Welcome to Splunk Documentation

Here you'll find documentation for the Splunk Enterprise and for all other Splunk products. You can make PDFs of product manuals, look up a term in the Splexicon, and submit feedback. You can also follow us on Twitter!

A good additional resource for new Splunk Enterprise users is the Splunk book: Exploring Splunk.

Time to get Splunking!

Splunk Enterprise

Splunk Enterprise is the data collection, indexing and visualization engine for operational intelligence.

Splunk Enterprise documentation »

Hunk

Hunk delivers interactive data exploration, analysis and visualizations for Hadoop, NoSQL, and other data stores.

Hunk documentation »

Splunk Cloud

Splunk Cloud gives you cloud-based access to all of the features of Splunk Enterprise, such as support for apps, APIs, alerting and role-based access controls.

Splunk Cloud documentation »

Splunk Storm

Splunk Storm is a free Splunk service for analyzing and troubleshooting cloud applications

Splunk Storm documentation »

Splunk App for Enterprise Security

The Splunk App for Enterprise Security provides prebuilt content and searches to help focus security analysts on answering root-cause questions in real-time about malicious and anomalous events in the IT infrastructure.

Splunk App for Enterprise Security documentation »

Splunk App for PCI Compliance

The Splunk App for PCI Compliance tells you how compliant you are to PCI DSS by collecting data from applications, systems, and devices within the PCI cardholder data environment and correlating it with asset and user identity data to monitor for compliance issues.

Splunk App for PCI Compliance documentation »

Splunk App for VMware

Splunk App for VMware collects and harnesses data from the virtualization layer to enable true end to end visibility in virtualized environments.

Splunk App for VMware documentation »

Splunk on Splunk

Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment.

Splunk on Splunk documentation »

Splunk SDKs

The Splunk SDKs are written on top of the Splunk REST API. The SDKs give developers broad coverage of the REST API in a language-specific fashion to ease access to the Splunk engine.

Splunk SDKs documentation »

Splunk Deployment Monitor App

The Splunk Deployment Monitor App helps you effectively manage medium- to large-scale Splunk deployments. It keeps track of your Splunk instances and provides early warning of unexpected or abnormal behavior. It also tracks license usage.

Splunk Deployment Monitor App documentation »

Splunk Web Framework

The Splunk Web Framework is an integrated framework for web developers who want to create rich, interactive experiences using Splunk and its analytical capabilities. The Splunk Web Framework lets you quickly create custom Splunk apps by using pre-built components, styles, templates, and reusable samples, and by adding your own custom logic, interactions, reusable components, and UI. You will find reference documentation for the new framework here. For concepts, how-to information, and example, see Web Framework on the Splunk for Developers site.

Splunk Web Framework documentation »

Splunk Mobile Access

Splunk Mobile Access is a free mobile solution that provides secure access to data in Splunk Enterprise.

Splunk Mobile Access documentation »

Splunk for WebSphere Application Server

Splunk for WebSphere Application Server collects and harnesses log, performance and configuration data to provide end-to-end visibility into WebSphere Application Server environments.

Splunk for WebSphere Application Server documentation »

Splunk App for HadoopOps

The Splunk App for HadoopOps provides real-time monitoring, troubleshooting and analysis of the health and performance of your end-to-end Hadoop environment.

Splunk App for HadoopOps documentation »

Splunk Hadoop Connect

Splunk Hadoop Connect provides bi-directional integration to move data between Splunk and Hadoop easily and reliably. Deploy Splunk quickly for real-time collection, indexing, analysis, and visualizations and then reliably forward events to Hadoop for long-term archiving and additional batch analytics. You can further leverage Splunk by importing data already stored in Hadoop.

Splunk Hadoop Connect documentation »

Splunk App for NetApp Data ONTAP

The Splunk App for NetApp Data ONTAP provides realtime and historical visibility into the performance and configuration of your NetApp storage infrastructure.

Splunk App for NetApp Data ONTAP documentation »

Splunk Weblog Add-on

The Splunk Weblog Add-on eases configuration of delimited file formats, such as World Wide Web Consortium (W3C) Common Log Format (CLF) and Enhanced Log Format (ELF).

Splunk Weblog Add-on documentation »

Splunk DB Connect

Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports.

Splunk DB Connect documentation »

Splunk ODBC Driver

The Splunk ODBC Driver enables you to connect an ODBC-enabled third-party app (such as Microsoft Excel, Tableau, and so on) to Splunk. You can then construct Structured Query Language (SQL) queries to interact with your Splunk server directly from your app.

Splunk ODBC Driver documentation »

Splunk App for Windows Infrastructure

The Splunk App for Windows Infrastructure provides views into several aspects of your Microsoft environment, including information on Windows processes, performance, and inventory, and Active Directory status.

Splunk App for Windows Infrastructure documentation »

Splunk App for Microsoft Exchange

The Splunk App for Microsoft Exchange provides easy data aggregation, powerful analytics, and intuitive visualization so you can monitor and audit Microsoft Exchange and its users.

Splunk App for Microsoft Exchange documentation »

Splunk App for Unix and Linux

The Splunk App for Unix and Linux provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management so you can monitor, manage and troubleshoot *nix operating systems from one place. The app includes a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data.

Splunk App for Unix and Linux documentation »

Splunk Add-on for Check Point OPSEC LEA

The Splunk Add-on for Check Point OPSEC LEA enables you to index and monitor your Check Point firewall deployment.

Splunk Add-on for Check Point OPSEC LEA documentation »

Splunk Common Information Model Add-on

The Common Information Model (CIM) is a set of field names and tags that are expected to define the lowest common denominator of a domain of interest. Armed with the CIM, you should be able to map a new data source to the proper interface, validate that the domain interface has the expected data, and start writing or using an app that expects that domain interface.

Splunk Common Information Model Add-on documentation »

Supported Add-ons

Documentation for Splunk-supported add-ons.

Supported Add-ons documentation »

Ponydocs

Ponydocs is the open source version of the Splunk documentation platform.

Ponydocs documentation »

Splunk Answers and Splunk Apps

Splunk Answers is an active community of Splunk users, and Splunk Apps is a repository of apps and add-ons that extend the capabilities of Splunk and make it easier to use.

Splunk Answers and Splunk Apps documentation »

Legacy products

Documentation for legacy products.

Legacy products documentation »