The Splunk Guide to Operational Intelligence



Similar documents
The Splunk Guide to Operational Intelligence

Reading. Minimum Spanning Trees. Outline. A File Sharing Problem. A Kevin Bacon Problem. Spanning Trees. Section 9.6

Distributed Systems Principles and Paradigms. Chapter 11: Distributed File Systems. Distributed File Systems. Example: NFS Architecture

Where preparation meets opportunity. My Academic Planner. Early Academic Outreach Program (EAOP)

Schedule C. Notice in terms of Rule 5(10) of the Capital Gains Rules, 1993

Hospitals. Internal Revenue Service Information about Schedule H (Form 990) and its instructions is at

SKILL TEST IR(H) HELICOPTER SE ME Application and report form A. Udfyldes af ansøgeren/to be filled out by the applicant:

Oracle PL/SQL Programming Advanced

Operational Procedure: ACNC Data Breach Response Plan

AdvancedTCA Connectors acc. to PICMG 3.0

MANAGEMENT OF INFORMATION SECURITY AND FORENSICS

A122 MARION COUNTY HEALTH BUILDING HVAC, GLAZING AND LIGHTING RENOVATION 75% DOCUMENTS 08/31/2015

Industry regulations Jurisdictional regulations Legal defensibility Legal frameworks Legal research

One Ring to Rule them All: Service Discovery and Binding in Structured Peer-to-Peer Overlay Networks

SecurView Antivirus Software Installation

Change Your History How Can Soccer Knowledge Improve Your Business Processes?

1. Number of questions to be answered: ALL Multiple Choice (Section A) and 3 from 5 of the short answer questions (Section B)

Usability Test Checklist

Revised Conditions (January 2009) LLOYDS BANKING GROUP SHARE ISA CONDITIONS

Process Mining Making Sense of Processes Hidden in Big Event Data

Diagram Editing with Hypergraph Parser Support

Menu Structure. Section 5. Introduction. General Functions Menu

Uses for Binary Trees -- Binary Search Trees

A MESSAGE FROM CLAIMTEK

Net Promoter Industry Report

Back left Back right Front left Front right. Blue Shield of California. Subscriber JOHN DOE. a b c d

How To Get A Usb Power Button On Your Computer (For A Free) For A Year (For Free) (For An Ipad) (Free) (Apple) (Mac) (Windows) (Power) (Net) (Winows

Network Decoupling for Secure Communications in Wireless Sensor Networks

SEE PAGE 2 FOR BRUSH MOTOR WIRING SEE PAGE 3 FOR MANUFACTURER SPECIFIC BLDC MOTOR WIRING EXAMPLES A

Distributed Process Discovery and Conformance Checking

Algorithmic Aspects of Access Networks Design in B3G/4G Cellular Networks

University of Mumbai Application for selection as Best College

Predicting Current User Intent with Contextual Markov Models

Standard Conditions for Street Traders The Royal Borough of Kensington and Chelsea. Revised standard conditions for street trading

Discovering Petri Nets From Event Logs

Dinh Hong Giang 1,2, Ed Sarobol 2, * and Sutkhet Nakasathien 2 ABSTRACT

CompactPCI Connectors acc. to PIGMG 2.0 Rev. 3.0

Link-Disjoint Paths for Reliable QoS Routing

the machine and check the components Black Yellow Cyan Magenta

25/8/94 (previous title) 08/06/12 [15/05/13 Formal Delegations amended] 15/12/95 13/10/00 2/11/01, 9/9/05, 14/12/11 5 yearly Immediately

Ethical and Professional Standards

SEE PAGE 2 FOR BRUSH MOTOR WIRING SEE PAGE 3 FOR MANUFACTURER SPECIFIC BLDC MOTOR WIRING EXAMPLES

11 + Non-verbal Reasoning

- ASSEMBLY AND INSTALLATION -

Please find attached our comments regarding Refuge Alternatives for Underground Coal Mines; Proposed Rule.

Functional Valuation of Ecosystem Services on Bonaire

RECEIVED 2812 HAY 10 PMI2:00 FEC MAIL CEHTER

Modeling Secure Connectivity of Self-Organized Wireless Ad Hoc Networks

Summary of changes to Regulations recommended to the Senate by Graduate School Management Committee. Changed wording is shown in bold italics.

Magic Message Maker Amaze your customers with this Gift of Caring communication piece

Last time Interprocedural analysis Dimensions of precision (flow- and context-sensitivity) Flow-Sensitive Pointer Analysis

Applications: Lifting eyes are screwed or welded on a load or a machine to be used as lifting points.

Othello: A Minute to Learn... A Lifetime to Master. Brian Rose

Maintain Your F5 Solution with Fast, Reliable Support

Hermes: Dynamic Partitioning for Distributed Social Network Graph Databases

Student Access to Virtual Desktops from personally owned Windows computers

How To Get A Job At A Bank

Economics 340: International Economics Andrew T. Hill Nontariff Barriers to Trade

GENERAL OPERATING PRINCIPLES

ORGANIZER QUICK START GUIDE

The Swedish Radiation Protection Institute s Regulations on X- ray Diagnostics;

SESSION 4 PLANNING THE PROJECT PROJECT PLANNING DEFINITIONS

The art of Paperarchitecture (PA). MANUAL

PRESENTED TO. Data Leakage Worldwide: The Effectiveness of Corporate Security Policies

SUPERCEDED BY T1-Q12

Upward Planar Drawings of Series-Parallel Digraphs with Maximum Degree Three

JG, LG 2/6 3/6 NG, PG

QUANTITATIVE METHODS CLASSES WEEK SEVEN

How To Understand The Rules Of A Game Of Chess

Jesus Performed Miracles

REFUGEE PERCEPTIONS STUDY

Quality and Pricing for Outsourcing Service: Optimal Contract Design

Chapter 3 Chemical Equations and Stoichiometry

Enterprise Digital Signage Create a New Sign

December Homework- Week 1

P U B L I C A T I O N I N T E R N E 1800 PARTIAL ORDER TECHNIQUES FOR DISTRIBUTED DISCRETE EVENT SYSTEMS: WHY YOU CAN T AVOID USING THEM

200/225 OPTIMAX DTS INSTALLATION MANUAL

ROBERT D. MCHUGH, JR., Ph.D. FINANCIAL MARKETS FORECAST & ANALYSIS A Publication of Main Line Investors, Inc.

Code of Ethics and Standards of Professional Conduct

Graph Theoretical Analysis and Design of Multistage Interconnection Networks

2. Use of Internet attacks in terrorist activities is termed as a. Internet-attack b. National attack c. Cyberterrorism d.

Operation Transform Formulae for the Generalized. Half Canonical Sine Transform

Lesson 1: Getting started

Recall from Last Time: Disjoint Set ADT

Active Directory Service

DATA MANAGEMENT POLICY. SUMMARY OF PRINCIPAL CHANGES General changes None for amendments in this revision, refer to Appendix II, UPR IM16.

