Splunk App
Supercharge your Splunk
Query Federated Search for Splunk app unlocks access to cybersecurity data wherever it is stored - regardless of vendor or technology - directly from the Splunk console.
With this Splunk app, you can use Query directly from Splunk's search bar to execute a search of security-relevant data stored outside of Splunk. Results are returned in the Splunk interface and can be included in SPL searches, reporting and dashboards without having to ingest & store that data in Splunk.
Query can be connected to additional data sources in minutes using pre-built API connections, bringing additional data into Splunk's powerful security observability capabilities.
Federated Search Example
For example, you can run a federated search to fetch events, associated devices, and user information for an IP you are investigating:
| queryai search="ip = 172.16.16.10"
Run above in Splunk's Search input or in a Dashboard and you will see results in the Splunk UI as shown below:
Updated 3 months ago
Let's get setup, and then onto our first searches from Splunk...