Splunk Enterprise

Splunk for Log Monitoring

Comments: Splunk is best data monitoring and visualization tool. We can set alert for log and monitor log . It provides different modes for searching Fast, Smart and verbose. By using Splunk we are getting all system log in one place .Splunk has capability to handle large and big size data. It has best GUI , one can easily adopt and do customization and based on requirments.

Pros:

We are using Splunk for log monitoring . It is integrated with Kubernetes and pivot cloud via data bus. By Splunk we get Realtime log application. It provides best visualization of data generated by system. Splunk also provide option to filter data based on data range and time. We can configure email alert for specific issue. Splunk also provide ML model for data. Splunk use simple query to get data ,everyone can easily learn Splunk query.

Cons:

I haven't found any issue yet the only problem with Splunk I have that log in Splunk is scattered . We need to build good query or better logging mechanism at application side.

Splunk Enterprise, not just a SIEM

Comments: We have been using Splunk Enterprise, ES, ITSI, and other Splunk parts for 6+ years in production. This has helped us reduce staff in some cases, increase response time in most cases, and allow non-IT teams to get data and metrics in a fast efficient way.

Pros:

The versatility is amazing. The same data in logs, such as IIS, can be used for Security, Application performance, and even error handling. This allows us to use one log to help multiple teams. This is just one example.

Cons:

Start up takes someone who has had some training. While searching and output is easy, its the onboarding of custom apps that takes the know how.

Powerful SIEM system that meets our expectations.

Comments: We are using Splunk Enterprise for log correlation, the analytics are accurate and it catches errors right away which improves our internal capabilities, it is a special service that collects data from different data sources very accurately to catch future issues, the reports are detailed and understandable. It has features that streamline manual work, improve our security and our protection in our IT infrastructure.

Pros:

I really like the platform, the data collection is ideal and the reports are detailed, it is the most appropriate SIEM service to monitor our IT infrastructure, it is an ideal software to take preventive measures, it is easy to customize the dashboards, the monitoring is constant and it gives us security in real time, the alerts are accurate and it helps us understand what is happening and fix it before it becomes serious.

Cons:

It is a somewhat expensive service but with more powerful features than other free SIEM systems, and it is a bit complex to set up and use for inexperienced users, so a lot of help should be sought from experienced staff and support team at first.

Spunk Review

Pros:

It allows me to bring a lot of information into one friendly view. It's a great security audit tool.

Cons:

It has limited functionality. It is a very memory intensive system. It does not integrate with Lennox.

A better business companion when integrated with RPA

Comments: Overall, the experience was positive; even with a free trial license, it was much easier, and on the course and certification side, Splunk has a very good collection of videos and materials that help even a novice quickly setup the integration and indexing.

Pros:

The most useful thing about Splunk is the ease of integration with application. With uipath on-premises it was very much helpful as the business users can monitor the actions of robots through spluink without entering into uipath orchestrator

Cons:

Expression creation for indexing was bit hard as it is not user-friendly to business users if they wanted to create any new fields, also the forwarder was not able to directly connect with uipath cloud so that the logs has to be shifted to intermediate file before uploading into splunk, but that seems not an issue with splunk but more related to uipath cloud