PRODUCT FEATURE DETAILS

Turning data into insights requires specific capabilities. Here we highlight the powerful functionality embedded into our products.

Monitoring and Alerting

Monitoring

Continuous monitoring of events, conditions, and critical KPIs helps keep your operations running smoothly. With our scheduled searches you can create real-time dashboards and visualizations that keep your team and management informed. Even more out-of-the box dashboards for monitoring common IT, security, and application environments can be found in our Splunkbase app store.

Alerting

Alerts can signal real-time critical events and impending conditions before they occur. Splunk's Custom Alert Actions feature makes it simple to automatically kickoff subsequent actions (think: sending emails and executing remediation scripts) when an alert is triggered. These Custom Alerts can be set to varying degrees of granularity based on a variety of conditions (think: data thresholds and behavorial pattern recognition, like abandoned shopping carts, brute force attacks, or fraud scenarios).

• All about Alerts
  
• All about Monitoring
  
• Into the weeds of setting up a custom alert
  
• See a specific monitoring configuration for assessing system vulnerabilities
  

Dashboards and Visualizations

As mountains of data continue to be generated and consumed, efficient methods to make sense of it are crucial. Customized dashboards and data visualizations give voice to your data to create impactful narratives that drive action.

Dashboards

Dashboards integrate charts, views, reports and re-usable panels to display a comprehensive data story. Build and personalize dashboards to display the most relevant information for different audiences. Management, business and security analysts, auditors, developers, and operations teams can be shown the same data in different ways to best help them act. And you can access your dashboards and reports on-the-go with the Splunk Mobile App.

Visualizations

Choose from a wide range of charts and other visualizations to tell a data story that is compelling and actionable. Intuitive charts and interactive visualizations make sense of complex data, letting you identify problems, opportunities and potential issues.

• Discover the ways to tell a visual story with your data

Machine Learning Toolkit (MLTK)

Use built-in Splunk analytics or your own custom machine learning models to tackle impactful issues for your company. Easily build custom models using the guided experience of the Splunk Machine Learning Toolkit. It includes an API, role-based access controls for machine learning models and out-of-the-box algorithms that can be applied to a wide range of use cases – not to mention machine learning algorithms from popular open source Python libraries.

• Go deep on machine learning
• Machine learning quick reference guide
  

Reporting

Reports can be created in real time or scheduled to run at any interval, used in dashboards. Additionally, they can be saved and shared in secure, read-only formats, such as PDF Reports. Data can also be shared via ODBC.

• Get the full rundown on Splunk reporting
  

Storage

With Splunk Enterprise, you can archive data and tier storage based on your needs—including rolling cold or unused data to Hadoop. Splunk architecture supports multi-site clustering, high-availability and disaster recovery configurations to ensure continuous availability.

And because data retention costs are a significant part of analytics budgets, Splunk Enterprise offers two options to help you reduce historical data storage costs by up to 80 percent while retaining Splunk search capabilities. You can keep historical data within Splunk and reduce the data footprint of seldom-analyzed, cold data. Or, you can roll your data to an existing Hadoop or Amazon Simple Storage Service (Amazon S3) data lake.

• See how a customer extracted value from their stored data
• Understand your deployment capacity
• Size your current storage with our sizing calculator
  

Scaling

Splunk Enterprise is based on a distributed architecture that scales horizontally across commodity servers to support unlimited users and data volumes. It also scales vertically, increasing search and indexing speed and capacity to take advantage of available CPU power.

The Splunk Monitoring Console for Splunk Enterprise provides a complete system and feature monitoring interface, including topology views, system status and health alerting, for all components of an on-premises deployment. The console creates a single interface to view the status, performance, capacity and interconnectivity of these components, allowing the admin to optimize solution operation and efficiency.

• Get the details on what scaling your Splunk deployment looks like
  

Your success is our top priority. Splunk offers a variety of Support and Professional Services options that address your business needs and help you harness the value of Splunk.

Certifications

If you work with data, you likely have an acronym that governs it. No matter if it's GDPR, PCI DSS, HIPAA, or SOC 3, Splunk is designed to report out on compliance and is certified with industry bodies to ensure your data's security.

• Splunk Protects is our comittment to you and your data
• See what we have to adhere to compliance requirements
  

Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and use case. Here are three apps that we think you'll like.

Get the lay of the land with introductions to some of the fundamental aspects of Splunk software. Learn how data is ingested, how to search your machine data through Splunk's Search Processing Language (SPL) and which Splunk Education courses you can use to get started.

Getting Data In

With a variety of standard and custom input methods, Splunk software can ingest all kinds of data types. File-based data can be sent via forwarders that reside directly on the data sources, while DevOps, IoT and data from other disparate sources can be directly ingested using the Event Collector API or a TCP/UDP port. Data can also be pulled from API-based sources using Modular Inputs and other methods. Additionally, common IT, security and application data sources can be onboarded and analyzed directly with hundreds of free apps and add-ons available on Splunkbase.

• Ingest Data Your Way
  
• Ingest Data Another Way
  

Splunk Education

Splunk Education is the place for coursework on specific Splunk topics and learning paths to take you from novice to power user. Go from investigative keyword searches to creating rich reports and visualizations from scratch. Learning paths range from those with topics focusing on end users, to those focused on administering Splunk Enterprise (on-prem) and Splunk Cloud including user provisioning, data source inputs and system configurations.

• Courses for Splunk Enterprise Users
  
• Courses for Splunk Enterprise Admins
  
• Courses for Splunk Cloud users
  

Splunk Search Processing Language (SPL)

SPL is our secret sauce. This powerful query language is what enables you to investigate your machine data. With support for five different correlation types (time, transactions, sub-searches, lookups, and joins) and over 140 analytical commands, you can conduct deep analysis, use event pattern detection, and apply more machine learning methods to predict outcomes and even discover new opportunities in your data.

• Learn about the power of SPL
  

Buy any index volume. Splunk offers volume pricing discounts—the more you ingest, the less you pay per GB of ingested data.

Splunk Enterprise software is priced by how much data you send into your Splunk installation in a day. We recommend that you purchase a license size that aligns with the maximum amount of data you expect to send to Splunk in one day. With this pricing model, you pay once to index the data and then can perform unlimited searches against that data, as well as store it for as long as you like.

Licensing

Splunk offers Perpetual and Term licenses. A Perpetual License is a one-time license fee that grants you indefinite use of Splunk Enterprise. A Term License is for a specific time period—usually a year—during which you are allowed to access and use Splunk Enterprise.