External reviews
External reviews are not included in the AWS star rating for the product.
Really good for identifying the production issues
The other feature is also nice: keep tracking the production environment health status periodically. We did find some potential issues which our client did not report and fix them before our clients finding.
Quickly identifing the errors
- Leave a Comment |
- Mark review as helpful
Splunk is the de facto leader
* integrations / add ons
* source code access to splunk enterprise
* source code access to any splunk app
* app development is kind of weird and difficult
* really hard to debug configs and/or searches
* splunk doesn't have a solid identity anymore
* overly sales-heavy organisation; hard to find someone to actually help you
* documentation is written in a vacuum mostly, especially in respect to how to run / size it
* big learning curve for users slows adoption
* crap 2FA / SAML / enterprise auth support
* no publicly visible bug or feature request database
* decent return on investment
Excellent for trying out Splunk
I wanted to try out a few add-ons to Splunk and this worked perfectly for me. Having an AMI with a ready to go Splunk server and MongoDB combined with a recommended security group made it very easy to start using immediately. I was also able to install the Splunk Mobile Access Server on this instance and connected using the associated iOS and Android apps. If I had any recommendation for Splunk it would be to include the MAS on this AMI as well.
No complaints at all.
More time splunking. Less time installing.
Up and running with Splunk in minutes. This was so easy it was not even funny. It look me longer to set up data feeds than it did preparing Splunk to receive them.
Totally thrilled and pleased. This was a life saver.
Splunk's home for indexes is on the root partition by default. 8GB of SSD storage for the / partition will probably not be enough for you.
Add a 500GB or 1TB magnetic volume and move splunk's index home there before you get started.
Good but not ready for Production
I liked the fact that there was a splunk AMI and you can spin up splunk really fast. I was able to build an instance and be up in a matter of minutes. The issues I have with the AMI is that there is currently no support for the new C4 instances. I wanted to build a beefy splunk server with the latest CPUs since searches are CPU heavy and I'm not able to do that now. I also noticed that the AMI does not address disabling Transparent Huge Pages which splunk recommends. This can cause a 30% performance degradation. http://docs.splunk.com/Documentation/Splunk/6.2.3/ReleaseNotes/SplunkandTHP
So, because I couldn't use the instance I wanted, I can't really use this AMI for my needs. I can use it for testing no problem though. The THP issues is not that big because you can disable it easy enough but if splunk is touting this AMI as a recommended configuration I would like to see the THP addressed since it causes performance issues.
One-click Splunk!
From no Splunk to Splunk in minutes. I was able to start collecting and analysing my data within the hour.