Closing this box indicates that you accept our Cookie Policy.
Splunk Enterprise is the data collection, indexing, and visualization engine for operational intelligence.
Splunk Enterprise Overview
A technical overview of Splunk platform features and documentation.
Release Notes
Includes information about new features, known issues, and fixed problems.
Installation Manual
How to install, upgrade, or migrate Splunk Enterprise. Includes system migration requirements and licensing information.
Search Tutorial
If you are new to Splunk search, start here. Guides you through adding data, searching data, and creating simple dashboards.
Metrics
Learn about metrics in the Splunk platform.
Translated Documentation
Some Splunk Enterprise manuals are available in Japanese, Korean, Simplified Chinese, and Traditional Chinese.
Analytics Workspace
Browse, analyze, visualize and act on data without writing SPL queries. Learn how to quickly create rich visualizations, alerts, reports, and dashboard panels.
Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.
Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.
Alerting Manual
How to create and dispatch alerts that are triggered when specific conditions are met.
Dashboards and Visualizations
Capture, monitor, and share data insights. Learn how to generate visualizations and build dashboards. Add interactivity, manage permissions, and export dashboards. Edit dashboards and use Simple XML to customize user experience.
Pivot Manual
How to use Pivot to create tables and charts without the use of the Splunk Search Processing Language (SPL).
Reporting Manual
How to save and manage searches and pivots as a report. Includes report acceleration, report scheduling, and printing reports as PDFs.
Search Manual
How to search and use the Splunk Search Processing Language. Includes examples of searches that calculate statistics and evaluate fields, helps you design visualization-ready reports, and explains how to set up and run federated searches.
Search Reference
Catalog of the search commands that make up the Splunk Search Processing Language with complete syntax, descriptions, and examples for each search command. Includes the Splunk Quick Reference Guide that describes fundamental search concepts, commands, functions, and examples.
Metrics
Learn about metrics in the Splunk platform.
Analytics Workspace
Browse, analyze, visualize and act on data without writing SPL queries. Learn how to quickly create rich visualizations, alerts, reports, and dashboard panels.
Knowledge Manager Manual
How to create, use and manage event types, tags, lookups, field extractions, workflow actions, reports, views, and data models.
Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.
Admin Manual
Starting point for Splunk Enterprise administration. Includes information about managing licenses, configuring Splunk Enterprise, and using the command-line interface. Includes a complete reference to all Splunk Enterprise configuration files.
Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.
Knowledge Manager Manual
How to create, use and manage event types, tags, lookups, field extractions, workflow actions, reports, views, and data models.
Securing Splunk Enterprise
How to create and authenticate users, configure SSL, use audit features to secure your data, and harden Splunk deployments to reduce vulnerability and risk.
Troubleshooting Manual
How to analyze activity and diagnose problems with your Splunk deployment.
Splunk Analytics for Hadoop
License Splunk Analytics for Hadoop, configure virtual indexes, and search your Hadoop data.
Monitoring Splunk Enterprise
Monitor and investigate issues on your Splunk deployment.
Workload Management
How to configure and allocate compute resource groups for your Splunk Enterprise deployment.
REST API Reference Manual
Reference documentation for Splunk REST API endpoints.
Inherit a Splunk Enterprise Deployment
Start here if you are the new admin owner of an established Splunk software deployment.
Capacity Planning Manual
This manual provides high-level guidance on how to plan resource capacity for a Splunk Enterprise deployment and helps you decide when to add resources and distribute Splunk Enterprise services to maintain performance.
Distributed Deployment Manual
Scale Splunk Enterprise by distributing functionality across multiple forwarders, indexers, and search heads.
Distributed Search
Scale search functionality with search heads and search head clusters.
Monitoring Splunk Enterprise
Monitor and investigate issues on your Splunk deployment.
Workload Management
How to configure and allocate compute resource groups for your Splunk Enterprise deployment.
Forwarding Data
How to use forwarders to get data into your Splunk deployment.
Managing Indexers and Clusters of Indexers
How to configure and manage Splunk Enterprise indexers and clusters of indexers.
