2017-07-20T20:23:00Z

Splunk as an Enterprise Class monitoring solution -- thoughts?

Folks,  

What are your experiences in using Splunk as an Enterprise Class monitoring solution in either the infrastructure or application performance monitoring spaces?  How might it compare to a matured (or even not matured) instance of CA's suite inclusive of APM/Wily, CEM, ADA, and UIM?  

Looking for insight into the level of granularity of data that can be collected, timeliness of the data, as well as the footprint needed to collect it.  

Thanks!

it_user438393 - PeerSpot reviewer
IT Manager at a healthcare company with 1,001-5,000 employees
  • 8
  • 14
10
PeerSpot user
10 Answers
it_user536142 - PeerSpot reviewer
Sales Engineering Manager at AppDynamics
Consultant
2017-07-24T11:22:42Z
Jul 24, 2017

Hi,

Well I will summarize my answer in the simplest possible way.

It all depends on what's your business pains againest your expectations from the solution.

First and foremost Splunk by it's functionality definition is a log analytics tool not an APM solution, as it doesn't provide you with end to end User Experience, in brief no real user monitoring, no code-level monitoring, no machine monitoring as far as I know and no Transaction/Business Analytics.

So again it depends on what you are looking for, but if you're looking for E2E user visibility from aservice availability and performance perspective then Splunk is not the answer.

Hope it helps. Thanks.

Search for a product comparison in Application Performance Management (APM)
it_user708444 - PeerSpot reviewer
Head of Performance & IT Operations Business Unit at a tech services company with 51-200 employees
Consultant
2017-07-24T13:00:17Z
Jul 24, 2017

Totally agree. Splunk is mainly an IT Ops Analytics solution (log manaegment, event collector, metrics warehouse), but it is not an APM or generally speaking "probe" solution. I'd suggest rather to use splunk as a collector of data coming from several monitoring tools / probes. HIH. Cheers. L

it_user340284 - PeerSpot reviewer
Sr. Principal Product Marketing Manager at CA Technologies
Real User
2017-07-25T23:22:54Z
Jul 25, 2017

While Splunk is sometimes used for application, network, or server monitoring, primarily via insights garnered from logs, customers looking for insights into applications, server, or network may well be better served with solutions that focus on collecting and making sense of data from those sources.

Take for example, CA APM. The APM solution collects deep performance data of Java, .NET, Node.JS, and more with easily deployed agents that automatically determine the correct metrics to collect. In addition, these solutions can track transactions from the user end point, through application & middleware layers, and right on into backend environments such as the mainframe. By automatically collecting this data, the CA APM solution removes the need for development organizations to retrofit applications to log the appropriate content.

Add to this the ability to manage mobile applications, collect crash data, analyze user session data, and determine application flow data, and the integrated APM and Mobile APM solutions provide a robust picture of your IT Applications.

CA UIM extends this automatic expertise into the server, storage, and infrastructure layers, as does CA ADA within the network. This data can be collected automatically with no, or negligible footprint. Data collected via specialized approaches depending on type can then be fed into an open, powerful analytics engine built on ELK to further understand this data.

Vendor
2017-07-24T17:08:44Z
Jul 24, 2017

Even better..
Took us about 10 minutes to install new relic on a site and another 10 minutes to start collecting information
Their system handles it all and you do nothing much than put a small piece of tag/code in your app

it_user707325 - PeerSpot reviewer
Solutions Consultant at a financial services firm with 1,001-5,000 employees
Vendor
2017-07-24T16:05:02Z
Jul 24, 2017

Splunk is more to do with Data Analytic and analyzing the area's of problem in general while correlating the events from multiple sources for same or multiple applications to recognize problem and use that data for log time as a trend. Whereas as a true APM can provide specific information for a particular application and it's related/integrated servers/apps. APM can provide end-user experience, web UI and other problems specific to Application and back-end DB server relationship etc. Calls being made from user to apps server and how they are shaping up to complete the transaction from start to finish e.g. Web calls, app-db calls, db query slowness, call stalled, calls slow, transaction hung/error etc.

Hope this helps.

it_user603243 - PeerSpot reviewer
Telemetry Engineer at a tech vendor with 1,001-5,000 employees
Vendor
2017-07-24T14:26:58Z
Jul 24, 2017

https://www.splunk.com/blog/2012/01/18/splunk-named-an-application-performance-management-apm-innovator.html

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
710,326 professionals have used our research since 2012.
it_user252126 - PeerSpot reviewer
Regional Sales Manager - Western Region at www.arraynetworks.com
Vendor
2017-07-24T14:11:03Z
Jul 24, 2017

As developers reach down the stack and network engineers stretch upward, they must meet in the middle with visible, integrated data from both ends. You need visibility to everything, and Splunk is that platform where you have access to all that data throughout all.

