Featured: Splunk Platform Administration
Automating administration with a Continuous Configuration Automation framework
CCA for Splunk enables a full lifecycle management of your Splunk platform deployment using a Continuous Configuration Automation framework powered by Ansible, so you can manage certificates, upgrades, and app deployments with full control and flexibility.
Featured: Searching
Working with multivalue fields
If you ignore multivalue fields in your data, you may end up with missing and inaccurate data, sometimes reporting only the first value of the multivalue fields in your results. Multivalue functions can be used with eval, where, or fieldformat search commands. This article shows you how to use them.
Featured: Ingest actions
Using ingest actions with source types that are renamed with props and transforms
When the ingest actions rulesets are deployed, those rulesets act on ingest-time data, which may be different from indexed data depending on what props/transforms are configured on the indexers. This can result in a confusing experience when using the ingest actions UI preview. Read this article to understand ways to clear up the confusion.
Resources for Splunk Program Managers
The Splunk Success Framework
Accelerate and increase the value you derive from your data with Splunk software using the Splunk Success Framework (SSF), a flexible collection of best practices for setting up Splunk Enterprise or Splunk Cloud Platform as a program.
Data Ingestion and Application
Data Descriptors
Bring data to every question, decision, and action across your organization with comprehensive guidance for getting data in and applying data to your key use cases.
Get the latest
New Articles
- Platform
- Turn data into doing to unlock innovation, enhance security and drive resilience.
- Security
- Protect your business and modernize your security operations with a best-in-class data platform.
- Observability
- Solve problems in seconds with the only full-stack, analytics-powered, and OpenTelemetry-native observability solution.
- Splunk Success Framework
- The Splunk Success Framework (SSF) is a flexible collection of best practices for setting up your Splunk software implementation as a program.
- Data Descriptors
- The data sources in use at your organization can all be linked to common use cases. Get recommendations from Splunk experts and then start getting answers from your data.
- Antivirus data
- APM tool data
- Application server data
- Authentication data
- Backup data
- Binary repositories data
- Blockchain data
- Build systems data
- Business service data
- Code management data
- Container data
- CRM, ERP, and other business application data
- Custom application and debug data
- Database data
- Deep packet inspection data
- DHCP data
- Endpoint data
- Firewall data
- Intrusion detection and prevention data (IDS and IPS)
- Load balancer data
- Mail server data
- Medical device data
- Mobile device data
- Network access control data
- Network protocol data
- Network router data
- Network switch data
- Patch log data
- Physical card reader data
- Point of sale data
- Proxy data
- RFID/NFC/BLE data
- SNMP data
- Storage data
- System log data
- System performance data
- Telephony data
- Virtual private network data
- Virtualization data
- VoIP data
- Vulnerability scanning data
- Web server data
- DNS data
- Linux and Unix
- Okta
- SAP
- Zscaler
- Zoom
- Zeek
- Websense
- VMware
- CrowdStrike
- Carbon Black
- Ethereum
- Kubernetes
- Check Point
- Fortinet
- Salesforce
- Symantec
- Palo Alto Networks
- Trend Micro
- Tenable
- GitHub
- Atlassian
- AppDynamics
- Dell
- Syslog
- Apache
- Hyperledger
- ConsenSys Quorum
- Amazon
- Cisco
- Microsoft
- JupiterOne