We use the Splunk Enterprise Platform for logging and monitoring purposes. If users log into different databases and do something, we onboard database logs and other AWS logs to Splunk. Then, we create a dashboard alert report, and based on those dashboard alerts, we monitor users' actions. If they perform suspicious activities, we also send alerts. We use the solution to create dashboard alerts, reports, and some query language.
The most valuable features of the solution are the load balancing technique, the forwarding technique, and SSL certification.
Sometimes, queries don't give proper results, and the indexes go down.
I have been using Splunk Enterprise Platform for seven years.
I rate the solution an eight out of ten for stability.
I rate the solution’s scalability a nine out of ten.
The solution’s technical support is good.
The solution’s initial setup is easy.
I have heard from my managers that Splunk Enterprise Platform is an expensive solution.
The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard.
Overall, I rate the solution an eight out of ten.