Splunk Light: A great log management solution for small installations.
March 15, 2019

Splunk Light: A great log management solution for small installations.

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Software Version

Splunk Light (legacy)

Overall Satisfaction with Splunk Enterprise

We installed Splunk Light to get our feet wet with centralized log management. The primary use was in our network and security department. Splunk Light allowed us to quickly and easily search across all of our device logs, as well as gave us the ability to correlate log entries between machines. It also helped us satisfy our compliance requirements for logging.
  • Monitoring and Alerting: Creating custom actions based on log entries was the largest unexpected bonus for us. While we had other software configured to do this job Splunk was easy to implement and could be managed by a larger number of our team members.
  • Cross-Device Analysis: Seeing data from all of your devices in one location makes following event chains much easier.
  • Vendor Specific Add-ons: There is a large library of vendor-specific add-ons for the software allowing for automatic formatting and action for certain types of logs, greatly reducing the man-hours required to get started.
  • Splunk Light doesn't include the ability to create data models or tables without paying for a large upgrade. This is a rather basic feature, I wish it had been included.
  • High Availability is another basic feature that is excluded, greatly limiting Splunk Light's usefulness.
  • Splunk Light allowed us to get started in the SIEM world. It allowed us to get a feel for what features we need and don't need.
  • Splunk Light made diagnosing the root cause of errors easier, as it was simple to correlate logs from multiple sources.
We selected Splunk Light because people in our company had previous experience with it, the solution appeared to check all of our boxes, and the support structure gave Splunk a significant edge over open source solutions like the ELK stack.
Splunk Light is highly useful for smaller companies without regulatory requirements for logging of data. It has all of the main features required for basic troubleshooting and log retention for internal use. Splunk Light is not a good fit for large deployments as it's not capable of high availability, data modeling, SSO, or clustering will cause issues.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection