Start free inside your own Splunk. Pay when it earns its place.
A single dashboard generated by AI Workbench replaces work that would otherwise cost hours of senior Splunk-consultant time. We keep the entry point free, publish the Professional price openly, and tailor Enterprise and MSP to your estate. All prices exclude VAT.
Personal
- Single user (first to install becomes the owner)
- 1 Org / 1 Business Unit
- Core generation: SPL, dashboards, alerts, ML
- Bring your own LLM
Professional
- Unlimited users
- 1 Org / up to 3 Business Units (tenants)
- Unlimited concurrent sessions
- History + Tokens & Costs
- Node-locked to your Splunk environment
- No external tool integrations (MCP / custom tools)
Enterprise
- Unlimited users & Business Units
- One Splunk estate — covers all your Search Head Clusters (ES, Ops, ITSI)
- ES notable triage, IOC & user investigation, lateral movement detection
- ITSI service degradation & root-cause analysis
- Audit trail with per-Org consent & governance logging
- LLM fallback, observability & concurrency control
- Corporate IAM gateway hook (Okta, AzureAD, Ping, WebEAM)
- Named support + SLA
- Full roadmap access
MSP
- Unlimited users, Orgs & Business Units
- Multiple Splunk environments on one license key
- Per-customer tenant isolation
- All Enterprise capabilities included
- Volume terms as you grow
- Premium support + SLA
Compare editions
Every edition runs inside your own Splunk — no external SaaS, no data leaving your perimeter. Security workflows and audit logging are Enterprise features. Enterprise covers one Splunk estate with multiple Search Head Clusters; MSP covers multiple independent Splunk deployments.
| Feature | Personal | Professional | Enterprise | MSP |
|---|---|---|---|---|
| Price | ||||
| Price | Free | $600/mo · $6,000/yr | From $24,000/yr | Tailored / per env |
| Scale & tenancy | ||||
| Users | 1 (owner only) | Unlimited | Unlimited | Unlimited |
| Organizations | 1 | 1 | 1 | Unlimited |
| Business Units (tenants) | 1 | Up to 3 | Unlimited | Unlimited |
| Concurrent sessions | 1 | Unlimited | Unlimited | Unlimited |
| Splunk deployment coverage | 1 standalone | 1 deployment | 1 deployment, multiple SHCs | Multiple independent deployments |
| Core capabilities | ||||
| SPL, dashboards & alert generation | ✓ | ✓ | ✓ | ✓ |
| Machine learning (anomaly, forecast, cluster) | ✓ | ✓ | ✓ | ✓ |
| Bring your own LLM + BYOK | ✓ | ✓ | ✓ | ✓ |
| Knowledge layer | ✓ | ✓ | ✓ | ✓ |
| Splunk RBAC enforced | ✓ | ✓ | ✓ | ✓ |
| History | — | ✓ | ✓ | ✓ |
| Tokens & Costs visibility | — | ✓ | ✓ | ✓ |
| In-Splunk integrations (TrackMe, ES, ITSI awareness) | — | ✓ | ✓ | ✓ |
| External tool integrations (MCP servers, custom HTTP tools) | — | — | ✓ | ✓ |
| Security workflows (Splunk ES / SOC) | ||||
| ES notable triage & investigation | — | — | ✓ | ✓ |
| User / host / IOC investigation | — | — | ✓ | ✓ |
| Lateral movement detection | — | — | ✓ | ✓ |
| Phishing triage | — | — | ✓ | ✓ |
| ES coverage gap analysis | — | — | ✓ | ✓ |
| ITSI service degradation & root-cause analysis | — | — | ✓ | ✓ |
| Governance, reliability & support | ||||
| Audit trail (per-Org, long-retention) | — | — | ✓ | ✓ |
| Consent & governance change logging | — | — | ✓ | ✓ |
| LLM fallback & circuit breaker | — | — | ✓ | ✓ |
| AI Activity & LLM Health dashboards | — | — | ✓ | ✓ |
| Corporate IAM gateway hook | — | — | ✓ | ✓ |
| Per-tenant isolation (BU scoping) | — | 3 tenants | Unlimited tenants | Unlimited tenants |
| Support | Community | Standard | Premium + SLA | Premium + SLA |
All prices exclude VAT. Enterprise and MSP are tailored to your estate — talk to us. A 30-day Proof of Value with agreed success criteria is the fastest way to evaluate.
Enterprise covers one shared indexer layer with any number of Search Head Clusters (e.g. ES, Ops, ITSI on separate SHCs). For separate, independent Splunk deployments per customer, see MSP. Security workflows require Splunk Enterprise Security and/or ITSI to be installed in your environment.