The primary use case of this solution is for security management. We gather security logs from intrusion detection and prevention systems, such as firewalls, web application firewalls, and system logs from Linux and Windows servers, as well as anti-malware system logs. We combine them with Splunk to analyze our security level for our company. We use this data to analyze our company security situation and to define security use cases, like attacks. When we find these attacks, we contain them and mitigate our security flaws in our business environment.
For us, we use this product to create a special kind of log. It just logs everything for what it is monitoring and does the parsing afterward based on a packet that you impose on the logs. Then you can extract the data out of the fields that the logs normally comprised of. Typically, people just monitor applications, network infrastructure, and compliance.
As far as pricing, you can negotiate with the company, but I'd say the price is fairly high for the product. The typical price for competing products is also quite high, so it is not necessarily bad. It's a good product — that is not the problem. But there is more and more competition in the market and their prices stay high. I think that the pricing and marketing situation gets more difficult for Splunk. By comparison, with our tools in the other solution we use, you can do the same evaluation. All you need is an employee to run the product, but the pricing is way lower. So, I think that cost has become an issue for Splunk over the long run. There are also costs in addition to the standards licensing which raises the cost even more.