Query's Federated Search allows security teams to add additional data sources directly in Splunk's search without additional data costs - decoupling data value from data cost. Query Federated Search integrates your distributed enterprise data easily using APIs and integrates your data into the Splunk® console. With Query Federated Search you can: * Vastly increase visibility across your enterprise Query Federated Search lets you find data from all types of data sources - including semi-structured cloud object storage, warehouses, lakehouses, and more - with a single search, to detect and respond to security issues faster. * Add new data sources in minutes Query can easily add data sources via API in a matter of minutes versus hours, days or weeks to add directly to Splunk. * Full use of the Splunk interface and reporting tools Results are delivered in Splunk’s interface and can be included in reporting and graphics the same as any other data point. * Add data sources without incremental data costs Reduce cost by storing data where you want without compromising security. No more compromising on data in the SIEM due to expense!