title: "Splunk Operator" tagline: "AI agents that build dashboards, monitor ML, and tame your Splunk telemetry" summary: "An AI-powered Dashboard Studio builder, ML drift and quality monitoring, ES enrichment, and telemetry optimization. All preconfigured for Splunk." status: "available" tier: "starter" platform: "splunk" featured: true icon: "Zap"
What Splunk Operator does
Splunk Operator turns natural-language requests into production Dashboard Studio dashboards, monitors your ML pipelines for drift and data-quality regressions, enriches Enterprise Security notable events with behavioural baselines, and continuously suggests telemetry optimisations. It runs as a hosted SaaS on top of your Splunk. Your search data stays in Splunk. We orchestrate the agents.
Dashboard Studio Builder
Describe what you want to see. The agent discovers the right indexes, sourcetypes, and fields via MCP, writes the SPL, picks the right visualisations, applies a theme, and ships a validated Dashboard Studio JSON file ready to deploy.
ML Monitoring Suite
Five purpose-built agents:
- Drift detection: statistical drift monitoring on saved searches
- Data quality: schema profiling and anomaly surfacing per index + sourcetype
- ML model lifecycle: train, version, and score models
- ES enrichment: risk scoring and behavioural baselines on notable events
- Feedback loop: correlate findings, recommend and execute remediation
Telemetry Optimisation
Continuous review of your search workloads with concrete recommendations to lower SPL cost, cardinality, and TCO.
How it works
You connect Splunk Operator to your Splunk over HTTPS using a service-account token. The agents run on autoMETA's infrastructure. The only data ever sent over the wire is the search results the agent explicitly needs to do its job. Nothing is persisted outside your Splunk except workflow telemetry (token counts, audit records).
For environments that cannot allow inbound network access, the Enterprise plan ships the entire stack as a Docker package you run inside your own VPC.
FAQ
Does Splunk Operator need my Splunk to be internet-reachable? For the hosted plans, yes. Over HTTPS, with a token you control. The Enterprise plan removes this requirement: same agents, your network, your infrastructure.
Which versions of Splunk are supported? Splunk 9.4 and newer (Splunk Cloud and Splunk Enterprise). The dashboards we build use 9.4-safe Dashboard Studio JSON so they remain compatible with future versions.
Can I export everything I build? Yes. Dashboards, themes, optimisations: everything is owned by you, exportable as JSON/XML, and continues to work if you cancel.