I've been looking into the functional overlap between SPLUNK and OSSEC, and it seems that SPLUNK can accomplish many of the same tasks as OSSEC. I've used the OSSEC app for SPLUNK, so they must partner well, but I can't find very many differences.
In short, it seems as if someone would purchase the SPLUNK enterprise product, they would have a replacement for their existing OSSEC deployment... What are your thoughts? Is there room for both tools in the enterprise? Tyler Ross