Econ 371: Answer Key for Problem Set 1 (Chapter 12-13)

AC Circuits Three-Phase Circuits

200/225/250/275 VERADO 4-STROKE INSTALLATION MANUAL

MANUFACTURING EXPERIENCE EXPERTISE

Transcription:

Th Splunk Gui to Oprtionl Intllin Turn Mhin-Gnrt Dt Into Rl-Tim Visiility, Insiht n Intllin Wht is Splunk Entrpris? Splunk Entrpris is th lin pltorm or rltim oprtionl intllin. It s th sy, st n sur wy to srh, nlyz n visuliz th mssiv strms o mhin t nrt y your IT systms n thnoloy inrstrutur physil, virtul n in th lou. Us Splunk Entrpris n your mhin t to livr nw lvls o visiility, insiht n intllin or IT n th usinss. Th Mhin Dt Opportunity All your IT pplitions, systms n thnoloy inrstrutur nrt t vry millison o vry y. This mhin t is on o th stst rowin n most omplx rs o i t. It s lso on o th most vlul, ontinin initiv ror o ll usr trnstions, ustomr hvior, snsor tivity, mhin hvior, surity thrts, ruulnt tivity n mor. Mkin us o this t, howvr, prsnts rl hllns. Tritionl t nlysis, mnmnt n monitorin solutions r simply not ninr or this hih volum, hih vloity n hihly ivrs t. Consir tritionl inormtion mnmnt systms, suh s usinss intllin n t wrhous tools. Ths systms r th-orint n sin or strutur t with rii shms. IT mnmnt n surity inormtion n vnt mnmnt (SIEM) tools, on th othr hn, provi vry nrrow viw o th unrlyin t n r hr-wir or spii t typs n sours. Thy lso on t provi historil ontxt. Finin ttr wy to sit, istill n unrstn th vst mounts o mhin t n trnsorm how IT orniztions mn, sur n uit IT. It n lso provi vlul insihts or th usinss on how to innovt n or nw srvis, s wll s trns n ustomr hviors. Th Splunk Approh Splunk Entrpris is th irst ntrpris-lss pltorm tht ollts n inxs ny mhin t whthr it s rom physil, virtul or lou nvironmnts. Splunk Entrpris n r t rom virtully ny sour, suh s ntwork tri or wir t, w srvrs, ustom pplitions, pplition srvrs, hyprvisors, GPS systms, stok mrkt s, soil mi, snsors n prxistin strutur tss. It ivs you rl-tim unrstnin o wht s hppnin n p nlysis o wht s hppn ross your IT systms n thnoloy inrstrutur, so you n mk inorm isions. Splunk Entrpris hs mny ritil uss ross IT n th usinss: Applition Dlivry: provi n-to-n visiility ross istriut inrstruturs; troulshoot ross pplition nvironmnts; monitor or prormn rtion; tr trnstions ross istriut systms n inrstrutur Surity, Complin n Fru: provi rpi inint rspons, rl-tim orrltion n in-pth monitorin ross t sours; onut sttistil nlysis or vn pttrn ttion n thrt ns Inrstrutur n Oprtions Mnmnt: protivly monitor ross IT silos to nsur uptim; rpily pinpoint n rsolv prolms; intiy inrstrutur srvi rltionships, stlish slins n rt nlytis to rport on SLAs or trk SLAs o srvi provirs Businss Anlytis: in visiility n intllin on ustomrs, srvis n trnstions; intiy trns n pttrns in rl tim; ully unrstn th impt o nw prout turs on k-n srvis; in pr unrstnin o usr xprin to improv ustomr stistion, prvnt rop-os, improv onvrsions n oost onlin rvnus Crt powrul, intrtiv shors.

