Achieve Your Use Cases
Security Use Cases
- Accelerate Actionable Insights with Threat Investigation
- Deploy Continuous Assets and Identities Discovery
- Mitigate Threats With Security Monitoring
- Protect Against Insider Threat With Anomaly Detection
- Reduce Risk with Advanced Threat Detection
- Respond to Incidents with Automation and Orchestration
- Simplify Compliance with Real-Time Monitoring and Reporting
- Uncover Hidden Threats with Proactive Threat Hunting
Splunk & Cisco Use Cases
AI Use Cases
Industry Use CasesAdminister Your Environment
Manage Your Data
Learn From Featured Articles
Reducing Cisco ASA data volumes with Edge Processor and Ingest Processor
Whether you’re filtering out low-priority firewall logs or reducing noisy events, Splunk Edge Processor and Splunk Ingest Processor let you filter, transform, and optimize Cisco ASA logs before routing to the Splunk platform or Amazon S3 for low-cost storage. Learn more here.
Creating, monitoring, and optimizing LLM retrieval augmented generation patterns
Retrieval augmented generation allows you to efficiently ground LLMs in your proprietary data sources, ensuring their responses are accurate, relevant, and aligned with your business context. In this article, you'll learn how to instrument these applications with OpenTelemetry and use Splunk Observability Cloud.
Building a self-serve and scalable observability practice
A self-service, mature observability platform leads to higher productivity, reduced effort, fewer bottlenecks, and more readily available expertise. This article covers six ways that the Splunk observability architecture helps you establish observability as a service.
- Security Use Cases
- Reduce Risk with Advanced Threat Detection
- Protect Against Insider Threat With Anomaly Detection
- Deploy Continuous Assets and Identities Discovery
- Respond to Incidents with Automation and Orchestration
- Simplify Compliance with Real-Time Monitoring and Reporting
- Mitigate Threats With Security Monitoring
- Uncover Hidden Threats with Proactive Threat Hunting
- Accelerate Actionable Insights with Threat Investigation
- Get Started with Splunk Software
- Administering APM
- Administering Splunk Infrastructure Monitoring
- Conducting a SIEM use case development workshop
- Configuring add-ons in UBA
- Configuring and deploying Splunk Data Management Pipeline Builders
- Configuring and optimizing Enterprise Security
- Configuring Log Observer Connect
- Connecting SOAR apps
- Correlating log data to metric charts in Observability Cloud dashboards
- Creating alerts and dashboards with Splunk RUM data
- Creating and using playbooks in SOAR
- Creating dashboards and visualizations in Splunk Synthetic Monitoring
- Creating detectors and alerts in Splunk Synthetic Monitoring
- Cybersecurity Defense Analyst Certification Prep Tips
- Demo - Log analytics for troubleshooting with IT Essentials
- Extracting insights from Cloud Platform
- Extracting insights from Infrastructure Monitoring
- Extracting insights from Splunk Enterprise
- Extracting service insights from APM
- Getting data into APM
- Getting data into Infrastructure Monitoring
- Getting data into ITSI
- Getting data into UBA
- Getting data onboarded to Splunk Enterprise Security
- Getting help with APM
- Getting help with Enterprise Security
- Getting help with Infrastructure Monitoring
- Getting help with ITSI
- Getting help with SOAR
- Getting help with Splunk Artificial Intelligence
- Getting help with Splunk Asset and Risk Intelligence
- Getting help with Splunk Cloud Platform
- Getting help with Splunk Enterprise
- Getting help with Splunk Intel Management (TruSTAR)
- Getting help with Splunk Mobile
- Getting help with Splunk RUM
- Getting help with Splunk Synthetic Monitoring
- Getting help with UBA
- Getting started - Splunk Intel Management (TruSTAR)
- Getting started with APM
