Skip to main content


Splunk Lantern

Server log data


Server operating systems routinely record a variety of operational, security, error, and debugging data such as system libraries loaded during boot, application processes open, network connections, file systems mounted, and system memory usage. The level of detail is configurable by the system administrator; however, there are sufficient options to provide a complete picture of system activity throughout its lifetime. In the Common Information Model, antivirus data is typically mapped to the Network Sessions data model

Server logs provide a detailed record of overall system health and forensic information about the exact time of errors and anomalous conditions that are invaluable in finding the root cause of system problems.  Monitoring server logs such as file access, authentication, and application usage can help secure infrastructure components.


When your Splunk deployment is ingesting server log data, you can use it to accomplish security and compliance, IT Ops, and application delivery use cases.


Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud).

Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.