Splunk: A Monitoring Tool for all your needs

If i have put a word it would say "Fantastic". The functionalities Splunk provides eases team to manage/monitor their IT infrastructure and internal application you will be well aware about the performance of your applications. Setup alerting and take necessary actions in stipulated time to overcome all the issues which may affect your application performance.

Pros

Splunk offers various features whether you need to setup monitoring on your server, application logs based on logs ingestion set alerts so that teams got notified on real time and take actions accordingly. In this way, it helps to monitor application which are mission critical. You can make dashboards in Splunk where you can configure various components such indexes, data inputs and schedule reports as well. To achieve additional functionalities we can install third party apps as well such as AWS Add on for cloud watch log ingestion.

Cons

From Admin perspective, I found user access management a little difficult. The roles of access management becomes complicated because some time the config files for that didn't came very handy. Other then that I think all in all Splunk provides fulfill all of the requirements.

Complete Security operations with Splunk

Splunk data visualization and its analytics handling chunks of data is exceptional.

Pros

Data visualization, Analytics skills with AI-powered and can handle data in TB/per day without any interruptions in services. Live dashboards, developing use-cases and their capabilities (correlation).

Cons

complex architecture and efficient skills are required, financial is also not feasible for small and medium customers. no inbuilt query builders for beginners to understand the platform.

Splunk Enterprise, not just a SIEM

We have been using Splunk Enterprise, ES, ITSI, and other Splunk parts for 6+ years in production. This has helped us reduce staff in some cases, increase response time in most cases, and allow non-IT teams to get data and metrics in a fast efficient way.

Pros

The versatility is amazing. The same data in logs, such as IIS, can be used for Security, Application performance, and even error handling. This allows us to use one log to help multiple teams. This is just one example.

Cons

Start up takes someone who has had some training. While searching and output is easy, its the onboarding of custom apps that takes the know how.

Spunk Review

Pros

It allows me to bring a lot of information into one friendly view. It's a great security audit tool.

Cons

It has limited functionality. It is a very memory intensive system. It does not integrate with Lennox.

Splunk is a great solution for SIEM and also for monitoring your infrastructure

We needed a way to monitor our internal environment and start to be more proactive with issues, so we started sending all of our logs to Splunk and we we able to get insights we did not know we needed. It is a great solution and they are constantly innovating.

Pros

Splunk makes it easy to search through various data including logs. In the past I have had to pour through logs in order to find the one lines among the 100 of thousands of lines. Splunk allows me to search through those logs in a matter of seconds vs the hours it used to take.

Cons

Most of enterprise setup is done through the command line. It would be nice to have cluster configuration (index creation) as part of the UI.