Overall Satisfaction with Splunk Enterprise
I'm using Splunk to aggregate logs from various servers and devices within my department. While I don't interact with it daily, or even weekly a lot of times, I do use it heavily when faculty or staff come to me asking when users were logged in, when there are any questionable incidents on websites, etc.
- Log aggregation is extremely well done. Whether sending it logs over Syslog, mounting log directories over NFS, or using their log forwarding service.
- Searching. I'm an amateur at best when searching and aggregating logs. The reporting functionality is amazing.
- I would love some better wizards to help build canned reports based off common data sets.
- An easy way to back out integrating a log that suddenly balloons you over your license limits.
- An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.
- Awesome ROI for me. Again, while I don't use the software daily, when I do use it, it beats the pants off manually searching logs.
- Allows me to provision less storage for logs on my servers, as I can have Splunk ingest and then archive/remove logs from those servers.