What is our primary use case?
We use Splunk for a few different use cases:
- We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards.
- We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams.
- We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.
How has it helped my organization?
It has improved our organization in many ways:
- Having Splunk as part of one of our software products was our choice for giving our customers a great user experience.
- It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems.
What is most valuable?
- The easy automatic field parsing of logs.
- Data model acceleration
- The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink.
What needs improvement?
It needs to improve the way to install third-party apps and enable installation without logging into splunk.com.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
How is customer service and technical support?
Their support is pretty good, but not amazing. Although we have our own in-house Splunk expert who worked for Splunk themselves for a few years, we do not really need external support that much. We basically use them for licensing stuff.
The forums are pretty thorough, so technically we have not had much need for support.
How was the initial setup?
The initial setup is easy. Although, we currently use just a single server and not multi-server clustered instances.
For our Linux instance setup, an upgrade is very easy. It is all managed by about three simple Bash scripts.
What's my experience with pricing, setup cost, and licensing?
It is possible to use a developer's license, which is up to 10GB per day of volume traffic, which is usually enough for most use cases.
Which other solutions did I evaluate?
We evaluated ELK Stack and QlikView.
What other advice do I have?
We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.