PRODUCT FEATURE DETAILS
Splunk® Enterprise
Connected Experiences
Experience your data
Scan QR codes or NFC tags (attached to devices or machinery) to experience your data and Splunk dashboards on the objects themselves, and provide non-SPL users the value of Splunk insights.
Splunk at your fingertips
View mobile-friendly dashboards, and receive and take action on alerts from your mobile device or Apple Watch, allowing you to stay up to speed on your business, wherever you are.
Rich, high-resolution peripheral displays
Display your Splunk dashboards securley and in rich detail in your NOC/SOC environments using any peripheral device.
Enable Connected Experiences
A secure, encrypted cloud service that enables mobile devices to communicate with on-premises Splunk instances and eliminates the need to open up ports, configure firewall rules, or make users struggle with typing username and passwords on mobile devices.
Dashboards and Visualizations
Show the beauty in your data
Choose from a wide range of charts and other visualizations to tell a data story that is compelling and actionable. Intuitive and interactive tools make sense of complex data, empowering you to identify issues and opportunities.
Tell a story with your visualizations
Dashboards integrate charts, reports
Monitoring and Alerting
Greater visibility into your operations
Continuous monitoring of events, conditions, and critical KPIs helps keep your operations running smoothly. With scheduled
Get your critical alerts in real-time
Alerts can signal critical events and impending conditions in real-time. Splunk's custom alert actions feature makes it simple to automatically kickoff subsequent action (think: sending emails and executing remediation scripts) when an alert is triggered. Further, these custom alerts can be set to varying levels of granularity based on a variety of conditions (e.g. data thresholds, trend-based conditions, and
Reporting
Reports can be created in real time, scheduled to run at any interval and used in your dashboards. They can also be saved and shared in secure, read-only formats like PDFs via ODBC.
Metrics
The small data type with an outsized performance boost
Splunk allows for complete utilization of metrics data to boost its already-fast performance by at least 2000X over previous releases (before version 7.0). And now with Metrics Workspace, you don't need to know SPL to browse, analyze and transform large (or small) metrics data sets. Accelerate time-to-insight and time-to-action with easy-to-use, visual data analysis capabilities.
Logs to Metrics. Metrics data are numerical data points captured over time that can be compressed, stored, processed and retrieved more efficiently than logs. Scale your ability to use this data type by converting your logs into metrics.
Metrics Workspace. The Metrics Workspace is a new visual analytics interface within the Search and Reporting app that provides Splunk Enterprise and Splunk Cloud customers (release 7.1 and beyond) a GUI-based way to explore their metrics data—from disk space, to application response times, to temperature readings in IoT devices—without requiring SPL. It also enables the creation of sophisticated, metrics-focused alerts and dashboards.
Machine Learning Toolkit (MLTK)
Incorporate AI and Machine learning Into your data strategy
Use pre-built Splunk machine learning analytics for idenfitied use cases or create your own custom machine learning models to tackle impactful issues or opportunities in your company. Splunk Machine Learning Toolkit supports custom machine learning model development through guided assistants, providing flexibility if you want to go beyond configuring a pre-built solution. The MLTK extends the Splunk platform with outlier and anomaly detection, predictive analytics and clustering to filter out the noise. Leverage pre-packaged and open source algorithms to operationalize your data with machine learning in your production environment. New, smart assistants have an easier-to-use, GUI-based approach that guide you through each step of the process, writing SPL in the background that you can review later for insight into further customization.
Splunk Machine Learning Toolkit, and the new Splunk Community for MLTK Algorithms on GitHub enables our Professional Services Consultants to deliver broader and more valuable data science and machine learning solutions. We can now use the most appropriate algorithm to solve complex business problems in a clean, consistent and supportable manner, which means our customers get more powerful, focused solutions and a much more satisfying experience.
Scale and Manageability
Bold next-generation architecture
SmartStore maximizes data management flexibility while maintaining search performance by allowing compute (CPUs) and data storage to be independently scaled up or down based on business demands. It automatically evaluates users’ data access patterns via an application-aware cache and places actively accessed data in local storage for real-time analytics and unused/inactive data in lower-cost, remote storage.