Dvlopmnt: lrt vlopmnt n tst yls; support vn vlopmnt mthoolois (suh s il n ontinuous); intrt ntrpris pplitions with APIs, SDKs n othr morn w thnolois; uil ntrpris-lss pplitions tht lvr Splunk Entrpris. Finin n ixin prolms, ollowin th tril o n ttkr, rportin or omplin, nlyzin srvi us n ustomr hvior rquirs omplt viw. Splunk Entrpris nlyzs mhin-nrt t to rm ntwork ninrs, systm ministrtors, surity n omplin nlysts, vloprs, support/srvi sk st n usinss usrs lik with nw lvls o visiility, nlysis n insiht. This is ll oprtionl intllin. How is Splunk Entrpris Dirnt? Splunk Entrpris is irnt rom prvious pprohs to mnin, uitin, surin n thrin intllin rom IT systms n thnoloy inrstrutur. Hr s how: Immit rsults without th risk. Usrs n ownlo Splunk Entrpris or r, instll it in minuts, us simpl wizr to onor t n immitly t proutiv. No mor rmis o onsultnts or DBAs to mk it work. Most usrs ownlo n instll Splunk Entrpris whil thy r unr ir n th proo is immit. A srious srvi prolm or surity inint n now invstit in minuts, vrsus th hours or ys it us to tk. Bs on hih-prormn inxin n srh thnoloy. Evry y ovr illion popl srh n nvit w ps srv ll ovr th worl. Srh is lxil, intuitiv n livrs immit rsults. At its or, Splunk Entrpris hs powrul inxin n srh thnoloy, rinin whol nw mnin to sp n rsponsivnss. Srh illions o vnts in sons n strt sin rsults immitly. Lvr powrul nlytis. Avn turs nl thnil usrs to xplor n intrt with thir mhin t with powrul usr intr n Srh Prossin Lnu (SPL ) sin to srh, orrlt n visuliz t. Businss usrs n in rpi insihts usin simpl r-n-rop intr to nlyz t without lrnin th srh lnu. Pttrn ttion, instnt pivot n n vn il xtrtor mks it sy or vryon in your orniztion inluin nonspilists to turn mhin t into powrul insihts. Collt n inx ny mhin t. Mhin t is hih volum, hih vloity, hihly vril n inrily ivrs. It ontins ll tim-stmp vnts nrt y mhin-tomhin n humn-to-mhin intrtions. Th tritionl st o tools systm mnmnt, SIEM, CEP/ECA n lo mnmnt rquir wks or months to vlop n to oniur ustom onntors or h t sour. Splunk Entrpris ollts n inxs ny mhin t rom virtully ny sour, ormt or lotion in rl tim. This inlus t strmin rom pk n ustom pplitions, pp srvrs, w srvrs, tss, wir t rom ntworks, virtul mhins, tloms quipmnt, oprtin systms, snsors n muh mor. Thr s no rquirmnt to unrstn th t upront. You n us simpl wizr to lo t into Splunk Entrpris or ploy orwrrs to rlily strm t rom rmot systms t sl. Splunk Entrpris immitly strts olltin n inxin, so you n strt srhin n nlyzin. Anlyz rl-tim n historil t. Tritionl IT systms or ision twn rl-tim monitorin n historil nlysis. With Splunk Entrpris, you n srh n nlyz rl-tim strmin n tryts o historil t rom on pl. This mns you n intiy n rspon to pttrns o hvior or tivitis o intrst immitly. Most t mnmnt projts r sin to nswr pr-st list o qustions n must it into rittl shm. Inx t in Splunk Entrpris osn t hv ths limittions us th shm is ppli t th tim o srh so usrs n immitly sk nw qustions whil thy srh. Crt ustom shors n viws. You n to mk sns o hu volums o mhin t n stisy th ns o th irnt usrs n roups in your orniztion. With Splunk Entrpris, you n quikly rt ustom shors tht intrt multipl hrts n viws o your rl-tim t n ss thm rom your sktop or moil vi. Prsonliz shors or irnt usrs in your orniztion mnrs, usinss n surity nlysts, uitors, vloprs n oprtions tms. Usrs n it shors usin simpl r-n-rop intr n us intrt hrtin ontrols to hn hrt typs or viws ynmilly. Dshor pnls n sv inpnntly n pulish to pnl lirry, so insihts n shr ross tms. Sotwr tht popl wnt to us. It us to mk sns to mn your IT inrstrutur in silos. But with toy s istriut, virtuliz n lou-s nvironmnts, this just osn t work nymor. Splunk Entrpris rks own th IT silos. Srh, rport, monitor n nlyz ll your t rom vry pplition, srvr n vi physil, virtul or in th lou. Esily intrt with xistin ntrpris mnmnt, surity n omplin tools, or viw insihts rom Splunk Entrpris in ommon usinss pplitions lik Slsor or Mirosot ShrPoint. For lou ploymnts, Splunk Clou is vill* n inlus ll o th turs o Splunk Entrpris s lou srvi. Splunk Entrpris AMIs r vill or Amzon W Srvis (AWS) nvironmnts. Finin n ixin prolms, ollowin th tril o n ttkr, trin trnstions n inin nw insihts rom your oprtionl t is sunly orrs o mnitu str n sir. Do mor with Splunk Apps. Tk vnt o hunrs o pps tht run on top o th Splunk Entrpris pltorm. Apps livr trt usr xprin or irnt rols n us ss. Thr r rowin numr o pps, uilt y our ommunity, prtnrs n Splunk. Ths pps hlp you visuliz t orphilly or provi pr-in omplin viws or your mission-ritil thnolois suh s VMwr, Mirosot Exhn, Mirosot Ativ Dirtory, Ciso n Citrix. Thr r pps or irnt thnolois suh s Winows, Linux, Unix, virtuliztion, ntworkin thnolois n mor. Prmium pps, inluin th Splunk App or Entrpris Surity, th Splunk App or VMwr n th Splunk App or Mirosot Exhn, r vlop n support y Splunk. Us th Splunk App or Strm to ptur rl-tim wir t rom ntwork npoints ross puli, privt n hyri inrstruturs to nhn oprtionl 2

Businss Insihts Mk ttr-inorm usinss isions y unrstnin trns, pttrns n inin oprtionl intllin rom mhin t. Any Mhin Dt Trnsorm mhin t into rl-tim oprtionl intllin. Oprtionl Visiility Gin n-to-n visiility ross your oprtions n rk own silos ross your inrstrutur. Protiv Monitorin Monitor systms in rl tim to intiy issus, prolms n ttks or thy impt your ustomrs, srvis n rvnu. Srh + Invstition Fin n ix prolms, orrlt vnts ross multipl t sours n utomtilly tt pttrns ross mssiv sts o t. intllin. Brows pps, or vn rt n post your own, ll on th Splunk Apps sit (http://pps.splunk.om). Buil ntrpris-sl i t projts. Splunk Entrpris sls to ollt n inx hunrs o tryts o t pr y, ross multiorphy, multitntr n lou-s inrstruturs. An us th insihts rom your t r mission ritil, Splunk provis th rsilin you n, vn s you sl out your low-ost, istriut omputin nvironmnt. Automti lo lnin optimizs worklos n rspons tims n provis uilt-in ilovr support. Out-o-th-ox rportin n nlytis pilitis livr rpi insihts rom your t, rmovin th n or t sintists or omplx vlopmnt timrms. Multisit lustrin provis hih vilility n isstr rovry to nsur tht your mhin t is vill whn you n it. Kp up with hn. Th only onstnt in toy s omplx, virtuliz, lou or hyri IT nvironmnts is hn. Wht w think w know is otn wron. Tritionl IT mnmnt n surity pprohs ssum usrs know ll th possil ilurs n risks up ront n tht t ormts won t hn. This just isn t th s nymor. In t, most IT orniztions spn mor tim ustomizin n mintinin thir tools thn thy o usin thm. Splunk Entrpris osn t rly on rittl shms tht limit lxiility n rk whn t ormts hn. Splunk Entrpris inxs ll th t you n to inx in rl tim, ll th tim. Any intrprttion o th t you n, suh s xtrtin il or tin sust o hosts, n sily on s you srh. A pltorm or ntrpris vloprs. Enl vloprs to intrt t n untionlity rom Splunk Entrpris into pplitions ross th ntrpris usin sotwr vlopmnt kits (SDKs) or Jv, JvSript, C#, Python, PHP n Ruy. Dvloprs n lso uil Splunk Apps with ustom shors, lxil UI omponnts n ustom t visuliztions usin ommon vlopmnt lnus suh s JvSript n Python. Dlivrin th Ky Cpilitis or Oprtionl Intllin Univrsl olltion n inxin o mhin t, rom virtully ny sour Powrul srh prossin lnu to srh n nlyz rl-tim n historil t Automti ttion o intrstin pttrns in your t Rl-tim monitorin or pttrns n thrshols, trir lrts whn spii onitions ris Powrul rportin n nlysis Custom shors n viws or irnt usrs n rols Rsilin n sl on ommoity hrwr Grnulr rol-s surity n ss ontrols Support or multitnny n lxil, istriut ploymnts Conntivity with othr t stors inlus sll, rltim intrtion with rltionl tss n i-irtionl onntivity with Hoop n NoSQL t stors. Roust, lxil pltorm or vlopin ntrpris pps Univrsl Inxin Iniviul omponnts in your inrstrutur nrt hunrs o vnts pr son. A tntr n lo mny tryts o t pr y. You ll proly in wonrin how you r oin to ss ll this t in ll th irnt ormts n lotions. Splunk Entrpris ors vrity o lxil input mthos n osn t n ustom onntors or spii t ormts. You n immitly inx los, likstrm t, oniurtions, trps n lrts, msss, sripts, prormn t n sttistis rom your pplitions, srvrs, minrms n ntwork vis physil, virtul n in th lou. Flxil t input. Collt n inx t rom just out ny sour iminl, suh s ntwork tri, w srvrs, ustom pplitions, pplition srvrs, hyprvisors, GPS systms, snsors, stok mrkt s, soil mi n prxistin strutur tss. No mttr how you t th t, or wht ormt it s in, it s inx th sm wy without ny spii prsrs or onntors to writ or mintin. Gttin t in is st n sy just point Splunk Entrpris t your t n n intuitiv usr intr uis you throuh th rst. Forwrs t rom rmot systms. Splunk Entrpris orwrrs n ploy in situtions whr th t you n isn t vill ovr th ntwork or visil to th srvr whr Splunk sotwr is instll. Splunk Entrpris orwrrs 3

