Item: Splunk Enterprise Security (ES)
Rating: 10
Author: Edna Cannon

Use Cases and Deployment Scope

We use Splunk to apply analytics techniques to gain business insights. The applications generate information, logs, which are stored in their own files causing, in this way we improve the analysis of our data. The grouping of the log files in a single place makes it easy to analyze the performance of our system and continuously propose possible improvements. It allows us to debug the applications, that is, to carry out the necessary tests to prevent possible problems.

Pros and Cons

Easy installation and minimal need for hardware resources for its use
It has a huge community behind it and has extensive and detailed documentation.
Semi-structured data logging, using the JSON format.
Supports multiple languages.
Architecture based on an extensive catalog of plugins (in_http, in_tail, out_mongo, out_webhdfs, out_kafka2…) that allows us to extend its functionality.
It features high stability and good performance.
Excellent configuration of alarms and triggers.
Extraction of additional information, secondary data can be accessed, such as the HTTP codes of requests to servers invoked by the APIs of our programs.

Splunk has, mainly, two negative aspects. The first, which is rather subjective, is that it is an on-premise solution, which implies a configuration that is costly both in terms of money and complexity
To deploy it in a high-scale environment, a dedicated cluster will need to be installed and configured. As a developer, that's not often what you could or would want to do, at least not as a first option.
The second con of Splunk is that it is expensive. To support a real-life application, tens of thousands of dollars will be needed.

Return on Investment

The configuration of our alerts in real-time prevents future manual repairs, as well as the data help us to detect the need to update both the software and the hardware and reduce the intervention times of qualified personnel. In the end, the economic savings are evident.

Scalability

Scalability is very good, technicians usually review the log files manually, or through search tools, to identify the source of operating errors or, also, to obtain metrics.

Key Insights

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Likelihood to Recommend

Splunk is packed with features to reduce and search huge amounts of data. Among all the SaaS log analysis tools, it is probably the richest in possibilities. Likewise, the fact that it is a service offered in the cloud implies a simpler configuration and operation. One of Splunk's main strengths is its ability to set benchmarks and actively notify you when key stats change after a certain event, such as a new release or porting attempt.

Security and better performance with Splunk

Overall Satisfaction with Splunk Enterprise Security (ES)