Splunk Enterprise Erfahrungen

Splunk offers various features whether you need to setup monitoring on your server, application logs based on logs ingestion set alerts so that teams got notified on real time and take actions accordingly. In this way, it helps to monitor application which are mission critical. You can make dashboards in Splunk where you can configure various components such indexes, data inputs and schedule reports as well. To achieve additional functionalities we can install third party apps as well such as AWS Add on for cloud watch log ingestion.

From Admin perspective, I found user access management a little difficult. The roles of access management becomes complicated because some time the config files for that didn't came very handy. Other then that I think all in all Splunk provides fulfill all of the requirements.

The ablitity to configure and tweak the use cases. Building Intelligence into forensics. The AI feature is gud but needs more enhancements.

The log management needs to be efficient , If the auditing logs is enabled then a huge influx of logs are pumed into splunk but no meaningful meaning can be derived.

- Ability to search logs across processes and services
- Ability to develop dashboards to Monitor critical metrics
- Ability to set up alerts based on threshold values

- Need to regex well in order to use the tool to its full ability
- Ability to extract values out of the log statements could be simpler
- Alerts usually end up being over alerting or false alerts.

Splunk Enterprise offers real-time data analysis tools makes it possible for my institution to see and take immediate action against security risks, performance difficulties, and other operational concerns.

Splunk Enterprise is really expensive and it is a huge part in our annual budget because we require add-ons.

Splunk comes with lot of in-built templates for each and every feature like log visualisation, dashboarding, traces,etc This makes the developers life lot easier. I can't think of any other logging tool that is snappy as well as accurate.
I love the fact how easily I can plug it in my docker-compose to push container logs.

Even though, it offers numerous features for different needs, each feature has its own learning curve. For instance log visualisation needs querying skills, which may be in natural language but it takes bit of time to get familiar.

Security Information and Event management, log analytics, custom dashboards and workspaces

Auto upgrade management and notifications for Add-ons. Leaning more towards config file based implementation instead of UI based implementation

Through its robust log analysis and ability to collect data from different sources, we can easily perform analysis on various data and predict any future operational hazards. Splunk enterprise efficiently monitors our log activities and and gives results to any queries at faster speed than most SIEM tools.

The searches can be complex at times and the messages on query errors aren't always specific.

The easy of setup and integration makes this one of my favorites As well as the real time dashboard

Not much i don't like yet, but maybe the interface can do with an update

Splunk Enterprise's versatility is highly valued by its users, as it is capable of analyzing and managing data from a variety of sources, including machine data, logs, and structured and unstructured data formats. This makes it a valuable tool for organizations with diverse data management needs. In addition, users appreciate the software's efficiency in processing and analyzing large volumes of data quickly, allowing them to make faster and more informed decisions. This is particularly important for organizations that need to respond to data in real-time, as Splunk Enterprise's speed and efficiency can help them stay ahead of the curve.

Splunk Enterprise to be complex and difficult to use, particularly for those who are not familiar with data analysis and management tools. The software has a range of features and capabilities, which can be overwhelming.

The tool can collect all sorts of data from diffuse sources and preform advanced analytics on it. It has powerful monitoring capabilities useful in threat identification and maintaining the health of our IT infrastructure. Splunk enterprise helps us to foresee, trends through machine learning which has been a crucial to making informed business decisions.

Training new users is tough, the learning curve is very steep and it gets overwhelming for them. The installation and configuration process is very long and needs a lot of time.

Splunk Enterprise is best tool to analyze the data based on different visualization. It help us to lookup distributed logs for micro-services . It enables field based lookup. For complex logging, we can use search query using expression. We can create multiple reports/charts for visualization such as a pie or bar chart for our data. Best feature what i like , We can visualize our search results and share them with others using dashboard panels. If Already have a dashboard, we can add a new panel from a report, clone from another dashboard, or add a prebuilt panel. Fully customization available. Interfaces is very flexible. We export it in different formats, or refresh it to visualize the newest data. Online Support is available through different community.

Search query builder is fully based on technical. for Non technical users, its really difficult to lookup logs. Sometimes, error thrown by query builder is more difficult to understand. Deep Learning is required to use splunk for production data. For Large application installation, it need to manage more.