livr rlil, sur, rl-tim univrsl t olltion or tns o thousns o sours. Monitor lol pplition lo ils, likstrm t, th output o sttus ommns, prormn mtris rom virtul or non-virtul sours, or wth th il systm or oniurtion, prmissions n ttriut hns. Forwrrs r lihtwiht n n ploy quikly, t no itionl ost. Rl-tim inxin. IT tms pn on up-to-t inormtion or troulshootin, surity inint invstitions, omplin rportin n othr vlul tsks. Splunk Entrpris ontinully inxs mhin t in rl tim your los, oniurtion t, hn vnts, th output o inosti ommns, t rom APIs n mss quus, vn los rom your ustom pplitions. Cpturs vrythin. Stor oth rw t n th rih inx in n iint, omprss, runnt, il-systm-s t stor, with optionl t sinin n uitin to prov t intrity. No rii shms. Splunk Entrpris hs no prin shm. Solutions tht rly on rittl shms hv limit lxiility to nswr nw qustions n rk whn t ormts hn. Any intrprttion you n to o on th t, suh s xtrtin ommon il, or tin sust o hosts, is on t srh tim. Automts hronoloy. All this strmin t mns xtrtin n normlizin timstmps is vry importnt. Splunk sotwr utomtilly trmins th tim o ny vnt vn with th most typil or non-tritionl ormts. Dt missin timstmps n hnl y inrrin timstmps s on ontxt. Srh n Invstition Splunk Entrpris lts usrs srh n nvit thir t rom on pl. Srh n invstit nythin. Frorm srh supports intuitiv Booln, nst, quot strin n wilr srhs milir to nyon omortl on th w. This llows usrs to quikly itrt n rin thir srhs without knowin nythin out spii t ormts. Powrul srh prossin lnu. Th Splunk Srh Prossin Lnu (SPL) is qury lnu tht provis powrul mns to oprt on your t. It supports iv irnt typs o orrltion (tim, trnstions, su-srhs, lookups, joins) n ovr 135 nlytil ommns. You n lso onut p nlysis n vnt pttrn ttion or spottin pttrns or nw opportunitis in your t. Rl-tim srh. Srhin rl-tim strmin t n inx historil t rom th sm intr is st-in-lss. With Splunk Entrpris you n nlyz hvior n tivity in rl tim n s th historil ontxt. Tim-rn srh. Givn th lr volum n rptitiv ntur o mhin t, usrs otn strt y nrrowin thir srh to spii tim rn. With th ous on whn vnts hppn, Splunk Entrpris lts usrs omin tim n trm srhs. This ility to srh ross vry tir o your inrstrutur or rrors n oniurtion hns in th sons or systm ilur ours is inrily st n powrul. Evnt Pttrn Dttion. Mhin t n vry wily ross your inrstrutur th t rom your stor systms my not look lik th t rom your pplitions. Splunk Entrpris utomtilly tts mninul pttrns in mhin t, rrlss o t sour or typ. It thn nls usrs to zoom in n out usin visul timlin so thy n intiy trns, spiks n rill own into th rsults. Trnstion srh. Snin n mil, plin n orr on wsit or onntin VOIP ll will rt numr o vnts ross irnt IT omponnts. Otn you ll wnt to srh or ths olltions o vnts tht r ll prt o th sm trnstion. For xmpl, you n in ll th snmil vnts with th sm usr-id, twn loin n loout, tht our within tn minuts. Splunk Entrpris lts you orrlt vnts y inin ommon hrtristis n thn svin tht srh s trnstion, so you n in th sm typ o trnstions in or irnt srh prmtrs. Su-srhs. Tk th rsults o on srh n us thm in nothr to rt i/thn onitions. Usin su-srh llows usrs to s th rsults o srh only i st o othr onitions r mt (or not). Surity vnt mnmnt systms oprt on this prmis. For xmpl, you my only intrst in viwin on vnt i th thrshol or nothr vnt is mt in ivn tim prio. Lookups. Us to nhn, nrih, vlit or ontxt to t ollt in Splunk Entrpris. Corrltin intrusion ttion t (IDS) with t rom n sst mnmnt systm n ru IDS ls-positivs. For xmpl, n ttk s on Winows OS vulnrility sn y n IDS n orrlt with t rom n sst in ttk within th AIX OS. Joins. Support or SQL-lik innr n outr joins r similr in onpt to joins in n SQL ts. Innr n outr joins r support. Join s prt o srh strin n link on t st to nothr s on or mor ommon ils. Two ompltly irnt tsts n link tothr s on usr nm or vnt ID il prsntin th rsults in sinl viw. Intrtiv rsults. Compr to ommn lin sripts n tools, n intrtiv intr rmtilly improvs th usr s xprin n th sp with whih tsks n omplish. Zoom in n out on timlin o rsults to quikly rvl trns, spiks n nomlis. Dynmilly rillown in shors nywhr in hrt to th rw vnts or in ustom viws n limint nois to t to th nl in th hystk. Whthr you r troulshootin ustomr prolm or invstitin surity lrt, you ll t to th nswr quikly rthr thn tkin mny hours or ys. A Knowl Ain mhin t to Splunk Entrpris is possil with th ntiv or ustom input rmwork. Splunk Entrpris utomtilly isovrs knowl rom your t n lts usrs thir own, unlokin your t s ull potntil. Knowl out vnts, ils, trnstions, pttrns n sttistis n to your t. You n intiy, nm n t this t s wll. Go rom 4