This maximizes scalability and data availability by expanding data retention capabilities while significantly lowering cost of ownership and increasing flexibility with built-in applications and an index-aware cache. Additionally, it simplifies indexer maintenance as all data gets pushed to remote storage to assist with patching, upgrading or replacing indexes without impacting data integrity.
Operational visibility for your on-prem lifestyle
The Splunk Monitoring Console for Splunk Enterprise provides a complete system and feature monitoring interface — including topology views and alerting of system status and health — for all components of on-premises deployments. The console creates a single interface to view the status, performance, capacity
Performance
Continued advancements in Splunk Enterprise speed
Splunk's Workload Management feature provides a policy-based mechanism that enables you to reserve system resources (e.g. CPU and memory) for ingestion and search workloads based on your organization’s priorities. This enables administrators to classify workloads into different groups and then reserve system resources for higher-priority workload groups.
Integrations
Embed everywhere and bring you workstreams together
Embed Splunk reports in any application or use our ODBC integrations to access Splunk data in applications such as Microsoft Excel or Tableau. And with Splunk alerts, you can automatically trigger actions in ticketing or other task assignment systems. Additionally, rich SDKs let your team integrate Splunk data and functionality in ways we may not have even thought of yet.
A secure, transportable identity system
Splunk Enterprise supports SAML integration for single sign-on through most popular identity providers like Okta, PingFederate, Azure AD, CA SiteMinder, OneLogin and Optimal IdM. Splunk Enterprise can also integrate with other authentication systems, including LDAP, Active Directory, and e-Directory.
Keep it in Splunk or export it out
Data retention costs are a significant part of your analytics budget, so Splunk Enterprise offers two options to reduce historical data storage costs by up to 80 percent while retaining Splunk search capabilities. Keep historical data within Splunk and reduce the data footprint of seldom-analyzed, cold data or roll your data to an existing Hadoop or Amazon Simple Storage Service (Amazon S3) data lake.
Certifications
Industry certified, customer trusted
If you work with data, you likely have an acronym that governs it. No matter if it's GDPR, PCI DSS, HIPAA, or SOC 3, Splunk is designed to report out on compliance and is certified with industry bodies to ensure your data's security.
Apps and Add-ons
Splunk app marketplace for more uses
Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community and most are compatible and vetted for Splunk Enterprise. Find an app or add-on for
Using All Your Data
Ingesting from thousands of data sources and counting
With a variety of standard and custom input methods, Splunk Enterprise can ingest all kinds of data types. File-based data can be sent via forwarders that reside directly on the data sources, while data from DevOps, IoT and other sources can be directly ingested using the Event Collector API. Additionally, common IT, security and application data sources can be onboarded and analyzed directly with hundreds of free apps and add-ons available on Splunkbase.
Splunk Search Processing Language (SPL)
Do you speak our language?
SPL is our secret sauce. This powerful query language is what enables you to investigate your machine data. With support for five different correlation types (i.e. time, transactions, sub-searches, lookups and joins) and over 140 analytical commands, you can conduct deep analysis, use event pattern detection, and apply machine learning methods to predict outcomes and even discover new opportunities in your data.
Splunk Training
Splunk courses designed with your success in mind
Splunk Training is the place for coursework on specific Splunk topics and learning paths to take you from novice to power user. Go from investigative keyword searches to creating rich reports and visualizations from scratch. Learning paths range from topics focusing on end users to those focused on administering Splunk Enterprise, including user provisioning, data source inputs
Support and Services
Don't go at it alone, we can help
Your success is our top priority. Splunk offers a variety of Support and Professional Services options that address your business needs and help you harness the value of Splunk.
Pricing
Buy any index volume. Splunk offers volume pricing discounts—the more you ingest, the less you pay per GB of ingested data.
Splunk Enterprise software is priced by how much data you send into your Splunk installation in a day. We recommend that you purchase a license size that aligns with the maximum amount of data you expect to send to Splunk in one day. With this pricing model, you pay once to index the data and then can perform unlimited searches against that data, as well as store it for as long as you like.
Licensing
Splunk offers Perpetual and Term licenses. A Perpetual License is a one-time license fee that grants you indefinite use of Splunk Enterprise. A Term License is for a specific time period—usually a year—during which you are allowed to access and use Splunk Enterprise.