Updating Splunk Enterprise Instances
How to use deployment server and forwarder management to update Splunk Enterprise distributed instances, such as forwarders and indexers.
Getting Data In
How to get your machine data into your Splunk deployment and ensure that it is indexed efficiently and effectively.
Forwarding Data
How to use forwarders to get data into your Splunk deployment.
Add Cisco ASA data: Single instance
Learn how to configure the Splunk Add-on for ASA into a single instance of Splunk Enterprise.
Add Cisco ASA data: Distributed deployment with indexer clustering
Learn how to configure the Splunk Add-on for ASA into a distributed deployment of Splunk Enterprise that leverages indexer clustering.
Add Cisco ASA data: Splunk Cloud
Learn how to configure the Splunk Add-on for Cisco ASA into a Splunk Cloud deployment.
Add McAfee data: Single instance
Learn how to get McAfee data into a single instance of Splunk Enterprise.
Add McAfee data: Distributed deployment with indexer clustering
Learn how to configure the Splunk Add-on for McAfee on a distributed deployment of Splunk Enterprise that uses indexer clustering.
Add McAfee data: Splunk Cloud
Learn how to get McAfee data into a Splunk Cloud deployment.
Add Microsoft Active Directory data: Single instance
Learn how to get Microsoft Active Directory data into a single instance of Splunk Enterprise.
Add Microsoft Active Directory data: Distributed deployment with indexer clustering
Learn how to get Microsoft Active Directory data into a distributed deployment of Splunk Enterprise that uses indexer clustering.
Add Microsoft Active Directory data: Splunk Cloud
Learn how to get Microsoft Active Directory data into a Splunk Cloud deployment.
Add Microsoft Windows data: Single instance
Learn how to get Microsoft Windows data into a single instance of Splunk Enterprise.
Add Microsoft Windows data: Distributed deployment with indexer clustering
Learn how to configure the Splunk Add-on for Windows on a distributed deployment of Splunk Enterprise that uses indexer clustering.
Add Microsoft Windows data: Splunk Cloud
Learn how to get Microsoft Windows data into a Splunk Cloud deployment.
Add Palo Alto Networks data: Single instance
Learn how to configure the Splunk Add-on for Palo Alto Networks on a single instance of Splunk Enterprise.
Add Palo Alto Networks data: Distributed deployment with indexer clustering
Learn how to configure the Splunk Add-on for Palo Alto Networks on a distributed deployment of Splunk Enterprise that uses indexer clustering.
Add Palo Alto Networks data: Splunk Cloud
Learn how to configure the Splunk Add-on for Palo Alto Networks on a Splunk Cloud deployment.
Add Symantec Endpoint Protection data: Single instance
Learn how to configure the Splunk Add-on for Symantec Endpoint Protection on a single instance of Splunk Enterprise.
Add Symantec Endpoint Protection data: Distributed deployment with indexer clustering
Learn how to configure the Splunk Add-on for Symantec Endpoint Protection on a distributed deployment of Splunk Enterprise that uses indexer clustering.
Add Symantec Endpoint Protection data: Splunk Cloud
Learn how to configure the Splunk Add-on for Symantec Endpoint Protection on a Splunk Cloud deployment.
Add AWS Config data: Single instance
Learn how to ingest AWS Config data into a single instance of Splunk Enterprise.
Add AWS Config data: Distributed deployment with indexer clustering
Learn how to ingest AWS Config data into a distributed with indexer clustering deployment of Splunk Enterprise.
Add AWS Config data: Splunk Cloud
Learn how to ingest AWS Config data into a Splunk Cloud deployment.
Add AWS Config Notifications data: Single instance
Learn how to ingest AWS Config Notification data into a single instance of Splunk Enterprise.
Add AWS Config Notifications data: Distributed deployment with indexer clustering
Learn how to ingest AWS Config Notification data into a distributed instance of Splunk Enterprise.
Add AWS Config Notifications data: Splunk Cloud
Learn how to ingest AWS Config Notification data into your Splunk Cloud deployment.
Add AWS Config Rules data: Single instance
Learn how to ingest AWS Config Rules data into a single instance of Splunk Enterprise.
