Get More From Splunk with Query Federated Search

Combine Splunk with Query Federated Search to Extend your Splunk Visibility Without Adding the Cost

Watch the two-minute demo

The Query Splunk App enables you to add any connected data source into Splunk – without increasing ingestion or compute expenses. Expand Splunk’s data reach with all the data you need, including from data lakes, warehouses, object storage, or any other connected source with security-relevant and observability data to support your Security Data Operations (SecDataOps) use cases, and more.

Splunk: Bigger & Better

What Query Adds To Your Splunk

query in splunk for more data
More Data

The Query Federated Search for Splunk App allows security teams to add new data sources directly into Splunk’s search and existing dashboards without centralization, pipelining, or data storage.

Less Pivots & Workbenching

Splunk users can search directly from Splunk’s search bar or dashboards; one single, simple search command — automatically extracted and transformed into OCSF — making searching and using decentralized data to get answers simple and fast.

query splunk less pivots
query splunk familiar dashboard
The Splunk You Know

Query Federated Search connects your distributed enterprise data easily using APIs and integrates your data into the Splunk® console without any indexing.

More Data Without More Cost

Query finds the right data, normalizes it, and puts it in front of you without moving, storing, or ingesting it so you don’t incur costs.

query splunk more data less cost

Connect Splunk to Anything

Query allows you to extend Splunk to any source connected to the Query Federated Search platform:

We provide a no-code schema mapping for dynamic sources. Whether you have custom application logs or vendor-specific security logs stored in databases, lakehouses, warehouses, and other SIEMs — we support mapping it easily.

(Check here for our Connectors.)

query splunk connections

  • Splunk-to-Splunk
  • Splunk-to-AWS (Athena, Security Lake, CloudWatch)
  • Splunk-to-Datadog
  • Splunk-to-Microsoft (Defender 365, Sentinel, Log Analytics)
  • Splunk-to-Crowdstrike (Falcon API & FDR)
  • and more!…

Getting Started with Splunk + Query

In minutes, start adding new data sources to Splunk with Query

1

Download the App and
Set Up Your Account

Download the app from Splunkbase and define your Organization. Your first Organization is usually your company, but it could also represent a team or other group.

query platform signup

2

Connect your
Integrations

Set up Integrations, which are connections to data sources. You will need your access credentials, which could be URL, API keys, auth tokens, etc. Check out the available Integrations in the next section.

query platform integrations

3

Perform your
first Query!

Start typing using natural language to instantly search across all of your connected integrations!

query federated search app for splunk

Industry Feedback

"Effective security operations require teams to answer questions quickly using data from many sources, without long onboarding times and increasing data costs. Query is purpose-built to do just that. We are delighted to invest in Query." Janey Hoe Vice President, Cisco Investments "In 25 years of working with cybersecurity tools, I’ve never seen a bigger impact to customers in such a short time." Tammi Hayes President, Capital Strategies Group “Query is an enabler of the emerging SecDataOps trend that seeks to empower security operations with enterprise-wide data and collaboration.” Tari Schreider Strategic Advisor, Datos Insights “Security operations is a data game. It’s not just having the data, but the ability to make use of the right data when you need it. Query’s ability to rapidly integrate with distributed data is a game changer for teams defending cloud and SaaS environments at scale.” RUDY RISTICH President, Capital Strategies Group "Putting data to work is the future of security operations. Decoupling data analytics from data storage is the secret sauce. Query drastically increases our data visibility and allows us to control how we access and use data without always driving up the cost." Troy Wilkinson CISO, Interpublic Group

Quick & Easy API Connectors

with your Cloud, SaaS, and On-Prem Technologies.

We manage the APIs and put your security data to work. This list is constantly growing, so please email product(@)query.ai if you don’t see your tech listed.

To top