Splunk Enterprise

The Splunk Enterprise AMI accelerates the speed at which organizations deploy Splunk Enterprise in AWS. Splunk Enterprise is the leading platform for Operational Intelligence, delivering an easy, fast, and secure way to search, analyze and visualize the massive streams of machine data generated by your IT systems and technology infrastructure--physical, virtual and in the cloud. See more

Customer Reviews

8
Create Your Own Review

Unbelievalbly easy to setup

  • By Stumpy
  • on 11/27/2017

Very easy to setup and get Splunk Enterprise up and running almost instantly. Since Splunk is the best of breed SIEM and log analysis/correlation tool, this is fantastic.

Quickk and easy set up and useful for simple testing

  • By ctp
  • on 11/19/2017

I read one review that said that THP was not supported on the instance, but I checked on mine and it was properly configured. I did have a couple of errors that showed that there may have been some files that were not verified as being Splunk installed and that the instance fell below the suggested minimums for running Splunk, but I was just using a Free EC2 instance to try things out.

The web interface came up quickly and with out problems and I was able to install apps quickly and easily. I added some data and had things working well quite quickly. I would like to try a larger AMI instance, but for the testing I did. It was quite usable.

Splunk is just couple of clicks away!

  • By Lars Timberg
  • on 11/18/2017

I've been using Splunk Enterprise on premises for few years.
And it is hands down the best product I've come across in 15+ sysadmin years.
No, really, I've seen some really nice pieces of software but none of them comes even close. And the Splunk AMI just makes the starting the use of all Splunk Enterprise features so much faster that it is a no-brainer. New or old Splunk user: Grab it. Throw some data, any data, to it and start Splunkin' !

Trying Splunk AMI for the first time

  • By Splunk review
  • on 11/18/2017

I use Splunk Enterprise Security at work.

Currently studying for my architect certification. I know Splunk AMI on AWS will be the perfect platform for my lab.

Excellent for trying out Splunk

  • By Doug Toppin
  • on 09/03/2015

I wanted to try out a few add-ons to Splunk and this worked perfectly for me. Having an AMI with a ready to go Splunk server and MongoDB combined with a recommended security group made it very easy to start using immediately. I was also able to install the Splunk Mobile Access Server on this instance and connected using the associated iOS and Android apps. If I had any recommendation for Splunk it would be to include the MAS on this AMI as well.
No complaints at all.

More time splunking. Less time installing.

  • By Chad Brigance
  • on 06/12/2015

Up and running with Splunk in minutes. This was so easy it was not even funny. It look me longer to set up data feeds than it did preparing Splunk to receive them.

Totally thrilled and pleased. This was a life saver.

Splunk's home for indexes is on the root partition by default. 8GB of SSD storage for the / partition will probably not be enough for you.

Add a 500GB or 1TB magnetic volume and move splunk's index home there before you get started.

Good but not ready for Production

  • By AWS Admins
  • on 06/03/2015

I liked the fact that there was a splunk AMI and you can spin up splunk really fast. I was able to build an instance and be up in a matter of minutes. The issues I have with the AMI is that there is currently no support for the new C4 instances. I wanted to build a beefy splunk server with the latest CPUs since searches are CPU heavy and I'm not able to do that now. I also noticed that the AMI does not address disabling Transparent Huge Pages which splunk recommends. This can cause a 30% performance degradation. http://docs.splunk.com/Documentation/Splunk/6.2.3/ReleaseNotes/SplunkandTHP

So, because I couldn't use the instance I wanted, I can't really use this AMI for my needs. I can use it for testing no problem though. The THP issues is not that big because you can disable it easy enough but if splunk is touting this AMI as a recommended configuration I would like to see the THP addressed since it causes performance issues.

One-click Splunk!

  • By David Greenwood
  • on 03/12/2015

From no Splunk to Splunk in minutes. I was able to start collecting and analysing my data within the hour.

showing 1 - 8