Add AWS Config Rules data: Distributed deployment with indexer clustering
Learn how to ingest AWS Config Rules data into a distributed instance of Splunk Enterprise.
Add AWS Config Rules data: Splunk Cloud
Learn how to ingest AWS Config Rules data into your Splunk Cloud deployment.
Add AWS CloudWatch Metrics data: Single instance
Learn how to ingest AWS CloudWatch data into a single instance of Splunk Enterprise.
Add AWS CloudWatch Metrics data: Distributed deployment with indexer clustering
Learn how to ingest CloudWatch data into a distributed deployment with indexer clustering.
Add AWS CloudWatch Metrics data: Splunk Cloud
Learn how to ingest CloudWatch data into a Splunk Cloud deployment.
Add AWS VPC Flow Log data: Single instance
Learn how to ingest AWS VPC Flow Log data into a single instance of Splunk Enterprise.
Add AWS VPC Flow Log data: Distributed deployment with indexer clustering
Learn how to ingest AWS VPC Flow Log data into a distributed instance of Splunk Enterprise.
Add AWS VPC Flow Log data: Splunk Cloud
Learn how to ingest AWS VPC Flow Log data into your Splunk Cloud deployment.
Add AWS CloudTrail data: Single instance
Learn how to ingest CloudTrail data into a Splunk Enterprise single instance.
Add AWS CloudTrail data with Kinesis Firehose: Distributed deployment with indexer clustering
Learn how to ingest AWS CloudTrail data into a distributed instance of Splunk Enterprise.
Add AWS CloudTrail data with Kinesis Firehose: Splunk Cloud
Learn how to ingest AWS CloudTrail data into your Splunk Cloud deployment.
Add AWS Config data with Kinesis Firehose: Distributed deployment with indexer clustering
Learn how to ingest AWS Config data into a distributed instance of Splunk Enterprise.
Add AWS Config data with Kinesis Firehose: Splunk Cloud
Learn how to ingest AWS Config data into your Splunk Cloud deployment.
Add AWS Billing data: Single instance
Learn how to ingest AWS Billing data into a single instance of Splunk Enterprise.
Add AWS Billing data: Distributed deployment with indexer clustering
Learn how to ingest AWS Billing data into a distributed instance of Splunk Enterprise.
Add AWS Billing data: Splunk Cloud
Learn how to ingest AWS Billing data into your Splunk Cloud deployment.
Add AWS ELB access log data: Single instance
Learn how to ingest AWS ELB access log data into a single instance of Splunk Enterprise.
Add AWS ELB access log data: Distributed deployment with indexer clustering
Learn how to ingest AWS ELB access log data into a distributed instance of Splunk Enterprise.
Add AWS ELB access log data: Splunk Cloud
Learn how to ingest AWS ELB access log data into your Splunk Cloud deployment.
Add AWS S3 access log data: Single instance
Learn how to ingest AWS S3 access log data into a single instance of Splunk Enterprise.
Add AWS S3 access log data: Distributed deployment with indexer clustering
Learn how to ingest AWS S3 access log data into a distributed instance of Splunk Enterprise.
Add AWS S3 access log data: Splunk Cloud
Learn how to ingest AWS S3 access log data into your Splunk Cloud deployment.
Add AWS CloudFront access log data: Single instance
Learn how to ingest AWS CloudFront access log data into a single instance of Splunk Enterprise.
Add AWS CloudFront access log data: Distributed deployment with indexer clustering
Learn how to ingest AWS CloudFront access log data into a distributed instance of Splunk Enterprise.
Add AWS CloudFront access log data: Splunk Cloud
Learn how to ingest AWS CloudFront access log data into your Splunk Cloud deployment.
Developing Views and Apps for Splunk Web
Extend your Splunk deployment with custom visualizations, custom alert actions, and modular inputs.
REST API Reference Manual
Reference documentation for Splunk REST API endpoints.
REST API User Manual
How to use public Splunk REST API endpoints.
REST API Tutorials
Tutorials about using the Splunk REST API.
Python 3 Migration
Information about Python 2.7 EOL and Splunk app migration to Python 3.