- Getting started with Infrastructure Monitoring
- Getting started with ITSI
- Getting started with IT Essentials Learn
- Getting started with IT Essentials Work
- Getting started with Log Observer Connect
- Getting started with SOAR
- Getting started with Splunk Artificial Intelligence
- Getting started with Splunk Asset and Risk Intelligence
- Getting started with Splunk Cloud Platform
- Getting started with Splunk Data Management Pipeline Builders
- Getting started with Splunk Enterprise
- Getting started with Splunk Enterprise Security
- Getting Started with Splunk Real User Monitoring
- Getting started with Splunk Security Essentials
- Getting started with Splunk Synthetic Monitoring
- Getting started with UBA
- How to set up Splunk Mobile app
- Identifying performance bottlenecks with Splunk RUM for Browser
- Identifying Splunk Enterprise Security use cases and data sources
- Implementing features and use cases in Splunk APM
- Implementing use cases in Cloud Platform
- Implementing use cases in Infrastructure Monitoring
- Implementing use cases in Splunk Enterprise
- Implementing use cases with SOAR
- Implementing use cases with Splunk Artificial Intelligence
- Implementing use cases with Splunk Data Management Pipeline Builders
- Improving performance in Enterprise Security 8
- Installing and upgrading Splunk Asset and Risk Intelligence
- Installing and upgrading UBA
- Intelligence flows - Indicator prioritization - Splunk Intel Management (TruSTAR)
- Managing users and permissions - Splunk Intel Management (TruSTAR)
- Managing your Splunk Cloud Platform deployment
- Managing your Splunk Enterprise deployment
- Manually submit intelligence - Splunk Intel Management (TruSTAR)
- Onboarding and managing data in Cloud Platform
- Onboarding and managing data in Splunk Enterprise
- Onboarding with Splunk Asset and Risk Intelligence
- Overview - Splunk Intel Management (TruSTAR)
- Preparing your environment for Splunk Asset and Risk Intelligence
- Rigor to Splunk Synthetics Migration - Customer FAQ
- Searching and filtering on Splunk RUM data
- Setting up and configuring SOAR
- Setting up tests in Splunk Synthetic Monitoring
- Splunk IT Service Intelligence Owner's Manual
- Splunk User Behavior Analytics Owner's Manual
- The definitive guide to best practices for IT Service Intelligence
- Upgrading to Enterprise Security 8.0.x - Compatibility checks
- Upgrading to Enterprise Security 8.0.x - Configuration and customization
- Upgrading to Enterprise Security 8.0.x - Overview
- Upgrading to Enterprise Security 8.0.x - Prerequisites
- Upgrading to Enterprise Security 8.0.x - Walkthrough and validation
- Using Enterprise Security for security investigation and monitoring
- Using Log Observer Connect with Cloud Platform
- Using Log Observer Connect with Splunk Enterprise
- Using session replay in Splunk RUM
- Using Splunk Mobile
- Using the TruSTAR Chrome Extension - Splunk Intel Management (TruSTAR)
- Working with event analytics in ITSI
- Working with intelligence reports - Splunk Intel Management (TruSTAR)
- Working with intelligence sources - Splunk Intel Management (TruSTAR)
- Working with service insights in ITSI
- Splunk Success Framework
- The Splunk Success Framework (SSF) is a flexible collection of best practices for setting up your Splunk software implementation as a program.
- Splunk Cloud Platform Migration
- Get security, reliability, and fast time to value with Splunk® Cloud Platform.
- Phase 1: Splunk Cloud Platform migration overview
- Phase 2: Getting started with your Splunk Cloud Platform migration
- Phase 3: Determining your readiness for Splunk Cloud Platform migration
- Phase 4: Preparing for Splunk Cloud Platform migration
- Phase 5: Migrating to the Splunk Cloud Platform
- Phase 6: Validating Your Splunk Cloud Platform Deployment
- Phase 7: Welcome to Splunk Cloud Platform!
