- Event matching between several appliances
- Correlating data from different sources
- Report viewer
It helps us to detect viruses and security events from our network.
It needs documentation, and "how-to-do" information. It's complicated to build reports and views.
I have used Splunk for about two years.
There were no stability issues. It was running on a VM over Hyper-V.
There were no scalability issues. It was running on a VM over Hyper-V.
I used support a little bit for some templates for formatting data from Cisco and Fortinet logs. They were very fast with their response. I didn't have any support contract, but only entry level support.
This was our first try for log analysis.
The setup was easy.
There is nothing to say. At that time, it was for GBs of data received.
We did not look at alternatives. It was a consulting provider recommendation. It was a rapid implementation to accomplish legal requirements. After we used it for a while, we decided to keep it.
Check for the plugin to format data of already completed templates for the appliance to which you want to keep logs and events.