Splunk indexes data from any application, server or network device. It crawls logs, metrics, and other data from applications, servers and network devices and indexes it in a searchable repository from which it can generate graphs, reports and alerts. You can search and analyze billions of events across your software applications and IT infrastructure from one location in real time. It is easy to to troubleshoot your software application problems, crushes or investigate security incidents in minutes. You can monitor your live applications, set notifications and alerts to avoid outages and avoid service degradation. There are two editions Splunk Free and Splunk Enterprise. Free edition is good for managing small to medium web site.

Index Live Data. The more data you index, the more you'll unlock about your IT infrastructure. Splunk Universal Indexing connects with every data source, including logs, configurations, traps and alerts, change events, the output of diagnostic commands (virtual and non-virtual), data from APIs and message queues, even multi-line logs from custom applications. Splunk indexing works without the need for specific parsers or adapters to write, maintain or buy. Once indexed, the same set of IT data is made available for troubleshooting, security incident investigations, network monitoring, compliance reporting and other valuables uses.

Search and Investigate. Once indexed, you can search for any event in your IT data. Don't know what you're looking for? Just start typing and Splunk's Search Assistant will offer typeahead suggestions based on what’s in your data. You’ll also see suggested searches based on your search history and contextual help so that you can leverage the full power of Splunk’s search language.

Modules.Every element you see on a page in Splunk Web is a module, from the search bar to the results. Modules can be customized in XML. Here is customization example for the switcher module (notice expression in red):

<module name="HiddenSearch" group="eps Indexed over time" autoRun="True">
  <param name="search">
    index=_internal source=*metrics.log Component=metrics group=per_sourcetype_thruput | timechart avg(eps) by series
  </param>
  <param name="earliest">-1h</param>
    <module name="StaticContentSample">
      <param name="text">On this one I've thrown in some static text to describe the elements.</param>
    </module>
    <module name="HiddenChartFormatter">
      <param name="chart">line</param>
      <param name="primaryAxisTitle.text">Sourcetype</param>
      <param name="secondaryAxisTitle.text">events per second</param>
      <param name="legend.placement">right</param>
        <module name="JobProgressIndicator"/>
        <module name="FlashChart">
          <param name="width">100%</param>
          <param name="height">300px</param>
        </module>
     </module>
</module>

Interact with Search Results. Splunk also lets you interact with your search results. Zoom in and out on a timeline of your results to quickly reveal trends, spikes and anomalies. Click to drill down into your results and eliminate noise to get to the needle in the haystack. Whether you're troubleshooting a ticket or investigating a security alert, you'll get to the answer in seconds or minutes rather than hours or days and avoid needing to escalate issues to other groups to view the data you need.

Custom Dashboards and Views. Create custom dashboards in minutes with Splunk’s Dashboard Editor and turn your IT data into powerful insight. Dashboards let you organize your information for the needs of different users - technical and non-technical. Integrate charts, search results and even data from external applications. Build entirely personalized dashboards for management, security analysts, auditors, developers and sysadmins.

Add Knowledge. Splunk automatically extracts knowledge from your IT data to help you harness that information. You can add knowledge about events, fields, transactions, patterns and statistics on-the-fly to further enrich IT data and make the system smarter for all users by identifying, naming and tagging fields and datapoints. You can even add information from external asset management databases, configuration management systems and user directories.

Monitor and Alert. Any search can be saved and scheduled for continual monitoring and can trigger alerts via email or RSS. You can even kick-off a script to take remedial actions, send an SNMP trap to your system management console or generate a ticket at a service desk. Alerts can be triggered based on a variety of threshold, trend-based conditions and even more complex searches.

Report and Analyze. Splunk’s Report Builder helps you easily build advanced graphs and charts, visualize important trends, see highs and lows, summarize top values and report on the frequency of conditions. You can create robust, information-rich reports from scratch without an advanced knowledge of search commands. You can also save reports, integrate them into dashboards and share them with management or other colleagues in secure, read-only formats such as PDF.

Build and Deploy IT Apps. Build, package and deploy your own Apps on top of Splunk. The Splunk App Framework enables Customers and Partners to create their own Apps. Deliver a user experience tailored to a specific use case or augment existing vendor technologies. Once built, apply role-based access controls and deploy Apps with a tailored installation experience.

Manage Splunk. The Splunk Manager web interface is designed for users and administrators. Users can manage their own objects - saved searches, reports, event types and dashboards. Administrators can manage the overall installation, system configuration and security access rights. Splunk Deployment Server lets you centrally manage distributed Splunk deployments, which may include multiple Splunk Search Heads, Indexers and Forwarders across machines, datacenters and geographies.