Splunk Enterprise

 


Splunk Enterprise Overview

A technical overview of Splunk Enterprise and its features and documentation.

Release Notes

Includes information about new features, known issues, and fixed problems.

Installation Manual

How to install or migrate Splunk Enterprise. Includes system migration requirements and licensing information.

Search Tutorial

If you are new to Splunk Enterprise, start here. Guides you through adding data, searching data, and creating simple dashboards.

Data Model and Pivot Tutorial

If you are new to Splunk 6, start here. Guides you through adding data, building simple data models, and creating new pivots.

Admin Manual

Starting point for Splunk Enterprise administration. Includes information about managing licenses, configuring Splunk Enterprise, and using the command-line interface. Includes a complete reference to all Splunk Enterprise configuration files.

Alerting Manual

How to create and dispatch alerts that are triggered when specific conditions are met.

Capacity Planning Manual

This manual provides high-level guidance on how to plan resource capacity for a Splunk Enterprise deployment and helps you decide when to add resources and distribute Splunk Enterprise services to maintain performance.

Dashboards and Visualizations

Create and edit dashboards by using Splunk Enterprise interactive editors and simple XML source code. Includes information about visualizations that you can use to show search results. Also includes a reference to simple XML for dashboards and a chart configuration reference.

Developing Views and Apps for Splunk Web

How to create Splunk Enterprise apps, use scripted inputs and modular inputs, extend Splunk Enterprise, and other advanced development topics. Also contains information about using advanced XML for the Splunk Enterprise module system.

Distributed Deployment Manual

How to distribute Splunk Enterprise functionality across multiple servers by using components such as forwarders, indexers, and search heads.

Distributed Search

How to distribute searches across multiple Splunk Enterprise indexers by using search heads.

Forwarding Data

How to use forwarders to get data into Splunk Enterprise.

Getting Data In

How to get data into Splunk Enterprise and ensure that Splunk Enterprise indexes your machine data efficiently and effectively.

Knowledge Manager Manual

How to use and maintain Splunk Enterprise knowledge objects such as event types, tags, lookups, field extractions, workflow actions, reports, and views, as well as the creation and management of data models.

Managing Indexers and Clusters of Indexers

How to configure and manage Splunk Enterprise indexers and clusters of indexers.

Module System Reference

Includes the module system extension dictionary and APIs.

Module System User Manual

Includes the Splunk Web infrastructure layer for building custom apps using the module system.

Pivot Manual

How to use Pivot to create tables and charts without the use of the Splunk Search Processing Language (SPL).

Reporting Manual

How to save and manage searches and pivots as a report. Includes report acceleration, report scheduling, and printing reports as PDFs.

REST API Reference Manual

Reference documentation for Splunk Enterprise REST API endpoints.

REST API User Manual

Includes information about using public Splunk Enterprise REST API endpoints.

REST API Tutorials

Includes Splunk Enterprise REST API user tutorials.

Search Manual

How to search and use the Splunk Search Processing Language. Includes examples of searches to calculate statistics, evaluate fields, and report on search results.

Search Reference

Catalog of the search commands that make up the Splunk Search Processing Language with complete syntax, descriptions, and examples for each search command. Includes an SPL™ Command Cheat Sheet for quick reference.

Securing Splunk Enterprise

How to create and authenticate users, configure SSL, use audit features to secure your data, and harden Splunk Enterprise instances to reduce vulnerability and risk.

Troubleshooting Manual

How to analyze activity and diagnose problems with Splunk Enterprise.

Updating Splunk Enterprise Instances

How to use deployment server and forwarder management to update Splunk Enterprise distributed instances, such as forwarders and indexers.