Frequently Asked Questions

S6 Vantage works with both Splunk Cloud and Splunk Enterprise on-premise deployments. The app installs directly in your Splunk environment regardless of hosting model. All processing happens within your Splunk instance.

Vantage analyzes your Splunk data sources, forwarders, and indexed data to automatically build a CMDB asset inventory. It creates relationship graphs showing dependencies between applications, infrastructure, and data flows. Updates continuously as new assets appear in logs.

Vantage fills gaps Splunk doesn't address: AI-powered query optimization (10-100x gains), complete pipeline visualization, automated asset discovery/CMDB, proactive issue detection, SVA compliance checking, dashboard modernization, and garbage collection of unused resources.

Yes. S6 Vantage for Cortex and other SIEM platforms are on our roadmap. The core technology is platform-agnostic—we're building SIEM-specific integrations based on customer demand. Splunk is first due to market share.

Core provides slow search reports, SVA compliance checks, legacy dashboard scanning, and basic resource monitoring. Pro adds AI-powered query optimization, advanced pipeline visualization, automated asset discovery, Dashboard Studio migration, data model alignment, and automated garbage collection.

Customers typically recover 10-20% of license capacity through optimization and garbage collection. One Fortune 100 customer avoided a $400k emergency license purchase. Savings vary based on current inefficiencies, but ROI is typically 300-500% in first year.

No. Vantage runs as a standard Splunk app using your existing Splunk infrastructure. No bespoke hardware, no vendor lock-in, no proprietary protocols. Full admin access to all components.

Vantage analyzes slow queries and identifies optimization opportunities—inefficient commands, unnecessary fields, poor indexing utilization. The AI engine generates optimized SPL that preserves functionality while improving performance 10-100x. Admins review and approve changes before deployment.

Yes. The pipeline visualization shows current data flows, bottlenecks, and capacity constraints. SVA compliance checks identify architecture deviations. This information helps plan capacity expansion, optimize indexer distribution, and improve search head cluster performance.

Pro license includes: Email and chat support, dedicated customer success manager, quarterly optimization reviews, access to Splunk-certified engineers, and priority feature requests. Core (free) includes community support.

Installation: 1-2 hours (standard Splunk app install). Initial scan and optimization recommendations: 24-48 hours. Full value realization: 1-2 weeks as automated optimization and monitoring establish baseline.

Yes. All processing happens within your Splunk environment. No data leaves your infrastructure. Vantage uses standard Splunk RBAC for access control. No external API calls, no cloud dependencies for Core functionality.