What Is Splunk?
Splunk is a software platform to search, analyze and visualize the machine-generated data gathered from the websites, applications, sensors, devices etc. which make up your IT infrastructure and business.
The infographic below mentions some of the functionalities for which Splunk can be used.
Splunk Enterprise capabilities include:
- Index Any Data Source. The ability to bring in any data without custom connectors or vendor support enables analysts to quickly access, search and analyze the data they need to complete their investigation.
- Scalability. The ability to index hundreds of terabytes of data per day. Splunk does not apply a schema at the time data is indexed and searches across terabytes of data can be performed quickly.
- Flexible Dashboards—Dashboards can be easily created or customized for a quick graphical view of any data or correlation that is important to the organization. Organize multiple dashboards on a single screen for a customized view of the organization’s overall security posture.
- Ad Hoc Searches. Ad hoc searches enable security teams to quickly understand what attacks are occurring in their environment to determine the best course of action.