Documentation

Splunk Enterprise

Splunk Enterprise Contents

Get Started

Administer

Manage Knowledge Objects

Leverage REST APIs

Release Notes and Updates

Analytics and Insights

Create Dashboards and Reports

Alert and Respond

Apply Machine Learning

Data Sources

Get Data In

Integrate Data with Splunk-Supported Add-Ons

Forward and Process Data

Connect Relational Databases

Collect Stream Data

Common Information Model

Splunk Edge Hub

Apps for Mobile Devices

REST API Reference

SPL Search Reference

Splunk Validated Architectures

Add-on for Sysmon

Splunk Add-on for Sysmon allows a Splunk software administrator to create a Splunk software data input and CIM-compliant field extractions for Microsoft Sysmon.

Last updated: May 28, 2025

Add-on for Sysmon

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

About This Site

Community Support

Supported Add-ons