We've tried the rest and now we're back on Splunk!
Anonymous | TrustRadius Reviewer
December 11, 2018

We've tried the rest and now we're back on Splunk!

Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Splunk Enterprise

Splunk is our dumping ground for our logs. We use Splunk to pump the monitoring and statistical logs to, whether for analysis, storage, or for debugging purposes. The main problem it solves is that we have many systems that live in different places, and having one centralized repository for our logging helps us with correlation of bugs to specific times, and monitoring how different infrastructure interacts.
  • Handles inputs from many different sources.
  • Very easy queries.
  • Dashboard support.
  • Scaling story.
  • Query speed.
  • Dashboarding allows us to immediately get value without having to have a query to find things in logs.
  • Allows us to troubleshoot bugs faster.
  • Having everyone have access to certain indexes is less of a headache for it to manage.
We've tried Sumo before and, while it did improve while we were using it, we ended up often pushing it to its limits, and at times it would fall over. The ingestion limits would at times be restrictive and our systems would generate more than it could handle, which would force us to develop a pipeline to handle logs and ensure they got to Sumo without being lost in translation.
We've tried the rest, and Splunk Enterprise seems to be the best solution for dumping our logs when you have either a multi-cloud or multi-product solution. It is great for having a centralized logging platform for multiple users to access and allows you to manage your data in many different indexes and control access to those indexes.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
10
Correlation
9
Event and log normalization
10
Deployment flexibility
9
Integration with Identity and Access Management Tools
10
Custom dashboards and views
10
Host and network-based intrusion detection
10