Splunk Enterprise

Splunk: A Monitoring Tool for all your needs

Opmerkingen: If i have put a word it would say "Fantastic". The functionalities Splunk provides eases team to manage/monitor their IT infrastructure and internal application you will be well aware about the performance of your applications. Setup alerting and take necessary actions in stipulated time to overcome all the issues which may affect your application performance.

Pluspunten:

Splunk offers various features whether you need to setup monitoring on your server, application logs based on logs ingestion set alerts so that teams got notified on real time and take actions accordingly. In this way, it helps to monitor application which are mission critical. You can make dashboards in Splunk where you can configure various components such indexes, data inputs and schedule reports as well. To achieve additional functionalities we can install third party apps as well such as AWS Add on for cloud watch log ingestion.

Minpunten:

From Admin perspective, I found user access management a little difficult. The roles of access management becomes complicated because some time the config files for that didn't came very handy. Other then that I think all in all Splunk provides fulfill all of the requirements.

Complete Security operations with Splunk

Opmerkingen: Splunk data visualization and its analytics handling chunks of data is exceptional.

Pluspunten:

Data visualization, Analytics skills with AI-powered and can handle data in TB/per day without any interruptions in services. Live dashboards, developing use-cases and their capabilities (correlation).

Minpunten:

complex architecture and efficient skills are required, financial is also not feasible for small and medium customers. no inbuilt query builders for beginners to understand the platform.

Overwogen alternatieven: AlienVault OSSIM

Redenen om voor Splunk Enterprise te kiezen: Its niche player was can handle only a few products data and not so feasible in terms of query building and customization in dashboards. Good for small businesses not for enterpraises.

Overgestapt van: AlienVault OSSIM

Redenen om over te stappen op Splunk Enterprise: Not so feasible in handling data and its simple architecture cannot handle logs from all the data sources.

Splunk Enterprise, not just a SIEM

Opmerkingen: We have been using Splunk Enterprise, ES, ITSI, and other Splunk parts for 6+ years in production. This has helped us reduce staff in some cases, increase response time in most cases, and allow non-IT teams to get data and metrics in a fast efficient way.

Pluspunten:

The versatility is amazing. The same data in logs, such as IIS, can be used for Security, Application performance, and even error handling. This allows us to use one log to help multiple teams. This is just one example.

Minpunten:

Start up takes someone who has had some training. While searching and output is easy, its the onboarding of custom apps that takes the know how.

Overwogen alternatieven: LogRhythm Log Management en Sumo Logic

Redenen om over te stappen op Splunk Enterprise: Versatility with custom applications we create in house.

Spunk Review

Pluspunten:

It allows me to bring a lot of information into one friendly view. It's a great security audit tool.

Minpunten:

It has limited functionality. It is a very memory intensive system. It does not integrate with Lennox.

Splunk is a great solution for SIEM and also for monitoring your infrastructure

Opmerkingen: We needed a way to monitor our internal environment and start to be more proactive with issues, so we started sending all of our logs to Splunk and we we able to get insights we did not know we needed. It is a great solution and they are constantly innovating.

Pluspunten:

Splunk makes it easy to search through various data including logs. In the past I have had to pour through logs in order to find the one lines among the 100 of thousands of lines. Splunk allows me to search through those logs in a matter of seconds vs the hours it used to take.

Minpunten:

Most of enterprise setup is done through the command line. It would be nice to have cluster configuration (index creation) as part of the UI.

Overwogen alternatieven: Elastic Stack

Redenen om over te stappen op Splunk Enterprise: Spelunking was simple to setup and the customer service is great. It performed very well and proved to be a valuable assets to run in Production.