Here you'll find documentation for Splunk Enterprise and for all other Splunk products. You can make PDFs of product manuals, look up a term in the Splexicon, and submit feedback. You can also follow us on Twitter!
A good additional resource for new Splunk Enterprise users is the Splunk book: Exploring Splunk.
Time to get Splunking!
The Splunk App for Enterprise Security provides prebuilt content and searches to help focus security analysts on answering root-cause questions in real-time about malicious and anomalous events in the IT infrastructure.
The Splunk App for PCI Compliance tells you how compliant you are to PCI DSS by collecting data from applications, systems, and devices within the PCI cardholder data environment and correlating it with asset and user identity data to monitor for compliance issues.
The Splunk Deployment Monitor App helps you effectively manage medium- to large-scale Splunk deployments. It keeps track of your Splunk instances and provides early warning of unexpected or abnormal behavior. It also tracks license usage.
The Splunk Web Framework is an integrated framework for web developers who want to create rich, interactive experiences using Splunk and its analytical capabilities. The Splunk Web Framework lets you quickly create custom Splunk apps by using pre-built components, styles, templates, and reusable samples, and by adding your own custom logic, interactions, reusable components, and UI. You will find reference documentation for the new framework here. For concepts, how-to information, and example, see Web Framework on the Splunk for Developers site.
Splunk for WebSphere Application Server collects and harnesses log, performance and configuration data to provide end-to-end visibility into WebSphere Application Server environments.
Splunk Hadoop Connect provides bi-directional integration to move data between Splunk and Hadoop easily and reliably. Deploy Splunk quickly for real-time collection, indexing, analysis, and visualizations and then reliably forward events to Hadoop for long-term archiving and additional batch analytics. You can further leverage Splunk by importing data already stored in Hadoop.
The Splunk ODBC Driver enables you to connect an ODBC-enabled third-party app (such as Microsoft Excel, Tableau, and so on) to Splunk. You can then construct Structured Query Language (SQL) queries to interact with your Splunk server directly from your app.
The Splunk App for Windows Infrastructure provides views into several aspects of your Microsoft environment, including information on Windows processes, performance, and inventory, and Active Directory status.
The Splunk Supporting Add-on for Active Directory provides support functions to the Splunk Apps for Windows Infrastructure, Active Directory, and Microsoft Exchange that enable you to extract information from an Active Directory database.
The Splunk App for Unix and Linux provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management so you can monitor, manage and troubleshoot *nix operating systems from one place. The app includes a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data.
The Splunk Add-on for Check Point OPSEC LEA enables you to index and monitor your Check Point firewall deployment.
The Common Information Model (CIM) is a set of field names and tags that are expected to define the lowest common denominator of a domain of interest. Armed with the CIM, you should be able to map a new data source to the proper interface, validate that the domain interface has the expected data, and start writing or using an app that expects that domain interface.