Splunk Enterprise
Splunk | 6.1.1Linux/Unix, Amazon Linux 2013.09 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
My experience with splunk
- Leave a Comment |
- Mark review as helpful
Really good for identifying the production issues
The other feature is also nice: keep tracking the production environment health status periodically. We did find some potential issues which our client did not report and fix them before our clients finding.
Quickly identifing the errors
Splunk is the de facto leader
* integrations / add ons
* source code access to splunk enterprise
* source code access to any splunk app
* app development is kind of weird and difficult
* really hard to debug configs and/or searches
* splunk doesn't have a solid identity anymore
* overly sales-heavy organisation; hard to find someone to actually help you
* documentation is written in a vacuum mostly, especially in respect to how to run / size it
* big learning curve for users slows adoption
* crap 2FA / SAML / enterprise auth support
* no publicly visible bug or feature request database
* decent return on investment
HTTP by default; and no real sizing guidance
i'm an AWS newbie in terms of using AMIs and so on. was first and foremost pretty surprised to see the image using HTTP by default.
also the sizing info for AWS specifically both seem quite dated and "unofficial" as in only in blog form or a one-off PDF versus a proper doc page... so you're left researching and calculating (and guessing) too much on the upside before actually diving in and using the instance.
http://blogs.splunk.com/2012/03/07/splunk-and-aws-sizing-revisited/
http://www.splunk.com/web_assets/pdfs/secure/Splunk_and_Amazon_Web_Services_Tech_Brief.pdf
things like extra storage, clustering, and archiving are really not touched on in any detail in the docs, so we don't use this AMI at all for much more than small tests.
best info we can find beyond that is around cloud formation stack builds, which is a good step in the right direction, but again doesn't seem super authoritative:
https://github.com/splunk/splunk-aws-cloudformation
http://blogs.splunk.com/2014/05/20/deploy-your-own-splunk-cluster-on-aws-in-minutes/
Simple, basic Splunk install in a few clicks
A Splunk deployment in seconds!
It would be nice to have the latest version of Splunk installed on the AMI.
Just three commands
As far as I see this ami is just the amazon AMI but with splunk downloaded and installed and a permissive security group.
In addition Splunk blundled is outdated and there are constrains to the instance size, for example there's no m3.large to choose.