- Manage Splunk Platform Performance and Health
- Adopting workload management with cgroups v1
- Adopting workload management with cgroups v2
- Automating Splunk platform administration with a Continuous Configuration Automation framework
- Benchmarking filesystem performance on Linux-based indexers
- Classic dashboard export deprecation FAQ
- Configuring Splunk for Common Access Card authentication
- Installing an existing certificate on a new Splunk Enterprise installation
- Installing Splunk Enterprise 9.x on Linux
- Installing Splunk Enterprise 9.x on Windows
- Introduction to the Splunk Distributed Deployment Server
- Introduction to the Splunk ACS Github Action CI/CD Starter
- Managing configurations in Splunk Cloud Platform
- Migrating from on-premises to Splunk Cloud Platform
- Monitoring Splunk platform health
- Node.js deprecation FAQ
- Preparing for certificate-based authentication changes on Windows domain controllers
- Preparing to upgrade from 9.x to Splunk Enterprise and Cloud Platform 10.0
- Preparing your Splunk Platform instance to upgrade to jQuery 3.5
- Renewing a certificate on a new Splunk Enterprise installation
- Running a Splunk platform health check
- Securing the Splunk Cloud Platform
- Selecting the best cloud migration approach
- SimpleXML Examples app end of life FAQ
- Splunk Custom Visualizations apps end of life FAQ
- Splunk over IPv6 Runbook for Splunk Enterprise Customers
- Splunk over IPv6 runbook for Splunk Cloud Platform customers
- Troubleshooting compatibility issues between components or apps in Splunk Enterprise
- Troubleshooting high resource usage in Splunk Enterprise
- Understanding workload pricing in Splunk Cloud Platform
- Upgrading the Splunk platform
- Using Admin Config Service in Splunk Cloud Platform FedRAMP environments
- Using the deployer
- Using the Performance Insights for Splunk app
- Using the Splunk Cloud Monitoring Console effectively
- Using the Universal Configuration Console
- Data Sources
- Adobe
- Amazon
- Apache
- AppDynamics
- Atlassian
- Carbon Black
- Check Point
- Cisco
- CrowdStrike
- Dell
- Docker
- Fabrix.ai
- Fortinet
- Gigamon
- GitHub
- GitLab
- Kubernetes
- Linux and Unix
- Mac OS
- Microsoft
- Nagios
- NETSCOUT
- Okta
- OpenAI
- Palo Alto Networks
- Salesforce
- SAP
- Skyhigh Security
- Symantec
- Syslog
- Tanium
- Tenable
- Trend Micro
- VMware
- Websense
- Zeek
- Zoom
- Zscaler
- Data Types
- Alerts data
- Application data
- Application server data
- Authentication data
- Backup data
- Binary repositories data
- Call detail record data
- Certificates data
- Change data
- Cloud productivity suite data
- Cloud services data
- Compliance and governance data
- Configuration management data
- Content delivery network data
- Customer relationship management data
- Database data
- Data access data
- Data loss prevention data
- Deep packet inspection data
- Endpoint detection and response data
- Electronic data interchange data
- Email data
- Event signatures data
- Financial data
- Insider threat data
- Intrusion detection data
- Inventory data
- IoT and industrial IoT data
- IP address assignment data
- Law enforcement data
- Load balancer data
- Malware data
- Medical device data
- Mobile device data
- Network access control data
- Network communication data
- Network firewall data
- Network resolution data
- Network router data
- Network sessions data
- Network switch data
- Network traffic data
- Network VPN data
- OpenLLMetry data
- OpenTelemetry data
- Operational technology data
- Patch management data
- Performance data
- Personally identifiable information
- Physical card reader data
- Physical security data
- Printer data
- Real user monitoring data
- Security orchestration, automation, and response data
- SNMP data
- Storage data
- Supplier and procurement data
- Synthetic monitoring data
- Threat intelligence data
- Update data
- User activity log data
- Vendor-specific data
- Video conferencing and communication data
- Virtualization data
- Vulnerability detection data
- Web application firewall data
- Web proxy data
- Web server data