Splunk Enterprise

"Offers more than you think"

Opmerkingen: We've used the software to detect layer 7 attacks, unearth issues we didn't realize were happening and gives us end to end insight into our stack.

Pluspunten: The system is highly intuitive to use. It is faster than other solutions I've used on the market and has a huge library of 3rd party plugins to get more from the system. It is easy to create scheduled searches, dashboards, reports etc. but there are a number of additional plugins (at an extra cost) to help with security, single pane of glass and metric collection.

Minpunten: It offers challenges for a decentralized working model. Where Splunk is centrally managed, it is easy to ensure that best practices are maintained. Where the system is opened up for an entire department to utilize and on-board their logs, it becomes more difficult. However, with some creative thinking and good process, this issue can be overcome.

"Splunk is a great solution for SIEM and also for monitoring your infrastructure"

Opmerkingen: We needed a way to monitor our internal environment and start to be more proactive with issues, so we started sending all of our logs to Splunk and we we able to get insights we did not know we needed. It is a great solution and they are constantly innovating.

Pluspunten: Splunk makes it easy to search through various data including logs. In the past I have had to pour through logs in order to find the one lines among the 100 of thousands of lines. Splunk allows me to search through those logs in a matter of seconds vs the hours it used to take.

Minpunten: Most of enterprise setup is done through the command line. It would be nice to have cluster configuration (index creation) as part of the UI.

"Excellent product"

Opmerkingen: I have worked with dozens of companies to implement Splunk. My experiences have bee overwhelming positive.

Pluspunten: When you need to store, correlate, and search large amounts of data, especially System Log data, there is no tool that even comes close to Splunk. It's power and flexibility is amazing.

Minpunten: Very expensive. Difficult to implement until all moving parts are understood. Steep learning curve for beginners.

"Spunk Review"

Pluspunten: It allows me to bring a lot of information into one friendly view. It's a great security audit tool.

Minpunten: It has limited functionality. It is a very memory intensive system. It does not integrate with Lennox.

"Best tool for Distributed logs data analysis"

Opmerkingen: We have several micro-services deployed in production which require to lookup application access as well as server logs and analyze data for their usage. We created several reports/charts for visualization. We use splunk as security logs tool to see the firewall traffic, tracing any vulnerable access, any database related crash ..etc.
It helps easily to find issue and fixed quickly by black listed in system.

Pluspunten: Splunk Enterprise is best tool to analyze the data based on different visualization. It help us to lookup distributed logs for micro-services . It enables field based lookup. For complex logging, we can use search query using expression. We can create multiple reports/charts for visualization such as a pie or bar chart for our data. Best feature what i like , We can visualize our search results and share them with others using dashboard panels. If Already have a dashboard, we can add a new panel from a report, clone from another dashboard, or add a prebuilt panel. Fully customization available. Interfaces is very flexible. We export it in different formats, or refresh it to visualize the newest data. Online Support is available through different community.

Minpunten: Search query builder is fully based on technical. for Non technical users, its really difficult to lookup logs. Sometimes, error thrown by query builder is more difficult to understand. Deep Learning is required to use splunk for production data. For Large application installation, it need to manage more.