Heavy Hitter SIEM!
Overall Satisfaction with Splunk Cloud
We use Splunk to centralize and consume all of our server logs, and various other logs, to monitor for interruptions in service, anomalous activity, and other security-related events. Splunk is primarily used by our DevOps and Security teams. Splunk solved an issue of being able to easily and effectively search hundreds of thousands of log entries in an easy to consume format.
Pros
- Splunk is extremely versatile and can consume just about any kind of log out there.
- Splunk's search function is very powerful, and allows for some very complex search criteria. Narrowing and/or expanding search results is as simple as a click of the mouse.
- There are many different apps/plugins that can be added to Splunk that provide built-in reporting and alerting on certain kinds of events, meaning you don't have to be an expert to use Splunk.
Cons
- There is a bit of a learning curve to figure out how to initially use it.
- When SAML is set up, there is no apparent way to log out.
- The biggest return on investment is how quickly logs are now consumed, and how quickly we can follow events that occur in logs.
- The number of logs that can be consumed by Splunk is much higher than previous solutions.
- We have much better visibility into our logs, and are able to spot patterns in events with the built-in graphs and reports.
Other solutions weren't able to consume the volume of logs that we were producing on a daily basis. Searching was difficult because of proprietary or simply confusing search mechanisms. Splunk simplified the searching by using regular expressions. Although the cost of Splunk was higher than other solutions available, none of the other solutions were able to quickly and easily present data in a simple and easy to understand way.
Comments
Please log in to join the conversation