Splunk Visually represents the logs mainly from production servers in the web UI .

People who Usually has no access to logs in production servers, will access the logs through splunk UI with very simplified and friendly search query.

It has lot of features like you can query for particular date and time range with specific characters. The search engine is very fast which will bring the query response effectively.

we can access all types of logs including XML and JSON.

we can create a custom dashboard with custom query for each projects and can relatively trigger the email to the support team in case of any issues.

This tool is boon for production support team in any enterprise company.

Licensing cost is quite higher for enterprise usage.

Query response time will be slow when you are searching for relatively longer history(Eg. 3 months old data)

There are lot of features which Splunk offers -
1) We can onboard data from any server, device or system using Universal Forwarder
2) Onboarded data are later stored in Indexers and searched further in Search Head for analyzing the internal logs
3) Using the data we can create customizable Dashboards and get proper insights of data and create Alerts to identify any kind of Threat or anomalies running in environment
4) Deployment is very easy on-prem servers
5) We can also use Hybrid Deployment on Cloud as well.

1) As it give large amount of features but licensing is too high
2) There are lot of other Open Source software which can be used as alternative of Splunk as Analytic tool because Splunk is paid one.

Its been a while since I started using Splunk Enterprise. I love its ability to cumulate data and logs from multiple sources and correlate them to help find incidents and their root cause. It consolidates logs and manages them form a central place. It is a great tool for log analysis as it segregates data and provides in depth profiling. Splunk enterprise also automates alerts and indexes on logs received.

It has a complex architecture making the learning curve quite steep

It is an easy to use solution, the implementation is a bit more difficult.

So far, this is a good solution that I use every day.

I think Splunk is first and best software in the field, easy to use, does what it had promised,

pricing could be better, they could be more flexible, support is a bit slow

Fast consolidation of disparate logs in an easy to search way for troubleshooting. I can find problems within my organization very quickly. Sales team was very responsive in getting me a trial license to estimate my needs.

Set up takes some time and planning. The Licensing scheme can be pretty expensive and until you've got it up and running it can be hard to estimate how much license you need.

-Easy to use tool
-Simple graphical interface which makes it easy for a new user to understand the features easily
-Real time data analysis can be carried out

When we try to search for data which is more than 30 days old, then sometimes we see slowness

First of all you don't need to login to your servers. Just configure splunk forwarder on all of your server and have peace of mind. During outages you dont have to panic and just rely on Splunk and be sure that you will have your root cause visible in splunk.

Kernel huge page issues, Search head clustering, Index clusetering. These features are as good as costly too. For SHC and IC it does need all same config hosts.

Real Time monitoring is the best feature which we like most about this software. It helps to send the notification or alerts if they are something wrong is going on in the server. So, team member can quickly resolve the issue.

As of now, i don't have anything which i don't like about this software.

Advanced security analytics to quickly detect malicious threats within our networks and devices with rapid response and effective alert prioritization to accelerate investigation.

Great integration to collect multiple data easily and in built-threat intelligence that helps to accelerate our investigations. Full of incredible features, there is nothing to dislike.

The server logs are all stored in the same location and you can easy subdivide them by application. So different servers or processes or whatever can be in different buckets. This makes troubleshooting easier.

Sometimes depending on far back you are trying to go the product can be a little sluggish. Beyond that nothing.

Splunk integrates with many different solutions. They also have pre written apps that contain pre written dashboards and other features. It can inherit logs from many products with just several clicks.

Pricing model is outdated and can get really pricey really fast. It's very simple to over your daily license.

Sofware is really excellent and best suited for small and large scale business who would like their systems, interfaces, server space and database health check to be performed.

Sometimes the Splunk alerts creates multiple tickets in ITSM tool during issue. Hence it may result in spending sometime for closure of open incidents.

Various insights are derived from otherwise neglected system and process logs. Library of functions is readily available to read the logs , perform string operations and scan the file.
Information can be represented using numerous charts , bars and graphs. Very useful in production monitoring and alerting using email option

I feel debugging is difficult. drop down or drag and drop functions should be made available because it's difficult to keep track and remember syntax of functions and it's usage.