Does your website use third-party services? Get GDPR compliant in minutes.

Splunkd

What does Splunkd (Splunk RUM) do?

Splunk Observability data ingestion daemon (splunkd) paired with the Splunk Real User Monitoring agent that captures browser performance and error data on websites.

What splunkd does

splunkd is the core daemon of the Splunk platform. On a website, it is paired with the Splunk Real User Monitoring (RUM) agent, a JavaScript snippet that captures browser performance metrics (TTFB, LCP, INP), resource timings, JavaScript errors and optionally session replays. The agent ships events to splunkd through the HTTP Event Collector.

Data and cookies

The RUM agent sets a first party visitor cookie (splunk_rum_id) and a session token (splunk_rum_session). Events sent to splunkd contain URL, user agent, IP, performance timings, JavaScript stack traces and optionally a user identifier set by the operator.

GDPR and ePrivacy posture

Setting splunk_rum cookies and reading information from the visitor browser triggers Article 5(3) ePrivacy. Consent must be obtained before the RUM agent loads. Stack traces and URLs can incidentally contain personal data, so input scrubbing is critical.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Region selection and transfers

Splunk Cloud offers regional pods including the EU (AWS Frankfurt). Pick the EU region for European deployments, sign the Splunk Data Processing Addendum, sign Standard Contractual Clauses if any US support staff access data, and document the choice in your Record of Processing Activities.

Implementation steps

Gate the RUM agent behind your CMP, configure input scrubbing and URL masking, set short retention for session replays, sign the DPA and SCCs as required, run a DPIA when sensitive data may flow into stack traces and review the configuration yearly.

GDPR consent category

Analytics

Websites using Splunkd (Splunk RUM) must obtain user consent under GDPR regulations.

Legal basisConsent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy) for the Splunk RUM cookies and front end visitor identifier. Legitimate interest (Art. 6(1)(f)) for purely server side log ingestion that does not read or write information on the user device.

Risk levelmedium

Applicable regulationsGDPR, ePrivacy Directive, UK GDPR, CCPA

DPIA considerations

A DPIA is recommended when Splunk RUM is bound to logged in users, when session replays are recorded, or when stack traces and URL parameters can incidentally contain personal data.

Sample consent text

We use Splunk RUM to monitor performance and detect errors. With your consent, the Splunk agent collects diagnostic data and sends it to splunkd in our chosen Splunk Cloud region.

Technical details

Tracking methodJavaScript Real User Monitoring agent that captures browser performance, resource timings, errors and synthetic user actions, sent to a Splunk Observability Cloud or self managed Splunk Enterprise instance via the splunkd HTTP Event Collector.

Server locationOperator chosen (Splunk Cloud regions worldwide, including AWS Frankfurt for EU residency, or self managed splunkd Enterprise instance)

Cookieless tracking availableYes

Data transferred outside the EUDefault Splunk Cloud is in the United States; an EU region (AWS Frankfurt) is available. Confirm the chosen region with Splunk and document the Article 46 GDPR transfer tools (Standard Contractual Clauses) and the TIA when US regions are used.

Third-party domains contacted

splunk.comsignalfx.comrum-ingest.eu0.signalfx.comcdn.signalfx.com

Cookies placed

Name	Type	Duration	Purpose
splunk_rum_id	first_party	1 year	Persistent visitor identifier used by the Splunk RUM agent to deduplicate users across sessions.
splunk_rum_session	first_party	Session	Session identifier used to group performance and error events from the same browsing session.
splunk_rum_exp	first_party	90 days	Stores assignment to RUM experiment variants when the operator activates A/B sampling.

Splunkd (Splunk RUM) collects user analytics data — you legally need a consent banner. Try FlowConsent free.

Get started free Scan your site

Frequently asked questions

What cookies does the Splunk RUM agent set?

splunk_rum_id (visitor identifier) and splunk_rum_session (session). Optional cookies appear when the operator activates user identity propagation or experiments.

Is consent required to load Splunk RUM?

Yes. The cookies and the events sent to splunkd trigger Article 5(3) ePrivacy. Consent must be obtained before the RUM agent loads.

What is the legal basis for processing through Splunk?

Consent (Art. 6(1)(a) GDPR) for the front end RUM agent. Legitimate interest (Art. 6(1)(f)) for purely server side log ingestion in splunkd that does not access the user device.

Does Splunk transfer data to the United States?

Default Splunk Cloud is in the US, but an EU region (AWS Frankfurt) is available. Choose the EU region for European deployments. Sign SCCs if any US support staff access data.

Do I need a DPIA for Splunk RUM?

Recommended when RUM is bound to logged in users, when session replays are recorded or when stack traces and URLs can contain personal data.

How do I implement Splunk RUM compliantly?

Choose the EU region, gate the agent behind the CMP, configure input scrubbing, set short retention for replays, sign the DPA and SCCs, and document the agent in the cookie register.

What are the alternatives to Splunk RUM?

Datadog RUM (EU site), New Relic Browser, Dynatrace RUM, Sentry, GlitchTip and self hosted Grafana Faro paired with Loki.

How do I update my cookie policy when adding Splunk RUM?

List splunk_rum_id and splunk_rum_session with name, purpose, retention and processor (Splunk LLC). Mention the chosen region and any SCCs in your privacy notice.

Get compliant — Try FlowConsent free

Free plan · 10-min setup