Search

Use the Search & Reporting app to create SPL2-based searches. You can run ad-hoc SPL2 searches using the Search bar in any app where the Search page enabled. Additionally, you can write multiple searches in a single file using the SPL2 module editor. The SPL2 module editor is a separate user interface that includes point-and-click actions that help build your searches.

Additionally, you can use the SPL2 module editor to perform detailed investigations, write chained searches, build shared SPL2 resources, and create common knowledge objects such as reports, alerts, and dashboards. The Search & Reporting app is supported in both Splunk Cloud Platform and Splunk Enterprise.

For more information, see Get started with SPL2 in the Search & Reporting app in the SPL2 Search Manual.

The Search & Reporting app uses the SPL2 splunkd profile. For more information about the SPL2 compatibility profiles, see SPL2 compatibility profiles in the SPL2 Search Reference.

Edge Processor solution

The Edge Processor solution is a data processing solution that works at the edge of your network. Use the Edge Processor solution to filter, mask, and transform your data close to its source before routing the processed data to external environments.

With the Edge Processor solution, you can manage your data processing configurations and monitor your data ingest traffic through a centralized control plane in the cloud.

To configure an Edge Processor to transform and route data, you must create a pipeline and apply it. A pipeline is a SPL2 module that specifies what data to process, how to process it, and what destination to send the processed data to.

The Edge Processor solution supports a subset of SPL2 commands and functions. When writing a pipeline, you can include only the commands and functions that are part of the edgeProcessor profile. For more information about SPL2 compatibility profiles, see SPL2 compatibility profiles in the SPL2 Search Reference.

The Edge Processor solution is supported in both Splunk Cloud Platform and Splunk Enterprise. For more information:

Ingest Processor solution

The Ingest Processor solution is a data processing capability that works within your Splunk Cloud Platform deployment.

Use the Ingest Processor to configure data flows, control data format, apply transformation rules before indexing, and route data to destinations. You can manage your data processing configurations and monitor your data ingest traffic through a centralized Splunk Cloud service. To configure Ingest Processor to transform and route data, you must create a pipeline and apply it.

A pipeline is a SPL2 module that specifies what data to process, how to process it, and what destination to send the processed data to. The Ingest Processor solution supports a subset of SPL2 commands and functions. When writing a pipeline, you can include only the commands and functions that are part of the ingestProcessor profile. For more information about SPL2 compatibility profiles, see SPL2 compatibility profiles in the SPL2 Search Reference.

Ingest Processors are supported only on Splunk Cloud Platform.

For more information, see About the Ingest Processor solution in the Use Ingest Processors manual.

Federated search

Federated search is a tool that you use to search remote datasets throughout your data ecosystem from a single Splunk platform search interface. With federated search, you can break down your data collection silos and get cross-functional insights into data patterns and correlations that previously were unavailable to you, while managing security requirements with role-based data access controls.

The Splunk platform currently offers several federated search options: Federated Search for Splunk, and Federated Search for Amazon S3. SPL2 is supported only for Federated Search for Amazon S3.

Federated Search for Amazon S3 is supported only on Splunk Cloud Platform.

For more information, see Overview of the federated search options for the Splunk platform in Federated Search.

See also