Frequently Asked Questions

S6 Vantage works with both Splunk Cloud and Splunk Enterprise on-premise deployments. The app installs directly in your Splunk environment regardless of hosting model. All processing happens within your Splunk instance.

Vantage analyzes your Splunk data sources, forwarders, and indexed data to automatically build a CMDB asset inventory. It creates relationship graphs showing dependencies between applications, infrastructure, and data flows. Updates continuously as new assets appear in logs.

Vantage focuses on operational gaps Splunk admins often handle manually: slow-search diagnostics and rewrite suggestions, pipeline visualization, automated asset discovery/CMDB, proactive issue detection, SVA alignment checks, dashboard modernization, and cleanup of unused resources.

Yes. S6 Vantage for Cortex and other SIEM platforms are on our roadmap. The core technology is platform-agnostic—we're building SIEM-specific integrations based on customer demand. Splunk is first due to market share.

Core provides slow-search reports, SVA checks, legacy dashboard scanning, and basic resource monitoring. Pro adds SPL rewrite assistance, advanced pipeline visualization, automated asset discovery, Dashboard Studio migration support, data model alignment, and automated garbage collection.

Savings depend on ingestion patterns, unused searches, dashboard sprawl, and current license headroom. Vantage helps quantify reclaimable capacity by identifying unused content, inefficient searches, and low-value data sources before teams commit to additional license spend.

No. Vantage runs as a standard Splunk app using your existing Splunk infrastructure. No bespoke hardware, no vendor lock-in, no proprietary protocols. Full admin access to all components.

Vantage analyzes slow queries and identifies optimization opportunities: inefficient commands, unnecessary fields, wide index scope, and missed data model acceleration. It proposes rewritten SPL with rationale and before/after validation; admins review and approve changes before deployment.

Yes. The pipeline visualization shows current data flows, bottlenecks, and capacity constraints. SVA compliance checks identify architecture deviations. This information helps plan capacity expansion, optimize indexer distribution, and improve search head cluster performance.

Pro license includes: Email and chat support, dedicated customer success manager, quarterly optimization reviews, access to Splunk-certified engineers, and priority feature requests. Core (free) includes community support.

Installation: 1-2 hours (standard Splunk app install). Initial scan and optimization recommendations: 24-48 hours. Full value realization: 1-2 weeks as automated optimization and monitoring establish baseline.

Yes. All processing happens within your Splunk environment. No data leaves your infrastructure. Vantage uses standard Splunk RBAC for access control. No external API calls, no cloud dependencies for Core functionality.