Manuals
Splunk® Enterprise


Splunk Enterprise is the data collection, indexing, and visualization engine for operational intelligence.

Splunk Enterprise Overview
A technical overview of Splunk platform features and documentation.

Release Notes
Includes information about new features, known issues, and fixed problems.

Installation Manual
How to install, upgrade, or migrate Splunk Enterprise. Includes system migration requirements and licensing information.

Search Tutorial
If you are new to Splunk search, start here. Guides you through adding data, searching data, and creating simple dashboards.

Metrics
Learn about metrics in the Splunk platform.

Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.

Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.

Alerting Manual
How to create and dispatch alerts that are triggered when specific conditions are met.

Dashboards and Visualizations
Capture, monitor, and share data insights. Learn how to generate visualizations and build dashboards. Add interactivity, manage permissions, and export dashboards. Edit dashboards and use Simple XML to customize user experience.

Pivot Manual
How to use Pivot to create tables and charts without the use of the Splunk Search Processing Language (SPL).

Reporting Manual
How to save and manage searches and pivots as a report. Includes report acceleration, report scheduling, and printing reports as PDFs.

Search Manual
How to search and use the Splunk Search Processing Language. Includes examples of searches that calculate statistics and evaluate fields, helps you design visualization-ready reports, and explains how to set up and run federated searches.

Search Reference
Catalog of the search commands that make up the Splunk Search Processing Language with complete syntax, descriptions, and examples for each search command. Includes the Splunk Quick Reference Guide that describes fundamental search concepts, commands, functions, and examples.

Metrics
Learn about metrics in the Splunk platform.

Knowledge Manager Manual
How to create, use and manage event types, tags, lookups, field extractions, workflow actions, reports, views, and data models.

Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.

Admin Manual
Starting point for Splunk Enterprise administration. Includes information about managing licenses, configuring Splunk Enterprise, and using the command-line interface. Includes a complete reference to all Splunk Enterprise configuration files.

Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.

Knowledge Manager Manual
How to create, use and manage event types, tags, lookups, field extractions, workflow actions, reports, views, and data models.

Securing Splunk Enterprise
How to create and authenticate users, configure SSL, use audit features to secure your data, and harden Splunk deployments to reduce vulnerability and risk.

Troubleshooting Manual
How to analyze activity and diagnose problems with your Splunk deployment.

Splunk Analytics for Hadoop
License Splunk Analytics for Hadoop, configure virtual indexes, and search your Hadoop data.

Monitoring Splunk Enterprise
Monitor and investigate issues on your Splunk deployment.

Workload Management
How to configure and allocate compute resource groups for your Splunk Enterprise deployment.

REST API Reference Manual
Reference documentation for Splunk REST API endpoints.

Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.

Capacity Planning Manual
This manual provides high-level guidance on how to plan resource capacity for a Splunk Enterprise deployment and helps you decide when to add resources and distribute Splunk Enterprise services to maintain performance.

Distributed Deployment Manual
Scale Splunk Enterprise by distributing functionality across multiple forwarders, indexers, and search heads.

Distributed Search
Scale search functionality with search heads and search head clusters.

Monitoring Splunk Enterprise
Monitor and investigate issues on your Splunk deployment.

Workload Management
How to configure and allocate compute resource groups for your Splunk Enterprise deployment.

Forwarding Data
How to use forwarders to get data into your Splunk deployment.

Managing Indexers and Clusters of Indexers
How to configure and manage Splunk Enterprise indexers and clusters of indexers.

Updating Splunk Enterprise Instances
How to use deployment server and forwarder management to update Splunk Enterprise distributed instances, such as forwarders and indexers.

Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.

Forwarding Data
How to use forwarders to get data into your Splunk deployment.

Developing Views and Apps for Splunk Web
Extend your Splunk deployment with custom visualizations, custom alert actions, and modular inputs.

REST API Reference Manual
Reference documentation for Splunk REST API endpoints.

REST API User Manual
How to use public Splunk REST API endpoints.

REST API Tutorials
Tutorials about using the Splunk REST API.

Python 3 Migration
Information about Python 2.7 EOL and Splunk app migration to Python 3.