How has it helped my organization?
Imagine a single application with 17 application servers and dozens of log files per server that rotate as often as once per hour. How do you track and analyze anomalies in those log files with the ability to go back and correlate data for the past X weeks? That was use case for just our team, not to mention the hundreds of other application teams.
What is most valuable?
Splunk has a single purpose in life: ingest machine data and help analyze and visualize that data. The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data. It does a great job at handling unstructured data. Breaking data into key/value pairs so that it can be searched is relatively painless.
What needs improvement?
Deploying Splunk as scale is not easy. It requires a significant amount of relatively complex architecture once you push past the single server instance. Breaking out your search and indexing layer requires someone with Splunk experience. Want to add search layer replication for HA? Want to host in AWS and do cross-region index replication?
Splunk expertise is in high demand today and finding talented engineers to pull off your large-scale implementation is hard. Do your homework.
What do I think about the stability of the solution?
Out-of-the-box functions are nearly flawless, but when you push at the edges, then things start to get a little flexible in their eloquence. There is a robust community of support to help through most issues and the documentation is exceptional.
What do I think about the scalability of the solution?
There were no issues with scalability, but we invested some serious time and resources to design a scalable infrastructure up front.
How are customer service and technical support?
Customer service is excellent both during the purchase and ownership lifecycle.
Technical support is mediocre. Splunk is struggling to deliver a consistently exceptional support experience. Their senior engineers are very talented, but those folks are in short supply and many of the most experienced engineers are making hundreds of dollars an hour as consultants not answering your support issues.
Which solution did I use previously and why did I switch?
No enterprise solution was in place.
How was the initial setup?
The initial setup was done without any prior experience and was up and running, including ingesting data, within a few hours. Setup at scale and scalability took months of effort.
What about the implementation team?
We hired a contractor with significant experience with Splunk, Elastic.io, AWS, and custom development. They were expensive, but worth every penny.
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive.
Which other solutions did I evaluate?
We evaluated Graylog, Elastic.io, etc.
Which version of this solution are you currently using?