Manuals
Splunk® Enterprise


Splunk Enterprise is the data collection, indexing, and visualization engine for operational intelligence.

Splunk Enterprise Overview
A technical overview of Splunk platform features and documentation.

Release Notes
Includes information about new features, known issues, and fixed problems.

Installation Manual
How to install, upgrade, or migrate Splunk Enterprise. Includes system migration requirements and licensing information.

Search Tutorial
If you are new to Splunk search, start here. Guides you through adding data, searching data, and creating simple dashboards.

Metrics
Learn about metrics in the Splunk platform.

Analytics Workspace
Browse, analyze, visualize and act on data without writing SPL queries. Learn how to quickly create rich visualizations, alerts, reports, and dashboard panels.

Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.

Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.

Alerting Manual
How to create and dispatch alerts that are triggered when specific conditions are met.

Dashboards and Visualizations
Capture, monitor, and share data insights. Learn how to generate visualizations and build dashboards. Add interactivity, manage permissions, and export dashboards. Edit dashboards and use Simple XML to customize user experience.

Splunk Dashboard Studio
Use the Splunk Dashboard Studio to create custom dashboards, images, and visualizations.

Pivot Manual
How to use Pivot to create tables and charts without the use of the Splunk Search Processing Language (SPL).

Reporting Manual
How to save and manage searches and pivots as a report. Includes report acceleration, report scheduling, and printing reports as PDFs.

Search Manual
How to search and use the Splunk Search Processing Language. Includes examples of searches that calculate statistics and evaluate fields, helps you design visualization-ready reports, and explains how to set up and run federated searches.

Search Reference
Catalog of the search commands that make up the Splunk Search Processing Language with complete syntax, descriptions, and examples for each search command. Includes the Splunk Quick Reference Guide that describes fundamental search concepts, commands, functions, and examples.

Metrics
Learn about metrics in the Splunk platform.

Analytics Workspace
Browse, analyze, visualize and act on data without writing SPL queries. Learn how to quickly create rich visualizations, alerts, reports, and dashboard panels.

Federated Search
Search remote datasets throughout your data ecosystem from a single Splunk platform search interface.

Knowledge Manager Manual
How to create, use and manage event types, tags, lookups, field extractions, workflow actions, reports, views, and data models.

Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.

Admin Manual
Starting point for Splunk Enterprise administration. Includes information about managing licenses, configuring Splunk Enterprise, and using the command-line interface. Includes a complete reference to all Splunk Enterprise configuration files.

Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.

Knowledge Manager Manual
How to create, use and manage event types, tags, lookups, field extractions, workflow actions, reports, views, and data models.

Securing Splunk Enterprise
How to create, manage, and authenticate users, configure transport layer security, use audit features to secure your data, and harden Splunk platform deployments to reduce vulnerability and risk.

Securing Splunk Enterprise with Common Criteria
Install and configure Splunk Enterprise in Common Criteria mode.

Troubleshooting Manual
How to analyze activity and diagnose problems with your Splunk deployment.

Splunk Analytics for Hadoop
License Splunk Analytics for Hadoop, configure virtual indexes, and search your Hadoop data.

Upgrade Readiness
How to use the Upgrade Readiness app to prepare for upgrade to Python 3 and jQuery 3.5.

Monitoring Splunk Enterprise
Monitor and investigate issues on your Splunk deployment.

Workload Management
How to configure and allocate compute resource groups for your Splunk Enterprise deployment.

REST API Reference Manual
Reference documentation for Splunk REST API endpoints.

Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.

Capacity Planning Manual
This manual provides high-level guidance on how to plan resource capacity for a Splunk Enterprise deployment and helps you decide when to add resources and distribute Splunk Enterprise services to maintain performance.

Distributed Deployment Manual
Scale Splunk Enterprise by distributing functionality across multiple forwarders, indexers, and search heads.

Distributed Search
Scale search functionality with search heads and search head clusters.

Monitoring Splunk Enterprise
Monitor and investigate issues on your Splunk deployment.

Workload Management
How to configure and allocate compute resource groups for your Splunk Enterprise deployment.

Forwarding Data
How to use forwarders to get data into your Splunk deployment.

Managing Indexers and Clusters of Indexers
How to configure and manage Splunk Enterprise indexers and clusters of indexers.

Updating Splunk Enterprise Instances
How to use deployment server and forwarder management to update Splunk Enterprise distributed instances, such as forwarders and indexers.

Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.

Forwarding Data
How to use forwarders to get data into your Splunk deployment.

Developing Views and Apps for Splunk Web
Extend your Splunk deployment with custom visualizations, custom alert actions, and modular inputs.

REST API Reference Manual
Reference documentation for Splunk REST API endpoints.

REST API User Manual
How to use public Splunk REST API endpoints.

REST API Tutorials
Tutorials about using the Splunk REST API.

Python 3 Migration
Information about Python 2.7 EOL and Splunk app migration to Python 3.