Splunk Enterprise

"Offers more than you think"

Opmerkingen: We've used the software to detect layer 7 attacks, unearth issues we didn't realize were happening and gives us end to end insight into our stack.

Pluspunten: The system is highly intuitive to use. It is faster than other solutions I've used on the market and has a huge library of 3rd party plugins to get more from the system. It is easy to create scheduled searches, dashboards, reports etc. but there are a number of additional plugins (at an extra cost) to help with security, single pane of glass and metric collection.

Minpunten: It offers challenges for a decentralized working model. Where Splunk is centrally managed, it is easy to ensure that best practices are maintained. Where the system is opened up for an entire department to utilize and on-board their logs, it becomes more difficult. However, with some creative thinking and good process, this issue can be overcome.

"Best tool for Distributed logs data analysis"

Opmerkingen: We have several micro-services deployed in production which require to lookup application access as well as server logs and analyze data for their usage. We created several reports/charts for visualization. We use splunk as security logs tool to see the firewall traffic, tracing any vulnerable access, any database related crash ..etc.
It helps easily to find issue and fixed quickly by black listed in system.

Pluspunten: Splunk Enterprise is best tool to analyze the data based on different visualization. It help us to lookup distributed logs for micro-services . It enables field based lookup. For complex logging, we can use search query using expression. We can create multiple reports/charts for visualization such as a pie or bar chart for our data. Best feature what i like , We can visualize our search results and share them with others using dashboard panels. If Already have a dashboard, we can add a new panel from a report, clone from another dashboard, or add a prebuilt panel. Fully customization available. Interfaces is very flexible. We export it in different formats, or refresh it to visualize the newest data. Online Support is available through different community.

Minpunten: Search query builder is fully based on technical. for Non technical users, its really difficult to lookup logs. Sometimes, error thrown by query builder is more difficult to understand. Deep Learning is required to use splunk for production data. For Large application installation, it need to manage more.

"Spunk Review"

Pluspunten: It allows me to bring a lot of information into one friendly view. It's a great security audit tool.

Minpunten: It has limited functionality. It is a very memory intensive system. It does not integrate with Lennox.

"Splunk is a great solution for SIEM and also for monitoring your infrastructure"

Opmerkingen: We needed a way to monitor our internal environment and start to be more proactive with issues, so we started sending all of our logs to Splunk and we we able to get insights we did not know we needed. It is a great solution and they are constantly innovating.

Pluspunten: Splunk makes it easy to search through various data including logs. In the past I have had to pour through logs in order to find the one lines among the 100 of thousands of lines. Splunk allows me to search through those logs in a matter of seconds vs the hours it used to take.

Minpunten: Most of enterprise setup is done through the command line. It would be nice to have cluster configuration (index creation) as part of the UI.

"Splunk review"

Opmerkingen: Overall, it is a very good monitoring tool for an support team and developers for doing root cause analysis.

Pluspunten: Splunk Visually represents the logs mainly from production servers in the web UI . People who Usually has no access to logs in production servers, will access the logs through splunk UI with very simplified and friendly search query. It has lot of features like you can query for particular date and time range with specific characters. The search engine is very fast which will bring the query response effectively. we can access all types of logs including XML and JSON. we can create a custom dashboard with custom query for each projects and can relatively trigger the email to the support team in case of any issues. This tool is boon for production support team in any enterprise company.

Minpunten: Licensing cost is quite higher for enterprise usage. Query response time will be slow when you are searching for relatively longer history(Eg. 3 months old data)