Splunk App

Supercharge your Splunk

Query Federated Search for Splunk app unlocks access to cybersecurity data wherever it is stored - regardless of vendor or technology - directly from the Splunk console.

With this Splunk app, you can use Query directly from Splunk's search bar to execute a search of security-relevant data stored outside of Splunk. Results are returned in the Splunk interface and can be included in SPL searches, reporting and dashboards without having to ingest & store that data in Splunk.

Query can be connected to additional data sources in minutes using pre-built API connections, bringing additional data into Splunk's powerful security observability capabilities.

Federated Search Example

For example, you can run a federated search to fetch events, associated devices, and user information for an IP you are investigating:

| queryai search="ip ="

Run above in Splunk's Search input or in a Dashboard and you will see results in the Splunk UI as shown below:

What’s Next

Let's get setup, and then onto our first searches from Splunk...