Splunk Light: A great log management solution for small installations.
March 15, 2019
Splunk Light: A great log management solution for small installations.
Score 6 out of 10
Vetted Review
Verified User
Software Version
Splunk Light (legacy)
Overall Satisfaction with Splunk Enterprise
We installed Splunk Light to get our feet wet with centralized log management. The primary use was in our network and security department. Splunk Light allowed us to quickly and easily search across all of our device logs, as well as gave us the ability to correlate log entries between machines. It also helped us satisfy our compliance requirements for logging.
Pros
- Monitoring and Alerting: Creating custom actions based on log entries was the largest unexpected bonus for us. While we had other software configured to do this job Splunk was easy to implement and could be managed by a larger number of our team members.
- Cross-Device Analysis: Seeing data from all of your devices in one location makes following event chains much easier.
- Vendor Specific Add-ons: There is a large library of vendor-specific add-ons for the software allowing for automatic formatting and action for certain types of logs, greatly reducing the man-hours required to get started.
Cons
- Splunk Light doesn't include the ability to create data models or tables without paying for a large upgrade. This is a rather basic feature, I wish it had been included.
- High Availability is another basic feature that is excluded, greatly limiting Splunk Light's usefulness.
- Splunk Light allowed us to get started in the SIEM world. It allowed us to get a feel for what features we need and don't need.
- Splunk Light made diagnosing the root cause of errors easier, as it was simple to correlate logs from multiple sources.
We selected Splunk Light because people in our company had previous experience with it, the solution appeared to check all of our boxes, and the support structure gave Splunk a significant edge over open source solutions like the ELK stack.
Comments
Please log in to join the conversation