Data Management Solutions
Explore data management capabilities and services on Splunk Enterprise and Splunk Cloud Platform to process and transform data before indexing.
Both Splunk Enterprise and Splunk Cloud Platform offer a variety of data management capabilities and services to process and transform your data prior to indexing. See more details for each available solution in the table below.
| Ingest Processor | Edge Processor on Splunk Cloud Platform | Edge Processor on Splunk Enterprise | Ingest Actions | |
|---|---|---|---|---|
| Platform availability | Splunk Cloud Platform | Splunk Cloud Platform | Splunk Enterprise (version 10.0 and up) | Splunk Cloud Platform and Splunk Enterprise |
| Description |
Ingest Processor is a Splunk Cloud Platform capability that allows you to process data using SPL2 at the time of data ingestion. |
Edge Processor is a Splunk product that allows you to process data using SPL2 before you send that data out of your network to external destinations. You use a Splunk-managed cloud service to deploy and manage on-premises Edge Processors at the edge of your network. |
Edge Processor is a Splunk product that allows you to process data using SPL2 before you send that data out of your network to external destinations. You use a centralized control plane hosted within your Splunk Enterprise deployment to deploy and manage on-premises Edge Processors at the edge of your network. |
Ingest actions is a feature for routing, filtering, and masking data while it is streamed to your indexers. |
| Access |
Requires activation for Splunk Cloud Platform users. Ask a Splunk sales representative for access to the Ingest Processor solution if you are already a Splunk Cloud Platform user. Request Ingest Processor on your Splunk Cloud Platform stack, |
Requires activation for Splunk Cloud Platform users. Ask a Splunk sales representative for access to the Edge Processor solution if you are already a Splunk Cloud Platform user. |
Requires an administrator to set up a data management control plane in your Splunk Enterprise deployment, and then enable the Edge Processor service on this control plane. Set up a data management control plane, First-time setup instructions for the Edge Processor solution |
Requirements vary depending on your deployment topology. In general, you must have access to Splunk Web as either the admin or sc_admin role, or be a member of a role with the list_ingest_rulesets and edit_ingest_rulesets capabilities. |
| Cost | Two pricing tiers based on ingestion volume:
|
Included with Splunk Cloud Platform | Included with Splunk Enterprise | Included with Splunk Cloud Platform and Splunk Enterprise |
| Supported data sources | All data sources supported by Splunk Cloud Platform deployments on Victoria Experience. |
|
|
All data sources supported by the Splunk platform. |
| Supported data destinations |
|
|
|
|
| Transformation capabilities | Relies on Splunk Search Processing Language, version 2 (SPL2), which allows you to create tightly defined logic to transform data through pipelines. | Relies on Splunk Search Processing Language, version 2 (SPL2), which allows you to create tightly defined logic to transform data through pipelines. | Relies on Splunk Search Processing Language, version 2 (SPL2), which allows you to create tightly defined logic to transform data through pipelines. | Transforms data through rulesets, which are defined through drop-down menu options, offering more ease of use but less detailed options. |
| Where data processing takes place | In Splunk Cloud Platform | At the edge of your network, close to the data source. | At the edge of your network, close to the data source. | On your heavyweight forwarder or indexers |
| Data Processing Capabilities |
|
|||
| Release frequency | Releases outside of Splunk Cloud Platform | Releases monthly | Releases alongside Splunk Enterprise | Releases alongside Splunk Enterprise and Splunk Cloud Platform |
| Documentation |