Splunk is an advanced IT search tool that offers users, administrators, and developers the ability to instantly search all data generated by applications, servers, and network devices in the IT infrastructure.
- Collect and index any machine data from virtually any source, format, or location in real time. Data can be any kind of machine data such as logs, application data, raw data from hardware and software sensors, user feedback data, survey responses, IoT device data, and more.
- Search and navigate machine data, through real-time, fast, free-form searches using five different types of correlation (time, transactions, sub-searches, lookups, joins) and interactive results.
- Gain operational intelligence by correlating and analyzing relationships within the data, across multiple sources, to facilitate event pattern detection.
- Visualize and report via custom dashboards and views, as well as scheduled reports, with interactive charts, graphs, and tables.
- Monitor and alert based on events, conditions, or key performance metrics. Alerts can be sent to indicate emerging issues and abnormal conditions that enable administrators to take preventative and proactive measures.
- Includes secure data handling, fine grain access controls, auditability, assurance of data integrity, and integration with existing authentication solutions.
- Add vendor supplied, community created and custom apps to enhance and extend the Splunk core features.
For a more detailed description of features and capabilities, see https://www.splunk.com/en_us/products/splunk-enterprise/features.html
The University of Texas has available a site license for Splunk Enterprise. It is available for use by all Faculty and Staff at no cost.
For more details, including information for other UT System campuses on Splunk licensing costs, please see the Purchasing self help article.
License terms include:
- An extensive indexing capability.
- Use on an unlimited number of systems on your campus.
- Use in a high-availability architecture at no added cost.
- An unlimited number of online user, admin, and developer training classes that are hosted by Splunk each month at no added cost.
License fees grant you the Right To Use (RTU) the software for the current fiscal year which runs from September 1 through August 31 of the following calendar year.
Splunk licensing is available at no cost to UT Austin departments and at a deeply discounted rate to all other UT System institutions. License fees grant you the Right To Use (RTU) the software for the current fiscal year which runs from September 1 through August 31 of the following calendar year. License fees are not pro-rated and must be renewed annually.
A free version is available to provide you with an opportunity to test the software.
Splunk is currently available to collect data from applications hosted on ITS managed servers and services.
Note that the UT Austin ISO also hosts the UT System Managed Splunk Service (UTMSS) for all other UT System campuses. UT System campuses with questions about this service are encouraged to consult with their respective Chief Information Security Officer or contact the UT Austin Information Security Office at firstname.lastname@example.org.
The following features are available to all managed customers:
- Resource management (servers, virtual servers, disk) to maintain agreed-upon service metrics
- Incident reporting and escalation
- Splunk service documentation and best practices
- Standard maintenance and upgrades
- Audit of customer account use
- Active monitoring of index space usage
- Consultation with Splunk administrators
Managed Splunk is currently offered at no additional cost to UT Austin - ITS managed customers.