Splunk Enterprise

Splunk: A Monitoring Tool for all your needs

Comments: If i have put a word it would say "Fantastic". The functionalities Splunk provides eases team to manage/monitor their IT infrastructure and internal application you will be well aware about the performance of your applications. Setup alerting and take necessary actions in stipulated time to overcome all the issues which may affect your application performance.

Pros:

Splunk offers various features whether you need to setup monitoring on your server, application logs based on logs ingestion set alerts so that teams got notified on real time and take actions accordingly. In this way, it helps to monitor application which are mission critical. You can make dashboards in Splunk where you can configure various components such indexes, data inputs and schedule reports as well. To achieve additional functionalities we can install third party apps as well such as AWS Add on for cloud watch log ingestion.

Cons:

From Admin perspective, I found user access management a little difficult. The roles of access management becomes complicated because some time the config files for that didn't came very handy. Other then that I think all in all Splunk provides fulfill all of the requirements.

Complete Security operations with Splunk

Comments: Splunk data visualization and its analytics handling chunks of data is exceptional.

Pros:

Data visualization, Analytics skills with AI-powered and can handle data in TB/per day without any interruptions in services. Live dashboards, developing use-cases and their capabilities (correlation).

Cons:

complex architecture and efficient skills are required, financial is also not feasible for small and medium customers. no inbuilt query builders for beginners to understand the platform.

Alternatives Considered: AlienVault OSSIM

Reasons for Choosing Splunk Enterprise: Its niche player was can handle only a few products data and not so feasible in terms of query building and customization in dashboards. Good for small businesses not for enterpraises.

Switched From: AlienVault OSSIM

Reasons for Switching to Splunk Enterprise: Not so feasible in handling data and its simple architecture cannot handle logs from all the data sources.

Spunk Review

Pros:

It allows me to bring a lot of information into one friendly view. It's a great security audit tool.

Cons:

It has limited functionality. It is a very memory intensive system. It does not integrate with Lennox.

Splunk - Real time Log Master to handle volume data

Comments: Very good for log analysis and data continuous analytics.

Pros:

INgestion of the huge volume of the data. q

Cons:

Reporting commands on volume data and training documentation on the reporting.

Splunk is a great solution for SIEM and also for monitoring your infrastructure

Comments: We needed a way to monitor our internal environment and start to be more proactive with issues, so we started sending all of our logs to Splunk and we we able to get insights we did not know we needed. It is a great solution and they are constantly innovating.

Pros:

Splunk makes it easy to search through various data including logs. In the past I have had to pour through logs in order to find the one lines among the 100 of thousands of lines. Splunk allows me to search through those logs in a matter of seconds vs the hours it used to take.

Cons:

Most of enterprise setup is done through the command line. It would be nice to have cluster configuration (index creation) as part of the UI.

Alternatives Considered: Elastic Stack

Reasons for Switching to Splunk Enterprise: Spelunking was simple to setup and the customer service is great. It performed very well and proved to be a valuable assets to run in Production.