BigPanda Review

Alert aggregation and the correlation platform are extremely useful, streamlining our incident management


What is our primary use case?

We use BigPanda to aggregate alerts from multiple sources (Nagios, Sensu, Wavefront, Splunk, etc.) and correlate related alerts into incidents.

How has it helped my organization?

Historically, much of our incident management process has been manual. NOC engineers would manually create a ticket, create a Slack channel, and escalate out to the necessary teams to troubleshoot an issue. BigPanda pulls all this together into a single UI for us, allowing us to see related alerts grouped together into an incident, and enables us to easily create a JIRA ticket and Slack channel to manage an issue. This has been a dramatic improvement.

What is most valuable?

Alert aggregation was the primary requirement. , although we are still implementing our correlation rules.

We have also made extensive use of the outbound integrations to ticketing systems (JIRA) and collaboration tools (Slack). The main driver for us has been getting all alerting into a single UI and enabling us to streamline our incident management process.

What needs improvement?

Our infrastructure is quite large - tens of thousands of servers, often with 30-plus checks running on each host with one minute intervals. This generates a lot of data often in bursts (when we have a large scale failure). This has caused some delay in the ingestion pipeline.

What do I think about the stability of the solution?

Generally, the product has been pretty stable.

What do I think about the scalability of the solution?

At times of peak alert volume (during a significant incident) we have seen some delay in alert ingestion into the platform.

How is customer service and technical support?

Their support organization has been great to work with. They are very responsive to issues we raise and are proactive in contacting us when they detect a problem with our instance. Additionally, they have been extremely flexible in working to meet our requirements - creating custom integrations where needed - to tie in all our monitoring and incident management tools.

Which solutions did we use previously?

Previously, we have used Nagios Check_Mk (aka Multisite) as well as Sensu Uchiwa dashboard to aggregate alerts. With Nagios, were were experiencing scaling issues with the core server platform, given the number of hosts we have in a typical datacenter. Sensu Server solved the scaling issue for us but the monitoring UI for Sensu (Uchiwa) was very difficult to use and had a lot of performance issues. We needed a tool to pull together multiple Sensu instances and provide a workable interface.

How was the initial setup?

It was fairly straightforward. For Nagios, we used their standard, out-of-the-box agent. For Sensu, BigPanda worked with us to customize their standard integration to perform better with our high alert volume. They also worked with us on a custom integration to Wavefront, which we use to alert on time series data.

What's my experience with pricing, setup cost, and licensing?

They were great to work with on pricing/licensing. Given we are a high-growth company, we needed a flexible site license.

Which other solutions did I evaluate?

In addition to BigPanda, we looked at Moogsoft.

What other advice do I have?

I think BigPanda is a great company with a quality product. As with any largescale tooling change there will be challenges, but the team was very responsive in resolving issues.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
1 visitor found this review helpful
3 Comments
Director - IT at a tech consulting company with 1,001-5,000 employeesReal UserTOP 5LEADERBOARD

If you also evaluated Moogsoft I'm curious why you chose Big Panda over Moogsoft. Thanks.

25 October 18
Kristy ColeUser

We are currently evaluating toolsets, as with you, our primary driver is aggregation and correlation and getting away from our older rules-based system to accommodate new technologies. SIEM seems to come up a lot, but that is not in scope for us so those features mean little to us.

We are looking at multiple tools, but the major players are Splunk, Moogsoft and BigPanda. I too would be interested to know the differentiating factor that led you to choose BigPanda over other vendors, if you are able to share.

25 October 18
Larry CassidyVendor

In my opinion, the biggest difference between BigPanda and Moogsoft is the ability to integrate with Other tools we use for Incident Mgmt (e.g. ticketing/chat). Note that my experience with Moog is almost 2 years old at this point, so they may have made some improvements in this area. But for me the main driver was Moog was more geared toward a single product solution where you do everything inside their product (alert console, ticketing, chat), where BigPanda focused on the console and had integrations with best of breed tools for ticketing/chat. Since we were not looking to replace those areas, BigPanda made the most sense for us. If you are looking at a "green field" install where you don't already have ticketing and chat in place, Moogsoft may make sense.

We also looked at Splunk - and it is a great tool for monitoring/dashboarding, but it didn't really have the correlation capabilities we were looking for and would have required a lot of customization to get it to do the same thing as BigPanda. We still use Splunk, but more as an input to BigPanda for alerts - not the console.

06 May 19
Guest
Sign Up with Email