Welcome to Splunk Documentation

Here you'll find documentation for Splunk Enterprise and for all other Splunk products. You can make PDFs of product manuals, look up a term in the Splexicon, and submit feedback. You can also follow us on Twitter!

A good additional resource for new Splunk Enterprise users is the Splunk book: Exploring Splunk.

Time to get Splunking!

Splunk Enterprise

Splunk Enterprise is the data collection, indexing and visualization engine for operational intelligence.

Splunk Enterprise documentation »

Splunk Light

Splunk Light delivers full-featured log search and analysis for small businesses and workgroups.

Splunk Light documentation »

Splunk Cloud

Splunk Cloud gives you cloud-based access to all of the features of Splunk Enterprise, such as support for apps, APIs, alerting and role-based access controls.

Splunk Cloud documentation »


Hunk delivers interactive data exploration, analysis and visualizations for Hadoop, NoSQL, and other data stores.

Hunk documentation »

Splunk App for Enterprise Security

The Splunk App for Enterprise Security provides prebuilt content and searches to help focus security analysts on answering root-cause questions in real-time about malicious and anomalous events in the IT infrastructure.

Splunk App for Enterprise Security documentation »

Splunk IT Service Intelligence

Splunk IT Service Intelligence (ITSI) is a scalable IT monitoring and analytics solution that provides actionable insight into the performance and behavior of your IT services.

Splunk IT Service Intelligence documentation »

Splunk App for Stream

Capture, filter, index, and analyze wire data directly from a network stream.

Splunk App for Stream documentation »

Splunk Mobile Access

Use Splunk Mobile Access to access your instance of Splunk Enterprise from your mobile Android or iOS device.

Splunk Mobile Access documentation »

Splunk MINT

The Splunk Mobile Intelligence suite of products offers you insight into the operation and usage of your mobile applications.

Splunk MINT documentation »

Splunk App for PCI Compliance

The Splunk App for PCI Compliance tells you how compliant you are to PCI DSS by collecting data from applications, systems, and devices within the PCI cardholder data environment and correlating it with asset and user identity data to monitor for compliance issues.

Splunk App for PCI Compliance documentation »

Splunk App for VMware

Splunk App for VMware collects and harnesses data from the virtualization layer to enable true end to end visibility in virtualized environments.

Splunk App for VMware documentation »

Splunk SDKs

The Splunk SDKs are written on top of the Splunk REST API. The SDKs give developers broad coverage of the REST API in a language-specific fashion to ease access to the Splunk engine.

Splunk SDKs documentation »

Splunk Web Framework

The Splunk Web Framework is an integrated framework for web developers who want to create rich, interactive experiences using Splunk and its analytical capabilities. The Splunk Web Framework lets you create custom Splunk apps by using prebuilt components, styles, templates, and reusable samples, and by adding your own custom logic, interactions, reusable components, and UI. You will find reference documentation for the new framework here.

Splunk Web Framework documentation »

Splunk DB Connect

Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports.

Splunk DB Connect documentation »

Splunk ODBC Driver

The Splunk ODBC Driver enables you to connect an ODBC-enabled third-party app (such as Microsoft Excel, Tableau, and so on) to Splunk. You can then construct Structured Query Language (SQL) queries to interact with your Splunk server directly from your app.

Splunk ODBC Driver documentation »

Splunk App for Windows Infrastructure

The Splunk App for Windows Infrastructure provides views into several aspects of your Microsoft environment, including information on Windows processes, performance, and inventory, and Active Directory status.

Splunk App for Windows Infrastructure documentation »

Splunk App for Microsoft Exchange

The Splunk App for Microsoft Exchange provides easy data aggregation, powerful analytics, and intuitive visualization so you can monitor and audit Microsoft Exchange and its users.

Splunk App for Microsoft Exchange documentation »

Splunk on Splunk

Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment.

Splunk on Splunk documentation »

Splunk Hadoop Connect

Splunk Hadoop Connect provides bi-directional integration to move data between Splunk and Hadoop. Deploy the Splunk platform for real-time collection, indexing, analysis, and visualizations and then forward events to Hadoop for archiving and additional batch analytics.

Splunk Hadoop Connect documentation »

Splunk App for NetApp Data ONTAP

The Splunk App for NetApp Data ONTAP provides realtime and historical visibility into the performance and configuration of your NetApp storage infrastructure.

Splunk App for NetApp Data ONTAP documentation »

Splunk Weblog Add-on

The Splunk Weblog Add-on eases configuration of delimited file formats, such as World Wide Web Consortium (W3C) Common Log Format (CLF) and Enhanced Log Format (ELF).

Splunk Weblog Add-on documentation »

Splunk Supporting Add-on for Active Directory

The Splunk Supporting Add-on for Active Directory provides support functions to the Splunk Apps for Windows Infrastructure, Active Directory, and Microsoft Exchange that enable you to extract information from an Active Directory database.

Splunk Supporting Add-on for Active Directory documentation »

Splunk App for Unix and Linux

The Splunk App for Unix and Linux provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management so you can monitor, manage and troubleshoot *nix operating systems from one place. The app includes a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data.

Splunk App for Unix and Linux documentation »

Splunk App for CEF

Use the Splunk App for CEF to transform Splunk data into Common Event Format (CEF).

Splunk App for CEF documentation »

Splunk Add-on for Check Point OPSEC LEA

The Splunk Add-on for Check Point OPSEC LEA enables you to index and monitor your Check Point firewall deployment.

Splunk Add-on for Check Point OPSEC LEA documentation »

Splunk Common Information Model Add-on

The Common Information Model (CIM) is a set of field names and tags that are expected to define the lowest common denominator of a domain of interest. You can map a new data source to the proper interface, validate that the domain interface has the expected data, and start writing or using an app that expects that domain interface.

Splunk Common Information Model Add-on documentation »

Supported Add-ons

Documentation for Splunk-supported add-ons.

Supported Add-ons documentation »


Ponydocs is the open source version of the Splunk documentation platform.

Ponydocs documentation »

Splunk Answers and Splunkbase

Splunk Answers is an active community of Splunk users, and Splunkbase is a repository of apps and add-ons that extend the capabilities of Splunk Enterprise.

Splunk Answers and Splunkbase documentation »

Legacy products

Documentation for legacy products.

Legacy products documentation »