Re: For those who Splunk

[Andreas Paulisch <apaulisch () BROCKU CA>]

We had Splunk, with a 1Gb/day limit. We could not afford more. It’s a great tool, but we couldn’t use it as planned, 
because we couldn’t justify the cost.
We are just deploying ELK (Elasticsearch, Logstash and Kibana) to replace it.
We are not logging over 4 million syslog entries per hour, about 45Gb/day and it doesn’t cost me anything, other than 
the cost of the hardware.
We are running all of this in VMs, hosted on CISCO UCS, with a few SSD drives to handle the IOPS.
Cheers
Andreas Paulisch
IT Infrastructure Manager
Brock University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Emily 
Harris
Sent: Thursday, April 6, 2017 11:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] For those who Splunk

We are about to start a small(ish) Proof of Concept for using Splunk.  In our POC we intend to use the product on-site, 
but I know that Splunk Cloud is becoming increasingly popular.

This is a very informal poll, but I'm hoping to gather some meaningful comments and use cases.

For those who use Splunk:

1.  Is it on-premise or in the cloud?

2.  Why did you make that choice, whatever it is?

3.  What is your per day license?

4.  Do you have any "gotchas" to share about the direction you chose?

Thank you so much!

----
Emily Harris, CISSP
Information Security Officer, CIS
Vassar College
845-437-7221