Overall Satisfaction with Splunk
Splunk is being used as an aggregator of our log data to produce reports for activity and audit and to monitor file access. The capabilities of Splunk streamline the level of effort needed to produce reports for auditors. Additionally, it can be setup to monitor file access which can indicate a data breach attempt as an example.
- Splunk is great for visualizing your data in a format that can indicate trends.
- Splunk can help you determine root cause and assimilate dissimilar data sources in a consistent manner.
- Splunk can help you find "the needle in the haystack" problems without having to log into many different devices.
- Splunk can be setup to look for symptoms that may cause issues in your environment and either alert report or trigger an action.
- Maybe wizards to help you walk through different tasks might help the beginner.
- Helps our prospects better understand how to visualize our log data.
- Helps define a complementary product.
- Helps sell our product to higher levels in the organization due to the visulaization of reports.
I have used base syslog, which does not have the parse capabilities and Arcsight which has major limitations. Splunk is easy to roll out and very easy to evaluate. The interface is very intuitive and there are a lot of Splunk apps for different devices and technologies which makes the rollout and ROI time faster. Also, the SE's at Splunk are awesome.