Splunk Enterprise

Puntos a favor: - Free to use for small 500MB or less daily ingress, quite nice for small use cases and learning
- No development work required to deploy and provide value.
- Deployment flexibility: client agents are available to use, or clientless configurations for multiple OS platforms. It's also very easy to deploy, not just flexible. its a very simple affair.
- Segmentation of logs: You can create separate instances of of logs to aggregate, based on organization needs. And those instances can have their own individual storage policies to optimize consumption of storage resources.
- Configuration design: Thoughtful and mature documentation and design of the application regarding enterprise-class scaling on network storage.
-POWERFUL tools: The user interface lends itself to learning more about your organization from the logs you collect, through metrics of trends of the logs being gathered. There are also specific modules/add-ons for popular applications to provide more value and event-based monitoring, all without having to develop in-house dashboards and intelligence of those logs.
- Customization: You can create your own queries of logs, and event-based alerts.
- Web-based GUI that clean is powerful
- Sales/Technical Reps are top notch in fielding questions and evaluating environment for deployment. They were extremely helpful in helping our organization develop procedures and scaling our environment for expansion with our existing infrastructure.

Contras: - Price: This product is not free for more than the minimal use. Pricing can be very expensive, relative to open source offerings. That is the trade-off you pay for not having in-house development of open source offerings. As this product is priced based on gigabytes of indexed logs, it is important to understand the scope of licensing necessary for your environment to determine if it is a good fit for your organization.
- Watch your saved queries and hardware resources: Users have the ability to create and save queries. Like in database queries, some are more efficient than others. Large inefficient queries can be very resource-intensive. If you notice slowness in day-to-day queries, or navigation in the UI, or resource use in contention, keep an eye on saved queries and user practices.

Comentarios: XRAY vision on your production instances. Every day we code our applications so that we will be splunk friendly with our app log statements. For example "featureX=value" allows you to query for every customer that engaged with featureX.

Puntos a favor: Splunk allows us to see exactly what is going on in production! I work on commerce for a fortune 100 company, and we use Splunk to monitor our apps in real time. Splunk gives you the ability to perform queries like you would with SQL against your log statements in real time. You will learn that you can place strategic log statements in your code that allows you to identify situations in production and be proactive at solving them. For example, you can log your customer's session cookie ID, and track any given customer's activity on your website via your app logs. It gives you dials and charting capabilities to monitor even the slightest drops in customer activities due to flaws in code or slowing network calls.

Contras: PRICE. The software is so powerful, and they seem to leverage this in the pricing of the licenses.

Comentarios: We've used the software to detect layer 7 attacks, unearth issues we didn't realize were happening and gives us end to end insight into our stack.

Puntos a favor: The system is highly intuitive to use. It is faster than other solutions I've used on the market and has a huge library of 3rd party plugins to get more from the system. It is easy to create scheduled searches, dashboards, reports etc. but there are a number of additional plugins (at an extra cost) to help with security, single pane of glass and metric collection.

Contras: It offers challenges for a decentralized working model. Where Splunk is centrally managed, it is easy to ensure that best practices are maintained. Where the system is opened up for an entire department to utilize and on-board their logs, it becomes more difficult. However, with some creative thinking and good process, this issue can be overcome.

Comentarios: Overall, it is a very good monitoring tool for an support team and developers for doing root cause analysis.

Puntos a favor: Splunk Visually represents the logs mainly from production servers in the web UI . People who Usually has no access to logs in production servers, will access the logs through splunk UI with very simplified and friendly search query. It has lot of features like you can query for particular date and time range with specific characters. The search engine is very fast which will bring the query response effectively. we can access all types of logs including XML and JSON. we can create a custom dashboard with custom query for each projects and can relatively trigger the email to the support team in case of any issues. This tool is boon for production support team in any enterprise company.

Contras: Licensing cost is quite higher for enterprise usage. Query response time will be slow when you are searching for relatively longer history(Eg. 3 months old data)

Puntos a favor: Splunk is more than a tool or a product, it is a big data platform. Splunk can be used as a simple log aggregator all the way to a Big Data engine to find efficiency in operations of the Internet of Things. Splunk is less about its abilities, and more about your imagination about what you can do with Splunk. That is the beauty of the platform. Splunk shines in providing operational intelligence about systems and processes. Finding out how your systems are operating, how your processes are functioning leads to quick resolution of problems and points to where budgets are best spent.

Contras: Splunk is deceptively easy to set up and use. But like learning to play chess, you can learn the moves in half an hour, but take a lifetime to master. Splunk quickly provides value, but requires imagination and creativity as well as wide ranging knowledge of systems and processes to move to the next level. Not every organization needs that kind of talent to get a great return from Splunk, but the companies who compete and win will.