we have a large splunk install, and a lot of the comments regarding cost are a bit dated. The reason that cost for splunk is generally considered quite crazy is that it's based off number of messages or lines in logs, however to combat large institutions such as mine saying no way they've moved at least here to an amount of data that is actively queried and we sign up to say 500tb and as long as we stay within that its all good. It's still a lot of money don't get me wrong but they've changed the setup from the early days.
No comments yet.