What is our primary use case?
For us, we use this product to create a special kind of log. It just logs everything for what it is monitoring and does the parsing afterward based on a packet that you impose on the logs. Then you can extract the data out of the fields that the logs normally comprised of.
Typically, people just monitor applications, network infrastructure, and compliance.
How has it helped my organization?
It gives us another tool for monitoring our infrastructure in a different way.
What is most valuable?
I think the most valuable feature is that you easily get adapted to standard components. So, you don't need to involve the user with interface and GUI decorations. The tool just evaluates the logs in an efficient way. This enhances utility and efficiency.
What needs improvement?
What I don't like is that you are not sure all the data is recorded. Our product is better in these areas of functionality. Splunk is quite a bit different. When you transfer some logs at the end of the day you are never sure that you grab everything or not. The transport layer is not so well done and could be better.
What should be better in the solution to make Splunk a ten out of ten is a question I would rather not answer. That is an area where the products delivered by our companies compete in some ways.
What do I think about the stability of the solution?
This product is very stable. There is no doubt about the fact that it performs as expected when we use it as far as stability is concerned.
What do I think about the scalability of the solution?
There is no issue with scalability at all.
How are customer service and technical support?
The support is sufficient and responsive. We already know the product so we do not need to consult with them often. The documentation is pretty well done and covers most issues. They have some smaller issues with service, but normally you get what you need when you contact them. The technical support is okay and it is not an issue.
Which solution did I use previously and why did I switch?
We use both Splunk and another solution simultaneously for somewhat different purposes.
How was the initial setup?
For me, the initial setup seemed quite easy and not complicated at all. We are in the business so a little knowledge helps.
What about the implementation team?
We are consultants, and we know a lot about Splunk and many other products. So one branch of our company takes care of the sizing and interviewing for new data professions and services for banks. Because of our experience, we now know these tools and the pros and cons of using any of them and why you would choose one over another. Security issues are one of our core capabilities.
What's my experience with pricing, setup cost, and licensing?
As far as pricing, you can negotiate with the company, but I'd say the price is fairly high for the product. The typical price for competing products is also quite high, so it is not necessarily bad. It's a good product — that is not the problem. But there is more and more competition in the market and their prices stay high. I think that the pricing and marketing situation gets more difficult for Splunk. By comparison, with our tools in the other solution we use, you can do the same evaluation. All you need is an employee to run the product, but the pricing is way lower. So, I think that cost has become an issue for Splunk over the long run.
There are also costs in addition to the standards licensing which raises the cost even more.
What other advice do I have?
The advice that I would give to companies considering this type of solution is that choosing the right solution all depends on what you want to do. I'd say Splunk makes more sense if you only want to have one tool or service to monitor. A lot of our infrastructure is not complex. I just put Splunk there, I collect the logs and I calculate what I need. I do that step-by-step, so it is a bit difficult as an approach when things are more complex. You want to reduce complexity when monitoring just one single service. Our business is focused on monitoring. We don't want monitoring to care about software distribution and additional concerns. So, if it is just straight forward monitoring of a service that you need to do, then I think then you're right to use this product. There are other potential solutions.
On a scale from one to ten where one is the worst and ten is the best, I would rate Splunk as an eight.
Which version of this solution are you currently using?