Splunk is a great tool for helping make sense of logs
March 28, 2018

Splunk is a great tool for helping make sense of logs

Ryan Stasel | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise

I'm using Splunk to aggregate logs from various servers and devices within my department. While I don't interact with it daily, or even weekly a lot of times, I do use it heavily when faculty or staff come to me asking when users were logged in, when there are any questionable incidents on websites, etc.
  • Log aggregation is extremely well done. Whether sending it logs over Syslog, mounting log directories over NFS, or using their log forwarding service.
  • Searching. I'm an amateur at best when searching and aggregating logs. The reporting functionality is amazing.
  • I would love some better wizards to help build canned reports based off common data sets.
  • An easy way to back out integrating a log that suddenly balloons you over your license limits.
  • An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.
  • Awesome ROI for me. Again, while I don't use the software daily, when I do use it, it beats the pants off manually searching logs.
  • Allows me to provision less storage for logs on my servers, as I can have Splunk ingest and then archive/remove logs from those servers.
Honestly, I can't think of an instance where Splunk isn't well suited for a task. They offer a free license that will handle up to 500MB/day, which unless you're logging against AD, or Exchange, is probably plenty to trial the software. There are examples where I've grabbed a copy for home to help troubleshoot issues with my home network and the network devices supported sending to a Syslog server.

The only issue most users are going to have is cost once you start figuring out the amount of data you're going to be aggregating, the licensing costs can get rather steep.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Not Rated
Deployment flexibility
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
Host and network-based intrusion detection
Not Rated