|
|
Overview
|
| |
What is Splunk?
Visibility Across Your IT Universe
Splunk is an engine for your IT data. It collects, indexes and harnesses all the fast moving IT data generated by your applications, servers and devices — physical, virtual and in the cloud. Use Splunk to search, report, monitor and analyze all your live streaming and historical IT data from one place in real time.
Troubleshoot problems and investigate security incidents in minutes, not hours or days. Monitor your end-to-end infrastructure to avoid service degradation or outages. Meet compliance mandates at lower cost. Correlate and analyze complex events spanning multiple systems. Gain new levels of operational visibility and intelligence for IT and the Business.
|
|
 |
| |
|
|
 |
|
It´s Software - Download and install it in 5 minutes
Try Splunk on your laptop and then scale it to your datacenter. It's a self-contained software package that runs on all major operating systems – just pick your platform, download and install. You're up and running with a web interface for users and an engine for indexing your IT data.
Splunk product demonstration |
| |
|
|
Index Any Data From Any Source
Splunk indexes any kind of IT data from any source in real time. Point your servers’ or network devices’ syslog at Splunk, set up WMI polling, monitor live logfiles, enable change monitoring on your filesystem or the Windows registry, or schedule a script to grab system metrics. Splunk indexes all your IT data without the need for any specific parsers or connectors to purchase, write or maintain. Both the raw data and the rich index are stored in an efficient, compressed, filesystem-based datastore with optional data signing and auditing for data integrity. The more data you index, the more insight you'll gain from your IT infrastructure. |
|
 |
| |
|
|
 |
|
Forwards Data from Remote Systems
Splunk forwarders – lightweight Splunk servers with indexing turned off – can be deployed in situations where the data you need isn't available over the network or visible to the server where Splunk is installed. Splunk forwarders can monitor local application logfiles, capture the output of status commands on a schedule, grab performance metrics from virtual or non-virtual sources or watch the file system for configuration, permissions and attribute changes. Forwarders send data securely to the central Splunk server in real time. They are lightweight, can be deployed quickly and at no additional cost. |
| |
|
|
Correlates Complex Events
With Splunk you can correlate complex events spanning many data sources across your IT environment. Splunk supports five types of correlation. Time-based correlations, to identify relationships based on time, proximity or distance. Transaction-based correlations, to track a series of related events as a single transaction to measure duration, status or other analysis. Sub-searches, taking the results of one search and using them in another. Lookups, correlating with external data sources outside of Splunk. Joins, to support SQL-like inner and outer joins. Correlating events in Splunk enables richer analysis and insight from your raw IT data, driving better visibility and intelligence for IT and the business. |
|
 |
| |
|
|
 |
|
Built For Big Data
Use Splunk to collect and index terabytes of data per day and search billions of events in seconds on a single commodity server. Its scalability model is based on MapReduce, so as daily volumes and data sources grow, you can scale performance simply by adding more commodity servers. Automatic load balancing optimizes workloads and response times and provides built-in failover support. Avoid the need to deploy third-party reporting tools with Splunk's out-of-the-box reporting and analytics capabilities. Configure Splunk to use a SAN or other storage device for long-term storage needs. |
| |
|
|
Scales Across Datacenters
Splunk's distributed architecture lets your search span multiple deployments within a datacenter or globally across all your datacenters. With role-based access you can control how far a given user's search will span. Regional users can see data from regional systems and enterprise-wide users can see data from all datacenters. The Splunk vision is for every authorized employee to get the visibility and intelligence they need from their IT data. Whether for investigations, or reports and dashboards, or analysis to continually improve IT and business decisions. Securely connecting your Splunk installation takes just minutes, allowing you to design a manageable enterprise data fabric. |
|
 |
| |
|
|
 |
|
Provides Granular, Role-Based Security
Underlying everything Splunk does is a robust security model. Every Splunk transaction is authenticated, including user activities through the web user interface, command line interface and system activities through the Splunk API. You can define your own roles for Splunk users with a comprehensive set of documented control points that limit functionality by user type. These fine-grained access controls limit the searches, alerts, reports, dashboards and views that different Splunk roles can see. Splunk also integrates with external LDAP-compliant directory servers and Active Directory servers to enforce enterprise-wide security policies. Single sign-on integration is also available to enable pass-through authentication of user credentials. Since all the data needed to troubleshoot, investigate security incidents and demonstrate compliance is persisted in Splunk, you can restrict access to sensitive production servers. |
| |
|
|
Click here to download product sheet
|
|
 |
| |
|
|