Educause Security Discussion mailing list archives

Re: For those who Splunk

From: Benjamin Stein <bgstein () UCDAVIS EDU>
Date: Thu, 6 Apr 2017 17:21:14 +0000


For those that are part of Internet2 - there is an agreement that can bring the price down:

http://www.internet2.edu/products-services/cloud-services-applications/splunk/


We use Splunk and I'm a big fan.

--
Benjamin Stein
bstein () shcs ucdavis edu / 530-754-9039 (office)
Senior Security & Systems Administrator
UC Davis Student Health and Counseling Services



________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Andreas 
Paulisch <apaulisch () BROCKU CA>
Sent: Thursday, April 6, 2017 9:56:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] For those who Splunk


We had Splunk, with a 1Gb/day limit. We could not afford more. It’s a great tool, but we couldn’t use it as planned, 
because we couldn’t justify the cost.

We are just deploying ELK (Elasticsearch, Logstash and Kibana) to replace it.

We are not logging over 4 million syslog entries per hour, about 45Gb/day and it doesn’t cost me anything, other than 
the cost of the hardware.

We are running all of this in VMs, hosted on CISCO UCS, with a few SSD drives to handle the IOPS.

Cheers

Andreas Paulisch

IT Infrastructure Manager

Brock University



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Emily 
Harris
Sent: Thursday, April 6, 2017 11:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] For those who Splunk



We are about to start a small(ish) Proof of Concept for using Splunk.  In our POC we intend to use the product on-site, 
but I know that Splunk Cloud is becoming increasingly popular.



This is a very informal poll, but I'm hoping to gather some meaningful comments and use cases.



For those who use Splunk:



1.  Is it on-premise or in the cloud?



2.  Why did you make that choice, whatever it is?



3.  What is your per day license?



4.  Do you have any "gotchas" to share about the direction you chose?



Thank you so much!



----

Emily Harris, CISSP

Information Security Officer, CIS

Vassar College

845-437-7221

Current thread:

For those who Splunk Emily Harris (Apr 06)
- Re: For those who Splunk Andreas Paulisch (Apr 06)
  - Re: For those who Splunk Benjamin Stein (Apr 06)
- Re: For those who Splunk hodgett (Apr 11)
- Re: For those who Splunk Garrett Hildebrand (Apr 12)
  - Re: For those who Splunk Kevin Wilcox (Apr 12)
    - Re: For those who Splunk Garrett Hildebrand (Apr 12)