Using the Query Federated Search App for Splunk

With Query, data does not need to be ingested or stored in Splunk to be used in Splunk. Query is a bridge between Splunk and your data, wherever it is stored, making more data accessible and actionable within your Splunk instance.

With Federated Search and in-flight data normalization, Query can add additional data to your Splunk reports and rule sets seamlessly.