inin ll vnts with prtiulr usrnm, to instntly ttin sttistis on spii usr tivitis. You n lso orrlt n nm trnstions tht spn multipl t sours. Splunk Entrpris mrris th lxiility o rorm srh with th powr o workin with your t, in wy you v nvr xprin or. Mp knowl t srh tim. Avoi th prolms us y tritionl pprohs y mppin knowl to t t srh tim, rthr thn ttmptin to normliz th t into rittl ts shm up ront. An thr s no mor n or th omplx mnmnt o ustom prsrs n onntors. Esily nrih your mhin t with inormtion rom xtrnl sst mnmnt tss, oniurtion mnmnt systms n usr irtoris. Now you hv lxil wy to mn your t, so s it hns, you on t hv to. Work smrtr. Splunk Entrpris lts vry usr thir own knowl s thy o. As you r svin srhs n intiyin irnt typs o ils, vnts n trnstions, you mk th systm smrtr or vryon ls. An tht knowl osn t wlk out th oor whn somon lvs. Monitor n Alrt Rthr thn usin srh to simply rt to ho inints or prolms, you wnt to protiv. Gin lxil lrtin pilitis tht improv your monitorin ovr. Bus Splunk Entrpris works ross your ntir IT inrstrutur, it s th most lxil monitorin solution in your rsnl. Turn srhs into rl-tim lrts. Srhs n sv n shul or ontinul monitorin n n trir lrts vi mil or RSS. You n vn kik o sript to tk rmil tions, sn n SNMP trp to your systm mnmnt onsol or nrt srvi sk tikt. Shulin lrts is rt wy to omplt th invstition o prolm or surity inint y protivly lookin or similr ourrns in th utur. Corrlt omplx vnts. Splunk Entrpris lts you orrlt omplx vnts rom multipl t sours ross your IT inrstrutur so you n monitor mor mninul vnts. For xmpl, you n trk sris o rlt vnts s sinl trnstion to msur urtion or sttus. Monitor or spii onitions. Alrts n s on vrity o thrshol n trn-s onitions n to ny lvl o rnulrity. Th srh lnu os yon simpl Booln srhs into il srhs, sttistil srhs n susrhs. You n orrlt on nythin you wnt n lrt on omplx pttrns suh s non shoppin rts, rut or ttks n ru snrios. A ontxt to lrts. Alrts n m with mhin t ontxt, thry ruin mn-tim-to-rsolution (MTTR). Rport n Anlyz I you v vr wnt to nrt rport on-th-ly rom hrto-unrstn mhin t, you ll lov Splunk Entrpris. Th Splunk Entrpris pltorm is pl o nrtin rports on n immns mount o t t lihtnin st sps. With uiltin lrtion thnolois, you hv ss to ky t or spii tim winow to mk usinss-ritil isions. With instnt pivot, you n rt powrul, inormtion-rih rports rom ny srh, without ny knowl o srh ommns. You n shul livry o ny rport vi PDF n shr it with mnmnt, usinss usrs or othr IT stkholrs. Rport on srh rsults. Esily uil vn rphs, hrts n sprklins rom srh rsults n visuliz importnt trns, s hihs n lows, summriz top vlus n rport on th most n lst rqunt typs o onitions. Th simpliity o nlyzin mssiv mounts o t will mz you (n your oss). For xmpl, rport n show th totl yts snt y IP rss rom irwll tivity vnts; tl showin yts pr protool pr IP rss; or hrt illustrtin irwll tri y hour or spii mploy s lptop. Virtully ny il n us s rportin ritri. An rmmr, us ils r intii s you srh, you n spiy nw ils without rinxin your t. Anlyz orrlt vnts. Splunk Entrpris supports iv typs o orrltion. Tim-s orrltions, to intiy rltionships s on tim, proximity or istn Trnstion-s orrltions, to tr trnstions tht spn multipl silos, systms n t sours so you n rport on n nlyz importnt tivitis Su-srhs, to tk th rsults o on srh n us thm in nothr Lookups, to orrlt t with xtrnl t sours outsi o Splunk sotwr, inluin rltionl tss Joins, to support SQL-lik innr n outr joins Instnt pivot. Pivot irtly on ny srh n llow ny usr to isovr rltionships in th t n uil rports, ll without hvin to lrn SPL. Plys wll with othrs. Now your ntir orniztion n lvr th vlu o mhin t. Rports n sv n shr with mnmnt or othr ollus in sur, ronly ormts, suh s PDF n vn intrt into shors. Dshor pnls n uilt n shr throuh shrl lirry, llowin thm to to ny shor. Custom Dshors n Viws Mk mor sns o th hu volums o t t your isposl. Crt ustom shors n viws or irnt typs o usrs, thnil n non-thnil. Intrt rports, srh rsults n vn t rom xtrnl pplitions. Eit shors usin simpl r-n-rop intr; intrt hrtin ontrols mn you n hn hrt typs on-th-ly. Doin this ll throuh th Splunk UI mns tht you n mpowr usinss usrs to o th sm. Rl-tim, intrtiv shors. Dshors intrt multipl hrts, viws n rports o liv n historil t to stisy th ns o irnt usrs. You n worklows nlin usrs to lik throuh to nothr shor, orm, viw or xtrnl wsit. Quikly uil n prsonliz shors 5

