Splunk Enterprise - Log collection & aggregation
February 29, 2020
Splunk Enterprise - Log collection & aggregation
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise
Splunk was initially purchased to be our replacement for our syslog server, but it has grown into much much more and this is because of how easy it is to get logs into Splunk and the flexibility of what can be done with those logs.
We are now using it as a security tool, ingesting logs from lots of different sources and even our cloud platforms.
Currently it is just our IT team that use Splunk.
We are now using it as a security tool, ingesting logs from lots of different sources and even our cloud platforms.
Currently it is just our IT team that use Splunk.
- Dashboards/visualisations.
- Can ingest any type of data.
- Flexibility with filtering, etc.
- Steep learning curve.
- Full stack reporting (though with SignalFX being purchased by Splunk, this is clearly a high priority).
- Team needed to manage large installations.
- Better security posture.
- Single pane of glass monitoring.
- Ability to alert on security events or errors.
We originally used Kiwi Syslog but this was not able to keep up with the level of logs that were being sent to it. Also Kiwi does not allow you to search through logs, create alerts, etc. or any of the other features Splunk has. It is purely just a web GUI for syslog.
Do you think Splunk Enterprise delivers good value for the price?
Yes
Are you happy with Splunk Enterprise's feature set?
Yes
Did Splunk Enterprise live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise go as expected?
Yes
Would you buy Splunk Enterprise again?
Yes