Query Federated Search for Splunk unlocks access to cybersecurity data wherever it is stored - regardless of vendor or technology - directly from the Splunk console.
Pipe Query into Splunk's search bar and you're able to execute a search of security-relevant data stored outside of Splunk. Results are returned in the Splunk interface and can be included in reporting and dashboards without having to ingest & store that data in Splunk.
Query can be connected to additional data sources in minutes using pre-built API connections, bringing additional data into Splunk's powerful security observability capabilities.
For example, you can run a federated search to fetch events, associated devices, and user information for an IP you are investigating:
| queryai search="ip = 172.16.16.10"
Run above in Splunk's Search input or in a Dashboard and you will see results in the Splunk UI as shown below:
Updated 12 days ago