Splunk® Enterprise
Splunk Enterprise Overview
- Documentation
- Splunk® Enterprise
- Splunk Enterprise Overview
- About Splunk Enterprise
About Splunk Enterprise
- About Splunk Enterprise
- About Splunk Enterprise users
- About Splunk Enterprise deployments
Splunk Enterprise Resources and Documentation
- Support and resources for Splunk Enterprise
- Splunk Enterprise administration
- Search and reporting
- Manage Splunk Enterprise knowledge
- Customize and extend Splunk Enterprise
- Troubleshooting
- Splunk Enterprise differences and comparison
- Logging in Splunk Enterprise
- How to measure approximately the source device is ...
- Upgrade path to upgrade Splunk Enterprise?
- Where can I find Splunk Enterprise 8.2.10?
- A few questions about Splunk Enterprise licenses?
- Questions about getting started with Splunk Enterp...
- Add Enterprise Security to on prem clustered envir...
- How to install enterprise security app on Splunk c...
- Should I build my integration for Splunk Enterpris...
Read more...
Splunk Enterprise is a software product that enables you to search, analyze, and visualize the data gathered from the components of your IT infrastructure or business. Splunk Enterprise takes in data from websites, applications, sensors, devices, and so on. After you define the data source, Splunk Enterprise indexes the data stream and parses it into a series of individual events that you can view and search.
Most users connect to Splunk Enterprise with a web browser and use Splunk Web to administer their deployment, manage and create knowledge objects, run searches, create pivots and reports, and so on. You can also use the command-line interface to administer your Splunk Enterprise deployment.
You can extend the Splunk Enterprise environment to fit the specific needs of your organization by using apps. An app is a collection of configurations, knowledge objects, views, and dashboards that runs on the Splunk platform. A single Splunk Enterprise installation can run multiple apps simultaneously. Browse available apps on Splunkbase or build your own on the Splunk developer site.
Features of Splunk Enterprise
The following section highlights seven Splunk Enterprise features. You can read about more features on the Splunk Enterprise page at Splunk.com.
Indexing
Splunk Enterprise processes and stores the data that represents your business and its infrastructure. You can collect data from devices and applications such as websites, servers, databases, operating systems, and more. Once the data is collected, the index segments, stores, compresses the data, and maintains the supporting metadata to accelerate searching. To learn about getting your data into Splunk Enterprise, see Get started with getting data in in the Getting Data In manual. For more information on the indexing process, see Indexes, indexers, and indexer clusters in the Managing Indexers and Clusters of Indexers manual.
Search
Search is the primary way users navigate their data in Splunk Enterprise. You can save a search as a report and use it to power dashboard panels. Searches provide insight from your data, such as:
- Retrieving events from an index
- Calculating metrics
- Searching for specific conditions within a rolling time window
- Identifying patterns in your data
- Predicting future trends
Alerts
Alerts notify you when search results for both historical and real-time searches meet configured conditions. You can configure alerts to trigger actions like sending alert information to designated email addresses, posting alert information to an RSS feed, and running a custom script, such as one that posts an alert event to syslog.
Dashboards
Dashboards contain panels of modules like search boxes, fields, charts, and so on. Dashboard panels are usually connected to saved searches or pivots. They display the results of completed searches and data from real-time searches that run in the background.
Pivot
Pivot refers to the table, chart, or data visualization you create using the Pivot Editor. The Pivot Editor lets users map attributes defined by data model objects to a table, chart, or data visualization without having to write the searches in the Search Processing Language (SPL) to generate them. Pivots can be saved as reports and added to dashboards.
Reports
Splunk Enterprise allows you to save searches and pivots as reports, and then add reports to dashboards as dashboard panels. Run reports on an ad hoc basis, schedule them to run on a regular interval, or set a scheduled report to generate alerts when the result meets particular conditions.
Data model
Data models encode specialized domain knowledge about one or more sets of indexed data. They enable Pivot Editor users to create reports and dashboards without designing the searches that generate them.
Download the Splunk Enterprise Quick Reference Guide
The Splunk Enterprise Quick Reference Guide is a PDF reference card that provides information about Splunk Enterprise features, concepts, search commands, and search examples.
For more information and a direct link to the PDF, see Splunk Quick Reference Guide in the Search Reference.
Last modified on 20 February, 2024
| About Splunk Enterprise users |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.2.0, 9.2.1
Download manual
Download this page
Back To Top
About Splunk Enterprise
- Features of Splunk Enterprise
- Indexing
- Search
- Alerts
- Dashboards
- Pivot
- Reports
- Data model
- Download the Splunk Enterprise Quick Reference Guide
You must be logged into splunk.com in order to post comments. Log in now.
Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.
We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here »
Closing this box indicates that you accept our Cookie Policy.
