What is our primary use case?
The primary use case is to analyse and monitor big data, creating various dashboards, alerts, etc.
How has it helped my organization?
- We can do things in minutes instead of days.
- We solve issues that we previously could not since we now have the data.
- We can quickly search for almost anything across many log sources in seconds.
- Teams have the dashboards or alerts that they need.
What is most valuable?
There are too many features to list, but here are a few:
- Apps or Splunkbase.
- Great list of apps to use and build upon once you learn more about how Splunk works.
- Ease of correlation, creating correlation searches (easy), and you can combine multiple sources with little effort.
- Data Models Acceleration for super fast searches across tens of millions of events.
- Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities.
- Log storage or compression is great and retention is not an issue.
- Dashboards are simple to create and has input options, like time range and text.
- Drop-downs are simple to create.
- The integration with cloud solutions is great and keeps getting better.
What needs improvement?
The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this will become a non-issue.
Also, AngularJS/ReactJS inclusion could be made easier in GUI.
For how long have I used the solution?
One to three years.
What was our ROI?
Personnel costs are saved by not having to involve domain developers from multiple teams when tracing a problem that spans multiple platforms.
What other advice do I have?
We build many of our own apps by leveraging the logic in others.