins) and over 140 analytical and visualization commands.

Real-Time Search

Search real-time streaming data and indexed historical data from the same interface. Users can analyze current behavior and activity and see the historical context to get the full picture.

Time-Range Search

Combine time and term searches to look across every tier of your infrastructure for errors and configuration changes in the precise seconds before a system failure occurs.

Interactive Results

An interactive interface dramatically improves the users' experience and the speed with which tasks are accomplished. Zoom in and out on a timeline of results to quickly reveal trends, spikes and anomalies. Dynamically drill down in dashboards to the raw events or custom views.

Correlate and Analyze Across All Systems

Easily find the relationships between events and activities.

Correlate Complex Events

Splunk Light enables you to correlate complex events from multiple data sources across your IT infrastructure so you can monitor and analyze more meaningful events, including the lifecycle of an entire transaction. Supported correlations include time-based, transaction-based, sub-searches and joins.

Event Pattern Detection

Splunk Light automatically detects meaningful patterns across your machine data, regardless of data source or type. It then enables users to zoom in and out using a visual timeline so they can identify trends, spikes and drill down into the results.

Monitor and Alert Proactively

Use your centralized log data to become more proactive. Rather than simply reacting to ad hoc incidents or problems, Splunk Light provides active monitoring and alerting.

Continuously Monitor for Specific Conditions

Alerts can be based on a variety of thresholds and trend-based conditions, and to any level of granularity. Alerts can go beyond simple Boolean searches into fielded searches, statistical searches and sub-searches. You can correlate on anything you want and alert on complex patterns such as server or network performance degradation, brute force attacks and fraud scenarios.

Turn Searches Into Real-Time Alerts

Searches can be saved and scheduled for continual monitoring and can trigger alerts via email or RSS.

Have Alerts Take Action

Alerts can be set to run scripts that take remedial actions, send an SNMP trap to your system management console or generate a service desk ticket.

Visualize and Report on Your Whole IT Infrastructure

Once you’ve set up your alerts, you may want to get regular updates on key parts of your operations. Splunk Light rapidly generates reports and collects these reports in custom dashboards and views. You can schedule delivery of any report via PDF and share it with management, business users or other IT stakeholders.

Report on Search Results

Easily build advanced graphs, charts and sparklines from search results and visualize important trends, see highs and lows, summarize top values and report on the most and least frequent types of conditions. And because fields are identified as you search, you can specify new fields without re-indexing your data.

Real-Time, Interactive Dashboards

Dashboards integrate multiple charts, views and reports of live and historical data to satisfy the needs of different users. You can add workflows enabling users to click through to another dashboard, form, view or external website. Quickly build and personalize dashboards for management, business or security analysts, auditors, developers and operations teams.

Prebuilt Panels

Quickly create dashboards using prebuilt panels that are shareable and integrate multiple charts and views of your data.

Drag-and-Drop Interface

Edit dashboards using a simple drag-and-drop interface; integrated charting controls mean you can change chart types on-the-fly.

Dashboards Wherever You Are

Charts and timelines in Splunk Light don’t use Flash, which means dashboards can be viewed and edited on tablets, smartphones and non-Flash browsers.