Hello all,
Starting end of next week my team will be doing a POV of Splunk ES as a possible replacement of our current SIEM. We are looking at the cloud with workload pricing model.
I am wondering if anyone can provide any tips or tricks related to doing a POV of ES. The sort of things you feel can be difficult or take time to complete, Monthly care and feeding of the Product that you and your team do. How the Workload pricing actually computes in your environment ( example's say you have 100 SVG's and you send in 5 TB a day and do 1,000 searches...) .
I appreciate any insight anyone can provide.
Thank you