Splunk Enterprise

Splunk offers various features whether you need to setup monitoring on your server, application logs based on logs ingestion set alerts so that teams got notified on real time and take actions accordingly. In this way, it helps to monitor application which are mission critical. You can make dashboards in Splunk where you can configure various components such indexes, data inputs and schedule reports as well. To achieve additional functionalities we can install third party apps as well such as AWS Add on for cloud watch log ingestion.

From Admin perspective, I found user access management a little difficult. The roles of access management becomes complicated because some time the config files for that didn't came very handy. Other then that I think all in all Splunk provides fulfill all of the requirements.

Data visualization, Analytics skills with AI-powered and can handle data in TB/per day without any interruptions in services. Live dashboards, developing use-cases and their capabilities (correlation).

complex architecture and efficient skills are required, financial is also not feasible for small and medium customers. no inbuilt query builders for beginners to understand the platform.

The versatility is amazing. The same data in logs, such as IIS, can be used for Security, Application performance, and even error handling. This allows us to use one log to help multiple teams. This is just one example.

Start up takes someone who has had some training. While searching and output is easy, its the onboarding of custom apps that takes the know how.

Splunk makes it easy to search through various data including logs. In the past I have had to pour through logs in order to find the one lines among the 100 of thousands of lines. Splunk allows me to search through those logs in a matter of seconds vs the hours it used to take.

Most of enterprise setup is done through the command line. It would be nice to have cluster configuration (index creation) as part of the UI.