or mnmnt, usinss or surity nlysts, uitors, vloprs n oprtions tms. Mshups with othr pps. Crt mshups with othr ws pps, suh s Tivoli, SAP, surity onsols n mor, to provi smlss viw ross silos. Pruilt pnls. Quikly rt shors usin pruilt pnls tht r shrl n intrt multipl hrts n viws o your t. Ass thm rom your sktop or moil vi. Dshors whrvr you r. Chrts n timlins in Splunk Entrpris on t us Flsh, whih mns shors n viw n it on tlts, smrtphons n non- Flsh rowsrs. A Pltorm or Apps n Dvloprs Now tht you r inxin n mkin us o ll your mhin t, you n mk us o pps tht lt you o vn mor. Innovt on your own. Esily rt pps tht livr trt usr xprin or irnt rols n us ss. Th Splunk W Frmwork provis th ility to vlop n pk pps usin morn vlopmnt lnus. Dlivr usr xprin tilor to spii us s or umnt xistin vnor thnolois. Shr n ownlo pps. You n shr n rus pps within your orniztion n th rst o th Splunk ommunity. Thr r rowin numr o pps vill on Splunk Apps wsit (http:// pps.splunk.om), uilt y our ommunity, prtnrs n Splunk. You n in pps tht hlp visuliz t orphilly, or tht support spii us ss, suh s ntrpris surity or PCI omplin. Thr r lso pps or irnt oprtin systms n thir-prty thnolois, suh s Winows, Linux, VMwr, Mirosot Exhn, Ciso, WSphr n F5 Ntworks. Simpl mnmnt. On Splunk Entrpris is instll, you n pply rol-s ss ontrols n ploy pps with tilor usr xprin ross th orniztion, xtnin th vlu o your t to irnt usrs. Extnl pltorm. Th Splunk pltorm mks is sy to ustomiz n xtn th powr o Splunk Entrpris. Dvloprs n u n troulshoot pplitions urin vlopmnt n tst yls or intrt t rom Splunk Entrpris into ustom pplitions. Th Splunk Entrpris pltorm hs uilt-in SDKs or JvSript n JSON with itionl ownlol SDKs or Jv, Python n PHP. Dvloprs n lso uil Splunk Apps with ustom shors, lxil UI omponnts n ustom t visuliztions usin ommon vlopmnt lnus suh s JvSript n Python. Entrpris-Sl Bi Dt With Splunk Entrpris you n sl your instlltion rom sinl ommoity Winows, Linux or Unix srvr, to th lrst most omplx multiorphy, multitntr, lou-s inrstruturs inxin hunrs o tryts o t pr y. Th Splunk Entrpris rhittur is istriut n sls linrly ross ommoity srvrs to unlimit t volums. You ll in wi rn o options to ss t, stor it, srh it n rout it to othr systms. Esy instlltion. A sl-ontin sotwr pk with no pnnis on thir-prty prorms mks Splunk Entrpris sy-to-instll n t runnin. It works on ll mjor oprtin systms n hrwr pltorms. An us Splunk Entrpris is sotwr, it n oprt ross physil or virtul inrstruturs rthr thn rquirin it hrwr, powr n tntr sp. Anlyzs i t. Your tntr nrts mor mhin t thn you proly vr imin. A sinl proution srvr n nrt hunrs o myts o t y. Firwlls n w srvrs n h nrt mny tims tht mount. In t, mhin t is on o th stst, most omplx smnts o i t. This volum o t is lso sujt to rtntion rquirmnts rnin rom w ys or inint rspons, to months n yrs or omplin. Splunk Entrpris sls linrly ross ommoity hrwr. Whn onsirin prormn n omprin pprohs to ollt, inx n nlyz n visuliz your mhin t hr r som thins to look or n onsir: Inxin throuhput. Evnts-pr-son (EPS) is ommon throuhput msurmnt, ut onsir tht vnt sizs n vry rom w hunr yts to myt or mor. EPS rtins r usully lult t whtvr siz is optiml or on spii vnor s pplin or solution. Splunk Entrpris inxs vry yt in your t, without th n or ustom prsrs or onntors. I th vnor is unl or unwillin to quot you EPS iurs s on this ritri, mov on n in somon who will. Srh sp. Srhs o ny typ shoul rturn rsults in sons, not minuts or hours. Bs on istriut omputin rmwork, Splunk Entrpris utomtilly onvrts srhs into prlll prorm, proviin th ility to quikly rtriv n nlyz mssiv t sts. A sinl ommoity srvr will support srhin o illions o vnts in sons. Stor iiny. Msur s prnt o th oriinl t strm siz, stor iiny trmins th mount o stor pity you ll n to rtin your t n th ssoit inxs. A oo solution will rquir 25% to 50% o th oriinl t siz to rtin your t n usul st o inxs. Bwr o solutions tht lim 10% or lss o th oriinl t siz. Tht inits just th stor o omprss t n no inxin. Arhivin. Evntully you my i to tir th stor o your t. Tir stor n provi lowr ost n ttr runny. Arhivin t s on isk utiliztion or will om in hny or uilin multi-tir t stor. Mk sur your solution lts you st up n rhivin poliy s on tstor siz or n rstor your rhivs on mn. Linr slility. You n sl Splunk Entrpris horizontlly n vrtilly y simply in mor omputin powr. You n run istriut oniurtion on irnt physil srvrs, omintion o virtul n non-virtul srvrs, or on lr multior, multiprossor mhin. Bln worklos y oniurin multipl inxrs n srh nins ross your oniurtion. Srh h lustrin nls itionl onurrnt srhs n rus TCO y limintin th n or NFS stor rquirmnts. 6

Avilility. Th vilility n intrity o t r ountionl lmnts or n ntrpris. Th t is mission ritil n ns to vill t ll tims. Gin rtr prottion inst t loss whil mintinin t intrity. Th hih vilility rhittur o Splunk sotwr livrs uilt-in rsilin, so th riht t is vill whn you n it. Distriut srh. Otn it won t sil to physilly ntrliz ll your t in on pl. You will likly n to srh ross multipl instlltions n t stors in irnt thnoloy or orphi silos. Cntrliz mnmnt. Sin ss to mhin t nlytis is mission ritil, th istriut mnmnt onsol llows you monitor your Splunk ploymnt rom sinl lotion. Monitor th hlth n prormn mtris o your lr-sl lustrs, n riv lrts s on pr-in onitions. Intrtion. I you r lik most IT shops, you v m siniint invstmnts in othr mnmnt tools, monitorin tools n nlysis tools. Wouln t it rt i you oul intrt Splunk sotwr with ll o thm? Imin lunhin in-ontxt srhs rom your ntwork mnmnt onsol, snin Splunk lrts to your systm mnmnt onsol or utomtin troul tikt rtion whn unusul tivity ours. Splunk Entrpris provis multipl intrtion points n roust, oumnt API. Surity You ll n to kp your mhin t sur, spilly s you rliz wht vlul inormtion sst you hv. Splunk Entrpris provis sur t hnlin, ss ontrols, uitility, ssurn o t intrity n intrtion with ntrpris sinl sin-on solutions. Sur t ss n trnsport. Mhin t n snsitiv. Splunk Entrpris supports vn nonymiztion to msk onintil t rom rsults. Privt onsumr, hlthr or orport inormtion lso rquirs sur ss, trnsport n stor. Enrypt ss to t strms, usin protools suh s TCP/SSL is must-hv tur or nsurin t surity. Usr ss shoul lso sur usin protools suh s HTTPS or SSH or ommn-lin ss. Grnulr ss ontrol. O ours you lso n th ility to ontrol th tions usrs n tk n wht t, tools n shors thy n ss. You on t nssrily wnt to llow th pplition vlopmnt tm ss to your IDS sns, lrts n irwll los. Splunk is lxil, rol-s systm tht lts you uil your own rols to mp to your orniztion s poliis or irnt lsss o usrs. In som nvironmnts, lik multitnnt srvis, you my n to physilly ontrol ss to t. Th ility to rout slt t to istint Splunk instlltions will lt you physilly sprt t in irnt t stors. You ll lso wnt to intrt with LDAP n Ativ Dirtory n mp roups to irnt rols. Sinl sin-on. I you r usin ss ontrols intrnlly n hv orniztionl ss ontrol poliis, you ll wnt to mk sur you n intrt your Splunk Entrpris solution with your uthntition systm, whthr it s LDAP, Ativ Dirtory, -Dirtory or nothr uthntition systm. Auit pility. On you hv your ss ontrols st-up, you n to monitor who s oin wht. Splunk los ministrtiv n usr tivitis so you n uit who s ssin wht t n whn. Dt intrity. You ll lso n to nsur th intrity o your t. How o you know th srh rsults or rport you r viwin is s on t tht hsn t n tmpr with? With Splunk sotwr, iniviul vnts n sin n strms o vnts lok sin. Splunk lso provis mss intrity msurs tht prov nooy hs insrt or lt vnts rom th oriinl strm. Hrn ploymnt. Kpin n uit tril n sinin vnts is worthlss i th srvr runnin Splunk Entrpris n ompromis. B sur your vnor provis hrnin uilins. ROI n Splunk Splunk Entrpris ustomrs typilly hiv n ROI msur in wks or months, somtims vn or Splunk Entrpris hs n ploy into proution. Splunk Entrpris usrs n troulshoot pplition prolms n invstit surity inints in minuts inst o hours or ys, rmtilly improv srvi lvls, ru outs n livr omplin rportin t lowr ost. This visiility, typilly unvill prior to Splunk sotwr, livrs orniztions st ROI, nw proutivity n powrul insihts. Hr r w xmpls: A lin provir o hlthr mnmnt solutions voi $100K SLA pnlty oun urin th Splunk vlution phs. This sm ustomr hiv n nnul ROI o ovr $700,000. On o th worl s lrst usinss pulishrs rpl thir ol srvr monitorin sotwr with Splunk Entrpris n othr opn sour sotwr. This limint mintnn s n ru oprtions osts y $1.6 million/yr. A mjor ommunitions mnuturr voi $1.5M sotwr lins upr or thir xistin SIEM, rssin iv ull-tim nlysts to othr utis ($600,000/yr) n now monitors nw t sours to intiy prviously unknown ttks. Th worl s lrst B2B pokr provir, hostin 25 o th inustry s top rns n up to 45,000 onurrnt plyrs t pk hours, ru owntim y 30% n quntii n nnul svins o $1.9 MM (16x ROI in th 1st yr). On o th worl s lrst onlin trvl sits monstrt n nnul ROI ovr $14 million. This ROI ws omintion o tools onsolition, rtir linss, out voin n troulshootin iinis in usin Splunk Entrpris. Fr Downlo Downlo Splunk or r. You ll t Splunk Entrpris 6 lins or 60 ys n you n inx up to 500 myts o t pr y. Atr 60 ys, or nytim or thn, you n onvrt to prptul Fr lins or purhs n Entrpris lins y onttin sls@splunk.om. 7

