Opiniones de Splunk Enterprise

The most useful thing about Splunk is the ease of integration with application. With uipath on-premises it was very much helpful as the business users can monitor the actions of robots through spluink without entering into uipath orchestrator

Expression creation for indexing was bit hard as it is not user-friendly to business users if they wanted to create any new fields, also the forwarder was not able to directly connect with uipath cloud so that the logs has to be shifted to intermediate file before uploading into splunk, but that seems not an issue with splunk but more related to uipath cloud

The versatility is amazing. The same data in logs, such as IIS, can be used for Security, Application performance, and even error handling. This allows us to use one log to help multiple teams. This is just one example.

Start up takes someone who has had some training. While searching and output is easy, its the onboarding of custom apps that takes the know how.

Splunk offers a lot of ways to connect with multiple data providers and sources to populate the reports and dashboards you need to show your business performance or data.

Customer support was a little slow. Requires a little knowledge of how to construct queries.

Data visualization, Analytics skills with AI-powered and can handle data in TB/per day without any interruptions in services. Live dashboards, developing use-cases and their capabilities (correlation).

complex architecture and efficient skills are required, financial is also not feasible for small and medium customers. no inbuilt query builders for beginners to understand the platform.

Splunk makes it easy to search through various data including logs. In the past I have had to pour through logs in order to find the one lines among the 100 of thousands of lines. Splunk allows me to search through those logs in a matter of seconds vs the hours it used to take.

Most of enterprise setup is done through the command line. It would be nice to have cluster configuration (index creation) as part of the UI.

There are lot of features which Splunk offers -
1) We can onboard data from any server, device or system using Universal Forwarder
2) Onboarded data are later stored in Indexers and searched further in Search Head for analyzing the internal logs
3) Using the data we can create customizable Dashboards and get proper insights of data and create Alerts to identify any kind of Threat or anomalies running in environment
4) Deployment is very easy on-prem servers
5) We can also use Hybrid Deployment on Cloud as well.

1) As it give large amount of features but licensing is too high
2) There are lot of other Open Source software which can be used as alternative of Splunk as Analytic tool because Splunk is paid one.

It is a very subtle program, when generating the setup it is not necessary to have a great knowledge of programming to install it, but to solve some configuration errors, when you start what I like the most is that you start from day one to organize your applications, then From that you can easily configure cybersecurity for each program, I particularly like the monitoring of data programs and that the program alerts you with notifications so that you see errors that sometimes jumps in the program.

What I don't like and I see that it is something widespread is that it has very poor support in technical help, I think that the old technical support collaborators have left and people who are not so qualified have arrived to answer the tickets.For my part it is not a big problem since I am a researcher and with the information that is on the splunk website it is enough for me to generate the resolutions of problems.

We are using Splunk for log monitoring . It is integrated with Kubernetes and pivot cloud via data bus. By Splunk we get Realtime log application. It provides best visualization of data generated by system. Splunk also provide option to filter data based on data range and time. We can configure email alert for specific issue. Splunk also provide ML model for data. Splunk use simple query to get data ,everyone can easily learn Splunk query.

I haven't found any issue yet the only problem with Splunk I have that log in Splunk is scattered . We need to build good query or better logging mechanism at application side.

It an intelligent business tool that provided me an opportunity to customize and build report from large volume of data from different departments within the 13 Africa countries in telecommunication sectors. The platform allows data to be consolidated accordingly to the organization need and produces visualized reports of dashboard features. I also noted that the system can analyst unstructured large volume of data speedily and is reliable and web based allowing for user flexible accessible from any part of the world if you have internet. The systems have been reliable and secured from the time (2 years) I started using it without any system intermittent, system errors and cyber-attack.

The system is built and use-able with structured and unstructured organization though the price in foreign currency could hamper small and medium organization to use it especially in most Africa country where the local currency has depreciated against the major trading foreign currency.so the Forex pricing is a challenge.
The navigation of the platform will require minor training though if the user is computer proficient, they would management with minor challenge and interpretation of the data. So, first time user it can be difficult to use it
It will depend on internet for access and internet tend to be pricey in most African country and therefore could increase the business cost for small and medium enterprise. It can increase business cost if not fully used

Through its robust log analysis and ability to collect data from different sources, we can easily perform analysis on various data and predict any future operational hazards. Splunk enterprise efficiently monitors our log activities and and gives results to any queries at faster speed than most SIEM tools.

The searches can be complex at times and the messages on query errors aren't always specific.