Vendor
2017-07-24T13:06:27Z
Jul 24, 2017

Given everything new relic does, its much better and why bother with splunk in this case?
I have created external dashboards for upper management
Can track the APM, the Browsers, and Ajax as well as Java or MS server software
You can write your reports against what they collect..
And I have shown upper management their subscribing to ping tests is a waste of money
With new relic I have written small scripts that go to the server, call up a page, try to log in, then log out on a dummy account
This has reported when our consultants have cheated and taken down the server at 3am to change prod code!!!
While the pings said nothing because the server box/instance itself was running fine, they just cycled the service for the application

Thx for my two cents…

Vendor
2017-07-24T12:50:54Z
Jul 24, 2017

I prefer New Relic
Once I saw what splunk was at its core…

it_user476328 - PeerSpot reviewer
Systems Engineer at csi
Real User
2017-07-24T12:33:40Z
Jul 24, 2017

Splunk alone can’t be used nor defined as one “primary enterprise monitoring system.”

Splunk is to centralize and analyze your logs. It is capable of generating alerts so I can see how this functionality can be confused with Nagios. But Nagios is an infrastructure and services monitoring and alerting solution. It can monitor things that don't necessarily have logs like cpu usage, number of processes, even check for ssl certificates about to expire. Logs may not tell you that apache has stopped responding to http requests where Nagios can.

Related Questions
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Jan 20, 2022
Hi dear professionals, How would you compare Securonix and Splunk as a SIEM enterprise solution? 
See 1 answer
Manoj Gautam - PeerSpot reviewer
Practice Lead- Network & Info Security at Inknowtech
Jan 20, 2022
I believe when we built a solution for any customer SOC environment, we need to take a survey of running equipment, their IoS and our product should compatible with their resources , APIs , third party integration, log management and the reporting mechanism should be good enough to understand each and every security aspects.  There are multiple tools are available for the comparison of different SIEM enterprise solution. As per my experience, splunk and arcsight is compatible for most of the customer environment, even though devices are not updated.
NC
Content Manager at PeerSpot (formerly IT Central Station)
Nov 17, 2021
Which is better and why?
See 2 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Oct 22, 2021
Hi @Netanya Carmi​, Below are some comparisons on features and Integrations.  Azure Monitor Splunk Full observability into your applications, infrastructure, and network. It provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications; Search, monitor, analyze and visualize machine data. Splunk Inc. provides the leading platform for Operational Intelligence. Customers use Splunk to search, monitor, analyze and visualize machine data.                                    IT Infrastructure Monitoring Features Application Monitoring √ √ Bandwidth Monitoring √ X Capacity Planning √ X Configuration Change Management √ √ Data Movement Monitoring √ √ Health Monitoring √ X Multi-Platform Support √ X Performance Monitoring √ √ Point-in-Time Visibility √ X Reporting / Analytics √ √ Virtual Machine Monitoring √ X                                                 Integrations Squadcast √ √ Amazon EKS X √ Amazon Redshift X √ Amazon Web Services (AWS) X √ Azure DevOps Services √ X Azure Logic Apps √ X Azure Stack √ X Beats √ X CMS Hub X √ CyberOne X √
Nov 17, 2021
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy. The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus. Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform. There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better. Conclusion: For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Janet Staver - PeerSpot reviewer
Tech Blogger
Jun 20, 2022
If you are considering DevOps tools for your business, you want to be sure you choose the right solution. DevOps software is a rapidly growing market, and while it can be hard to know which tools you really need, researching all of your options and making the right choice does not have to be a daunting task. To help you choose the best DevOps solution, here are some tips: Develop a common...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jun 20, 2022
Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, we've summarized and selected the latest posts (professional questions, articles and discussions) by PeerSpot community members. Check them out! Also, please share with us your feedback and suggestions by commenting below! Trending See what is trending at the moment and chime in to discuss! ...
Deena Nouril - PeerSpot reviewer
Tech Blogger
Jun 17, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the top Application Performance Management (...
2 out of 3 comments
Abbasi Poonawala - PeerSpot reviewer
Chief Enterprise Architect at Bank in KSA/JPMORGAN
Jun 16, 2022
How about pricing strategy?  Why do top banks in MENA still prefer Dynatrace over New Relic or AppDynamics?🤔 
Abbasi Poonawala - PeerSpot reviewer
Chief Enterprise Architect at Bank in KSA/JPMORGAN
Jun 16, 2022
@Abdulla Pathan, I appreciate it if you can share more insights & your valuable experience around APM adoption @LearningMate. 
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
RS
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Janet Staver - PeerSpot reviewer
Tech Blogger
Jun 20, 2022
How to Choose the Best DevOps Tools for your Business
If you are considering DevOps tools for your business, you want to be sure you choose the right s...
Download Free Report
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
DOWNLOAD NOW
710,326 professionals have used our research since 2012.