Splunk supports IT operations analytics with the Splunk IT Service Intelligence premium offering, a software application available to subscribers to Splunk Cloud or Splunk Enterprise log analytics and SIEM platforms.
N/A
Sumo Logic
Score 9.4 out of 10
N/A
Sumo Logic is a log management offering from the San Francisco based company of the same name.
[Splunk IT Service Intelligence (ITSI)] is well suited when you have a system that you want to visualize, and then layer in information from many different sources. This will allows ITSI to intelligently create alerts based on the system as a whole vs the individual components. In some cases, a simple splunk dashboard would really suffice over using ITSI. Teams deploying ITSI should really understand the use cases and consider using simple dashboards where they make sense, and use ITSI for topological views.
SumoLogic is a fantastic log aggregator and analysis tool, a fine alternative to Splunk. Searching is powerful and mostly intuitive and results come fast. If you have application logs in clusters or Kubernetes pods that lose their logs every time they're restarted, Sumo is the solution for you
Log Aggregation and uploading. The architecture for Sumo Logic makes a great deal of sense and works very well.
Automated analysis. It still impresses me how well a newly uploaded log can be broken into intelligent parts, then searched and sorted using their tools.
Dashboards. It might not be what YOU will need as an IT admin, but you can give access to these dashboards easily to business users who love that kind of stuff. Most other types of (monitoring / alerting) tools, for no apparent reason, lack this feature.
Reporting, monitoring, and graphing. Given, you need to have useful log generation for an application or service as a prerequisite for sumo logic to be able to gain use, once it has it is an amazingly powerful tool.
The terminology takes some getting used to: Aggregation policies, notable events, correlation searches, glass tables. If you're not familiar with ITSI, these terms can be a bit overwhelming and steepens the learning curve.
We have had some technical issues with the underlying support when used in a multisite cluster. We've had to build in several points of redundancy to make sure it works as expected.
I'd like to see additional types of notable events, like informational events that come in for when an incident is created or when an alert is acknowledged so all of those action steps can be viewed on the episode timeline without affecting the count of events.
We have replaced our monitoring platform with Splunk & ITSI, and with the success, it's seen at our organization thus far we would be hard-pressed to pivot to another tool. Frankly, our business partners and application teams love Splunk & ITSI.
Splunk IT Service Intelligence (ITSI) is a platform with extended functionality and provides various functionalities which can be utilized to improve the efficiency and accuracy in analyzing the data and detecting the attacks.
Sumo Logic is very powerful but definitely requires some configuration work to get the most out of it. You can get a certification related to this, but it is definitely not something you can just throw together.
During POC, pre-planning, and implementation, we have had interactions with numerous folks at Splunk. Everyone from sales & engineering to markets analysts to specific IT component SMEs, and a small professional services engagement to get started. They have all been exceptionally helpful and go above and beyond the call of duty. They actively reach out to ensure success is being realized and find ways to help proactively, instead of having to simply open support cases with the vendor.
I would give this rating because I attended a free Sumo Logic training at a WeWork in Chicago. I found the training very useful, and I learned a lot of features that I was not aware of before I went to the training. I like the idea that SumoLogic provides free training seminars. I am certified in level1, and I plan on certifying to level2.
I was satisfied with the implementation, as at the time, it was the best way to implement the product with the available feature sets in Sumo Logic. User creation and management became more of an issue during continued use, instead of it being an issue related to deploying the product in our environment.
Splunk has raised itself as a platform not just as a tool unlike other products in the market. If I talk about Moogsoft it also has similar capabilities but Splunk ITSI has more visibility and its GUI is making a different impact on the users. ServiceNow and Splunk are equally capable products however Splunk seems to have more tech-savvy people tools than ServiceNow.
We had used Splunk previously. Sumo Logic defeats them when it comes to cost, including the costs that would normally come with supporting/managing/patching/upgrading your own infrastructure and storage. Those were wins, but especially the real-time CDN integrations due to Sumo Logic's collaborations with other vendors. We had spoken to Logentries and discovered that many of the cons we found with Sumo Logic seemed to have been resolved in their product. Their pitfall was that, at the time, Logentries did not have the ability to get real-time log ingestion from our CDN. They said they had a solution, which was scripted, but we had not evaluated/tested. Logentries also did not have a User / RBAC REST API, and are nowhere near the level of compliance that Sumo Logic had (https://www.sumologic.com/press/2015-02-19/sumo-logic-successfully-completes-pci-data-security-stand...). In the end, I believe Logentries and Sumo Logic would be two good vendors to get involved in a bake-off
