Splunk Enterprise is a software product that enables you to search, analyze, and visualize the machine-generated data gathered from the websites, applications, sensors, devices, and so on, that comprise your IT infrastructure or business. After you define the data source, Splunk Enterprise indexes the data stream and parses it into a series of individual events that you can view and search. You can use the search processing language or the interactive pivot feature to create reports and visualizations.
Splunk Cloud is the data collection, indexing, and visualization service for operational intelligence.
Splunk Enterprise Security (ES) runs on top of the core Splunk 'Big-data' engine, extending the Splunk core capabilities for security team workflows. Use Splunk Enterprise Security to view security event metrics on dashboards across security domains in context with data from non-traditional data sources. ES supports drill-down into raw data for root cause analysis and also allows you to 'pivot' on any single piece of information to broaden an investigation.
See real-time status of the organization's security posture over the last 24 hours.
The Security Posture dashboard displays an SOC-style view of key metrics across security domains. Splunk Enterprise Security provides a library of prebuilt security indicators that support situational awareness and continuous monitoring of security domain risk.
The Identity Investigator dashboard displays information about known or unknown user identities across a predefined set of event categories, such as change analysis or malware.
Work directly with notable event.
Use the Incident Review dashboard to find, assign, analyze, and update notable events. Because the link to Incident Review was initiated from another dashboard panel, the Incident Review dashboard opens with a search for Host With A Recurring Malware Infection notable events and scoped to a narrow timeframe.
Splunk IT Service Intelligence (ITSI) is a next-generation network traffic monitoring and analytics solution that uses machine learning and event analytics to align IT and the business through actionable insights.
Deep Dives is an investigative tool that lets you visually identify and analyze issues in your IT environment. You can use Deep Dives to view KPI search results over time, zoom-in on KPI search results, and visually correlate root cause. Stack and organize Deep Dive lanes to create contextual views of metrics across your services.
The Service Analyzer tile view is the default service analyzer view. It displays the health scores of your servicesand the values of their associated KPIs (key performance indicators) in color coded tiles in order of severity.
Courtesy by Splunk®