Splunk Cloud: Product Capability and Quick Start

Splunk Cloud is designed to be a cloud platform for Operational Intelligence. Every day organizations choose Splunk Cloud over point solutions because of the extensive advantages it provides.

Splunk Cloud Platform delivers the benefits of award-winning Splunk® Enterprise as a cloud-based service. Using Splunk Cloud Platform, you gain the functionality of Splunk Enterprise for collecting, searching, monitoring, reporting, and analyzing all of your real-time and historical machine data using a cloud service that is centrally and uniformly delivered by Splunk to its large number of cloud customers, from Fortune 100 companies to small and medium-size businesses. Splunk manages and updates the Splunk Cloud Platform service uniformly, so all customers of Splunk Cloud Platform receive the most current features and functionality.

Splunk Cloud Platform provides a complete suite of self-service service capabilities for you to ingest data, customize data retention settings, customize user roles and centralized authentication, configure searches and dashboards, update your IP Allow List and perform app management. In addition, you can use the Cloud Monitoring Console (CMC) to holistically monitor the data consumption and health of your Splunk Cloud Platform environment. Finally, ensure your Operational Contacts are kept up-to-date; see Your maintenance responsibilities for more details.

Product Capability

Monitor

Continuous monitoring of events, conditions, and key KPIs helps ensure that your operations run smoothly. With our scheduled search, you can create real-time dashboards and visualizations to keep your team and management informed. You can find more out-of-the-box dashboards for monitoring common IT, security, and application environments in our Splunkbase app store.

Alarm

Alarms can signal before important events and upcoming situations occur in real time. Splunk's custom alert action feature can automatically initiate follow-up actions (think: sending emails and executing remedial scripts) when an alert is triggered. These custom alerts can be set to different granularities based on various conditions (thinking: data thresholds and behavioral pattern recognition, such as abandoned shopping carts, brute force attacks, or fraud scenarios).

Dashboard

The dashboard integrates charts, views, reports, and reusable panels to display comprehensive data stories. Build and personalize dashboards to display the most relevant information for different audiences. Be able to display the same data to management, business and security analysts, auditors, developers, and operations teams in different ways to best help them take action. You can use the Splunk mobile app to access dashboards and reports anytime, anywhere.

Visualization

Choose from a variety of charts and other visualizations to tell compelling and actionable data stories. Intuitive charts and interactive visualizations make it easy to understand complex data and allow you to discover problems, opportunities, and potential problems.

Metrics

Metrics are numerical data points captured over time that can be compressed, stored, processed, and retrieved more effectively than logs. They are locally supported as first-class data, suitable for scale and performance. Using metric data can increase the speed of previous versions (before version 7.0) by at least 20 times.

Storage

Splunk Cloud stores data optimized for the cloud. You can configure data retention based on audit and compliance requirements and purchase more storage capacity.

Enterprise integration

You can embed Splunk reports and data in any application or use ODBC integration to access Splunk data in applications such as Microsoft Excel or Tableau. Using Splunk alerts, you can automatically trigger ticketing or other actions in the system. In addition, a rich SDK allows your team to integrate Splunk data and functions in a customized way.

User authentication

Splunk software supports SAML integration for single sign-on through the most popular identity providers, and is pre-configured for the growing number of vendors such as Okta, PingFederate, Azure AD, CA SiteMinder, OneLogin, and Optimal IdM. Splunk can also integrate other authentication systems such as LDAP, Active Directory, and e-Directory, and supports integration with Duo two-factor authentication.

Splunk Cloud Quick Start

To get started with your Splunk Cloud deployment, follow these high-level steps:

1.         Log in

2.         Get data in

3.         Search and manage your data

Log in to Splunk Cloud

To log in to your Splunk Cloud deployment, you must use the dedicated Splunk Cloud URL and log in credentials provided to you in the "Welcome to Splunk Cloud" email you received when you opened your account.

Get data into Splunk Cloud

To get data into Splunk Cloud, the most common approach is to install the Splunk Universal Forwarder on the machines where your source data resides, and configure them to send data to Splunk Cloud. You can also upload files, or monitor files and inputs. For more information on the options available for getting data into Splunk Cloud, see Introduction to getting data in.

Search and manage your data

After you get your data into Splunk Cloud, you can search the data to create reports, display the results using dashboards and visualizations, and set alerts that trigger when specific conditions are met. For detailed information, see the following manuals.