Splunk

Puntos a favor: - Free to use for small 500MB or less daily ingress, quite nice for small use cases and learning
- No development work required to deploy and provide value.
- Deployment flexibility: client agents are available to use, or clientless configurations for multiple OS platforms. It's also very easy to deploy, not just flexible. its a very simple affair.
- Segmentation of logs: You can create separate instances of of logs to aggregate, based on organization needs. And those instances can have their own individual storage policies to optimize consumption of storage resources.
- Configuration design: Thoughtful and mature documentation and design of the application regarding enterprise-class scaling on network storage.
-POWERFUL tools: The user interface lends itself to learning more about your organization from the logs you collect, through metrics of trends of the logs being gathered. There are also specific modules/add-ons for popular applications to provide more value and event-based monitoring, all without having to develop in-house dashboards and intelligence of those logs.
- Customization: You can create your own queries of logs, and event-based alerts.
- Web-based GUI that clean is powerful
- Sales/Technical Reps are top notch in fielding questions and evaluating environment for deployment. They were extremely helpful in helping our organization develop procedures and scaling our environment for expansion with our existing infrastructure.

Puntos en contra: - Price: This product is not free for more than the minimal use. Pricing can be very expensive, relative to open source offerings. That is the trade-off you pay for not having in-house development of open source offerings. As this product is priced based on gigabytes of indexed logs, it is important to understand the scope of licensing necessary for your environment to determine if it is a good fit for your organization.
- Watch your saved queries and hardware resources: Users have the ability to create and save queries. Like in database queries, some are more efficient than others. Large inefficient queries can be very resource-intensive. If you notice slowness in day-to-day queries, or navigation in the UI, or resource use in contention, keep an eye on saved queries and user practices.

Comentarios: XRAY vision on your production instances. Every day we code our applications so that we will be splunk friendly with our app log statements. For example "featureX=value" allows you to query for every customer that engaged with featureX.

Puntos a favor: Splunk allows us to see exactly what is going on in production! I work on commerce for a fortune 100 company, and we use Splunk to monitor our apps in real time. Splunk gives you the ability to perform queries like you would with SQL against your log statements in real time. You will learn that you can place strategic log statements in your code that allows you to identify situations in production and be proactive at solving them. For example, you can log your customer's session cookie ID, and track any given customer's activity on your website via your app logs. It gives you dials and charting capabilities to monitor even the slightest drops in customer activities due to flaws in code or slowing network calls.

Puntos en contra: PRICE. The software is so powerful, and they seem to leverage this in the pricing of the licenses.