Skin st-in-lss solution or mnin your mhin t? Hr s wht to look or: 1 Inx Any Mhin Dt Inxs ny mhin t nrt y pplitions, srvrs or ntwork vis inluin los, wir t, likstrm t, oniurtions, msss, trps n lrts, snsors, GPS, RFID, mtris n prormn t without ustom prsrs or onntors or spii ormts (inlus virtul n non-virtul nvironmnts). Dt n lo n inx sily n intuitivly. UIs n wizrs r vill to ui th pross. Flxil rl-tim n on-mn ss to t rom ils, ntwork ports n tss n ustom APIs n intrs. Cpturs wir t ontinin ntwork ommunition ross lyrs 3-7. Listns to TCP n UDP ntwork ports to riv syslo, syslo-n n othr ntwork inputs. Consums rhiv ils. Cpturs nw vnts in liv lo ils in rl tim. Monitors ils or hns. Quris ts tls vi DBI. Monitors Winows vnts rmotly vi WMI. Ntivly sss th Winows vnt API. Monitors th Winows ristry or hns. Connts to OPSEC LEA n othr ky surity vnt protools. Susris to mss quus suh s JMS. Cpturs th output o Unix/Linux systm sttus ommns lik ps, top n vmstt. Rmotly opis ils vi sp, rsyn, tp n stp. Extnsil vi sript inputs to ptur th output o nw sttus ommns, onnt to nw vnt APIs n susri to irnt kins o mss quus. Univrslly inxs t in virtully ny ormt without ustom prsrs or onntors or spii t ormts. Intiis vnts in sinl lin, multi-lin n omplx XML struturs. Ronizs n normlizs timstmps. Hnls or missin timstmps throuh ontxtul inrn. Cpturs n inxs th strutur o h vnt. Trks n inxs th host n sour o h vnt. Clssiis sour ormts ynmilly. Dnsly inxs vry trm in th oriinl t. 8

Rtins oriinl, unltr mhin t. Buils n unstrutur inx on isk without shm. Supports orwrin n rivin o t rom rmot hosts or lo lnin, ilovr n istriut ploymnts. 2 Srh, Invstit, Explor h i j k l m n o p q r s Srh vnts ross omponnts in multipl ormts t on. Srh liv n historil t rom th sm intr n utomtilly kill historil t or rltim winow srhs. Dlivr rpi t nlysis throuh il xtrtion tht s ontxt n mnin to mhin t. Fst rsults rom srhs on trms inst o quris optimiz or spii ils/olumns in prsistnt shm. Fr orm ho srh on ny trm in th oriinl vnts with support or Boolns, nstin, quot strins n wilrs. Pris srhs usin ils intii within th t t srh tim. Supports multipl shm viws into th sm t without runnt stor or r-inxin. Typ-h sustions to mk it sy to isovr wht to srh. Nvit to rlt vnts n rin srhs y likin on ils or trms within th srh rsults. Srh y tim ross multipl t ormts. Automtilly tts pttrns ross mssiv sts o mhin t to isovr mninul pttrns. Visuliz trns n nvit rsults usin intrtiv tim-s hrts, historms, sprklins n summris. Srh or trnstions ross irnt t sours n omponnts. Prsist srhs s vnt n trnstion typs n srh, iltr n summriz y vnt n trnstion typ. Disovr ils, vnt typs n trnstions intrtivly t srh tim. Sv srhs in rports, shors or viws to simpliy routin srh snrios. Browsr s, intrtiv AJAX usr intr. No plu-ins rquir. Optionl sriptl CLI intr or oth rl-tim n historil srh. Buil t mols tht in ojts, ttriuts n rltionships in th unrlyin mhin t. Alrt ny t mol with onsistnt uthorittiv viws o mhin t to riv hih prormn nlytis. 9

3 A Knowl h Enl th systm n th usr to utomtilly smnti mnin to mhin t. Automtilly isovrs knowl rom th mhin t, suh s timstmp, nm/vlu pirs, hrs, t. Lt usrs itionl knowl out th vnts, ils, trnstions n pttrns in thir mhin t. Assin ts to il vlus to hlp srh roups o vnts with rlt il vlus mor iintly. Intiy n lssiy trnstions y orrltin vnts ross multipl t sours. Sv srhs tht rturn intrstin rsults y ithr svin th srh strin (to run th srh ltr) or th srh rsults (to rviw th rsults ltr). Shr n promot sv srhs, sv rports n vnt typs with othr uthoriz usrs. Din ustom input pility n rus othr inputs; nsur tht ll inputs r vill or us in th mnmnt intr. 4 Monitor n Alrt Run tim-s srh on shul n st lrtin onitions s on thrshols n lts in th numr n istriution o rsults. Trir lrts vi mil, RSS, SNMP or sripts. Tk utomt orrtiv or ollow-on tions vi sript lrts. Em sophistit orrltion ruls in lrts vi su-srhs. A ontxt out th vnt tht trir th lrt. 10

