Skip to main content
Registration for .conf24 is open! Join us June 11-14 in Las Vegas.
Splunk Lantern

Use Case Explorer for the Splunk Platform


The Use Case Explorer for the Splunk Platform is designed to help inspire as you develop new use cases using either Splunk Enterprise or Splunk Cloud Platform. If you are also using products in the Splunk Security suite or Splunk Observability Cloud suite, there are specific Use Case Explorers to help you understand the maturity journey related to these areas. Check out the Use Case Explorer for Security and Use Case Explorer for Observability for more information.

The Use Case Explorer will guide you to recommended use cases to help you realize more value from Splunk, no matter where you are in your data journey.

The Explorer Map

The Explorer Map below contains a wide variety of use cases to inspire your own journey. Across the top, use case examples are grouped in industry specific categories. Below, use case examples are grouped in more generalized security and IT Modernization categories which can be applied to any number of industries.

Industry Vertical








Additional Security and IT Modernization Use Cases for the Splunk platform


Explore all Security use cases that can be accomplished with the Splunk platform, or jump straight to use cases for Behavior Analysis, Compliance, Security Monitoring, or Threat Hunting.


Explore all IT Modernization use cases that can be accomplished with the Splunk platform, or jump straight to use cases for Application Monitoring, Infrastructure Monitoring, or Investigation and Troubleshooting.

To build a foundational security monitoring program, Splunk recommends following the Prescriptive Adoption Motion: Using the Splunk platform for Security use cases To build a foundational observability program, Splunk recommends following the Prescriptive Adoption Motion: Using the Splunk platform for Observability use cases

Is this your first time using the Use Case Explorer for the Splunk Platform?

►Click here to learn how to use it.

Learning how to use the Use Case Explorer is important to help you successfully get started and to get the most out of your Splunk Security solution, as well as help you see incremental value when incorporating additional solutions.  The following video provides a brief but informative overview of the three use case explorers in Lantern: Platform, Security, and Observability. Wherever you are in your resilience journey and whatever use cases you need to accomplish, the content in the explorers can help.

Learning how to use the Use Case Explorer is important to help you successfully get started, as well as help you see incremental value when incorporating additional solutions.

To use the Use Case Explorer effectively, you'll need to implement and follow a Value Realization Cycle within your organization. Two tools within the Use Case Explorer will help you do this - the Explorer Map and the Use Case Registry.

The Value Realization Cycle

The Value Realization Cycle is a continuous process for identifying, implementing, and evaluating the value of new use cases that your business adopts.

In order to get maximum value out of your investment in the Splunk platform, it's vital to intentionally put a Value Realization Cycle in place. We recommend that your organization establishes a use case planning session at least every other month to ideate and refresh new use cases to be deployed.

Splunk UCX VR Cycle.jpg

The Value Realization Cycle consist of a few different steps:

  • Step 1 - Define a situation and goal. This can be a very targeted tactical challenge or a more expansive one. 
  • Step 2 - Identify and record use cases. There could be one or more use cases that help you improve the situation and achieve the goal you defined in step 1. Use the Explorer Map to help identify use cases you can apply.
  • Step 3 - Deploy use case(s) and document the value achieved. Use the Registry to help you track and document your progress.

You can create the Use Case Registry in a spreadsheet or project management tool of your choice. Here is an example of a Use Case Registry you can use, or you can download this template file. You might want to add extra columns to these examples to track additional information such as status, prerequisites, or comments.

And then, repeat!

The Explorer Map

The Explorer map is categorized by specific industries as well as more ubiquitous security and IT operational applications. You can see the map at the top of this page. You'll find use cases and best-practice guidance within each of these areas which you can start to apply right away.

You can track your progress in achieving use cases with the Use Case Registry.

The Use Case Registry

The Use Case Registry is a tool used to track the specific use cases you want to deploy, along with the names of use case implementation owners and timelines for completion.

As well as running a regular use case planning session at least every other month, we recommend that you have weekly or bi-weekly team meetings focused on the Use Case Registry to checkpoint and track your progress in achieving the value you've identified from the use cases you choose to implement.

Workflow Stage Use Case Product Expected Value Owner Target Date

Ingest Data

Onboarding data to Splunk Enterprise Security

Splunk Enterprise Security


Identify, ingest and centralize visibility for essential security, infrastructure and application data


Steve Striker



Monitoring for indicators of ransomware attacks with Splunk Enterprise Security

Splunk Security Essentials

Grow security maturity using expanded use cases and content addressing current and emerging threats

Kenny Powers



Implementing RBA in Enterprise Security

Splunk Enterprise Security

Reduce alert footprint and identify slow evolving threats

Stacy Rai


Analyze and Investigate

Using Splunk Enterprise Security to ensure GDPR compliance

Splunk Enterprise Security

Achieve GDPR Compliance

William White