Splunk Light is a great starting point to event log indexing and repository
Overall Satisfaction with Splunk Enterprise
Currently we use it for compliance purposes. As per the policy we are required to maintain a record of authentication, authorization, and other security and audit logs surrounding the scope of the compliance. We are currently using Splunk Light to meet these compliance needs. Our auditor has been very pleased with the results of the reports we were able to generate using Splunk Light. We also use it to proactively fix issues that arise like locked AD, RSA, and other accounts that are being monitored.
Pros
- Indexing Logs
- Powerful Searching features
- Alerting us of very detailed alerts
- Custom indexing options
Cons
- Splunk Light does not scale very well
- Need to purchase Splunk Enterprise if you ever wish to use 3rd-party applications
- Very Basic. I wish Splunk Light came with a bit more capabilities out of the box
- Splunk Light has had a positive impact on our overall business objective of having a central log repository.
- Splunk Light is able to help us hunt down the reasons for account lock outs and has thus had a positive impact on time to resolution of helpdesk issues.
- Splunk Light had a positive impact on reporting and showing our auditor specific events he was looking for.
Splunk Light was easy to install, has great support from the vendor, and great community support. Other logging solutions did not have these benefits when we were looking to buy Splunk. They were cheaper, but Splunk seemed to be the gold standard in log repository and indexing. Splunk Light was a perfect fit for what we needed.
Comments
Please log in to join the conversation