5 Rport n Anlyz h i j k l Buil summry rports s on th rsults o ny srh intrtivly y likin on vill ils n sttistis. Crt rports usin ils n shms intii t srh tim. Supports multipl shm viws into th sm t without runnt stor or r-inxin. Supports sophistit sttistil n summry nlysis y piplinin vn srh ommns tothr in sinl srh. Lvr rport lrtion turs to iintly rport on th vry lr volums o t,.., lontrm trns. Alrt rports y mintinin summris tht r up-to-t, sll n us y othr liil srhs. Viw rport rsults in tulr orm; s intrtiv lin, r, pi, sttrplot n ht mp hrts. Pivot or rill own into ny il, trm or srh without rquirin knowl o n vn lnu. Clik throuh to nothr shor, orm, viw, or xtrnl wsit, rryin orwr ny rlvnt ontxt. Ch th rsults o shul rports or rus. Crt rl-tim rports s on liv strmin t sours. Gnrt PDF vrsions o rports ithr on-mn or on shul sis. Shul srhs or rport or utomt livry vi mil or RSS. 6 Crt Custom Dshors n Viws B h i j Crt n it shors tht omin srhs, rports, hrts n tls usin visul shor itor. Shr pr-uilt pnls to quikly uil shors tht intrt multipl hrts n viws. Buil sophistit shors with ntirly ustom usr intrs n rih visuliztions, inluin mshups with othr pplitions n t rom xtrnl sours. Provi pr-pk shors pitin ky inormtion n usr tivity suh s min tivity, srh tivity, inx tivity n inputs tivity. Lvr rport lrtion turs to iintly rport on th vry lr volums o t,.., lontrm trns. Expn or rstrit th rol-s r n writ prmissions or shor. Crt omposit shors s on liv n historil t sours. Dploy shors to vis n w rowsrs tht o not support Flsh. Provi th ility to uil omplx rports, tls n visuliztion without qury lnu. Provi intrt mppin sotwr with o-ip lotion. Intrt with ommon thir-prty pplitions. 11

7 Buil n Dploy Apps Provi th ility to uil n ploy pps on top o th mhin t pltorm or spii us ss. Pk ustom shors n oniurtions rnin rom sripts, knowl ojts n k-n sttins s pps. Esily rows n ynmilly swith twn pps runnin on th Splunk pltorm y usin n pp lunhr intr. Instntly s ll instll pps on instn tht th usr hs prmissions to s. Provi powrul rmwork to support th rtion o roust pps t ll lvls. Expn or rstrit th rol-s r n writ prmissions to th pp. 8 Dvlopr Pltorm n Intrtion Provi APIs to nl th quik intrtion with othr pplitions, IT mnmnt tools n systms. Minimum intr rquirmnts shoul inlu, ommn-lin intr, DBI, t routin, oumnt SDKs, REST API, sript lrts, sript inputs. Lvr ommon vlopmnt lnus lik Python n JvSript or ustom vlopmnt. 9 Sl n Dploy h i j k l A sl-ontin sotwr pk with no pnnis on thir-prty prorms. It runs on prmiss, in th lou or in virtuliz srvr n stor nvironmnts. Ntiv pks (rpm,, pk, m, msi, t.) n rhiv ormt istriutions (.tz,.zip,.tr.z) r vill or most wily ploy oprtin systms inluin Linux, Winows, Solris, HP-UX, AIX, Fr BSD n M OSX. Srvrs work tothr support oth ntrliz n ntrliz mols or mhin t mnmnt ross th orniztion. Provis rl-tim ntrliztion o mhin t rom proution srvrs with rlil t trnsport ovr TCP. Distriut rhittur to support hihly vill oniurtions with intrt rsilin, ilovr n lo lnin. Poliy-s t routin mon srvrs n to thir-prty systms. Linr slin to tryts pr y vi istriut srh n t lnin s on th MpRu thniqu. Sinl viw ross silos vi istriut srh. Mintins omplt, sin uit tril o ministrtiv tions n srh history. Monitors its own oniurtions or unuthoriz hn. Cntrlly monitor th hlth n prormn o ploymnts n lr-sl lustrs. Cntrliz, poliy-s oniurtion mnmnt ross srvrs in istriut ploymnt. 12

m n o p q r s t u REST API nls quik intrtion with othr IT mnmnt tools n systms. Tunl inxin lvls n st or irnt sours or vnts. Extrmly st srh sp, livrs rsults st ross illions o vnts. Hihly iint omprss stor 12-48% o th oriinl t siz typil or syslo pnin on inxin lvl. Dt stor uss lol or ntwork stor n is omptil with inrmntl il systm kup utilitis. Inx is srt y tim to support xtn rtntion tims without impt to srh prormn. Coniurl rhivin n t rtirmnt poliy y or siz. Arhiv n rstor omprss or ully inx t on mn. Filitts mintinin olst t usin lowr ost nrlin stor or xtn rtntion tims. Intrt us o MpRu to nl slin o rl-tim n histori srh untions ross ommoity hrwr. 10 Sur h Flxil rols or ontroll usr n API ss. Supports rnulr t ss n pilitis y rol. Enls rstrit ss to spii t sours, t typs, tim prios, spii viws, rports or shors. Authntition n uthoriztion intrtion with Ativ Dirtory, Dirtory n othr LDAP-omplint implmnttions. Intrtion to ntrpris sinl sin-on solutions nlin pss-throuh uthntition o thir-prty rntils. Rl-tim rmot inxin o t to minimiz th opportunity or ltrtion o uit trils on ompromis hosts. Sur t strm ss n istriut untionlity vi SSL/TCP. Sur usr ss vi HTTPS. Blok-sins vnts to monstrt t intrity. Mintins omplt, sin uit tril o ministrtiv tions n srh history. Monitors its own oniurtions or unuthoriz hn. 250 Brnnn St., Sn Frniso, CA 94107 ino@splunk.om sls@splunk.om 866-438-7758 415-848-8400 pps.splunk.om www.splunk.om 2014 Splunk In. All rihts rsrv. Splunk, Splunk>, Listn to Your Dt, Th Enin or Mhin Dt, Hunk, Splunk Clou, Splunk Storm n SPL r trmrks n ristr trmrks o Splunk In. in th Unit Stts n othr ountris. All othr rn nms, prout nms, or trmrks lon to thir rsptiv ownrs. Itm # SG-Splunk-OpIntll-127

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information