On Tue, 13 Aug 2013, Meenoo Shivdasani wrote:
On Sun, Aug 11, 2013 at 1:12 PM, Corey Quinn <[email protected]> wrote:
Disclaimer: I love Splunk. I just wish I could *afford* it!
I have been trying (unsuccessfully) to get Splunk into various $work
environments for the past ~10 years or so with no success. To date,
although I think Splunk is excellent, I have been unable to convert my
belief into compelling reasons for management to approve expenditures.
@ current $job, part of that reticence is directly related to the licensing
costs. We log millions of events hourly and the ballpark figures I've been
given by sales reps are higher than senior management will approve since we
already have a SIEM in place. To date, I haven't been successful in taking
the eval version and utilizing it to provide a viable proof of concept.
do you really need ad-hoc searching of those millions of events? or are you
needing things like dashboards?
One thing you can do is to pick a subset of the events, setup a small splunk
(possibly even the free 500M/day version) and start showing it's use.
if you try to put every log you have into Splunk, it can be very expensive, but
I'll bet that there are a large portion of the logs you have that you could
filter out with a fairly small reduction in overall functionality.
David Lang
P.S. for those who wonder, I built a large splunk cluster with >400G/day license
that is holding hundreds of TB worth of data. It's really nice to have all the
data in Splunk, but there is a LOT of the data that I could filter out before
handing the logs to Splunk without significantly degrading it's value_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
