Splunk Enterprise

Splunk Enterprise VS Splunk Cloud

Theo_
Engager

What are the big differences in usability from Splunk Cloud and Splunk Enterprise? We are a finance company with around 75 people. We currently use SolarWinds as our SEM. We looked into Splunk because our goal is to centralize logs and transition into Splunk as our SEM.  We want our firewall, update manager, anti malware, etc. to all have Logs in a centralized place.

Will Splunk enterprise/cloud be able to centralize logs?

If so, which of Splunk cloud or Splunk Enterprise would be better for the use case (SEM) I am after?

Thanks!

0 Karma
1 Solution

PickleRick
Ultra Champion

There are minor technical differences due to the fact that with Splunk Cloud you don't have direct access to servers and some settings are either deployed differently by automation scripts running "behind the scenes" in Cloud infrastructure or you have to request some changes through support. There are also some differences in possible methods of getting events (you can't send your syslogs directly to Cloud, you must use local forwarder whereas with Splunk Enterprise you could set up a UDP input directly on your indexer even though it's not a very good idea). Other than that there is no significant difference in available functionality.

The main differences are non-functional:

- who manages the environment (your own team or Splunk)

- where the data is stored (your infrastructure vs. external location)

- how the service/product is licensed/purchased (for some organization it might be important if the price can be counted agains OPEX or CAPEX, for example)

For a finance company there can be also some compliance issues which might need to be looked into (and I don't have a ready answer which option would be better for your particular needs especially since the law can differ greatly across the world).

These are all the topics which would be best talked over with one of your local Splunk Partners who will explain to you all the "organizational" details and help you choose the better solution.

View solution in original post

0 Karma

PickleRick
Ultra Champion

There are minor technical differences due to the fact that with Splunk Cloud you don't have direct access to servers and some settings are either deployed differently by automation scripts running "behind the scenes" in Cloud infrastructure or you have to request some changes through support. There are also some differences in possible methods of getting events (you can't send your syslogs directly to Cloud, you must use local forwarder whereas with Splunk Enterprise you could set up a UDP input directly on your indexer even though it's not a very good idea). Other than that there is no significant difference in available functionality.

The main differences are non-functional:

- who manages the environment (your own team or Splunk)

- where the data is stored (your infrastructure vs. external location)

- how the service/product is licensed/purchased (for some organization it might be important if the price can be counted agains OPEX or CAPEX, for example)

For a finance company there can be also some compliance issues which might need to be looked into (and I don't have a ready answer which option would be better for your particular needs especially since the law can differ greatly across the world).

These are all the topics which would be best talked over with one of your local Splunk Partners who will explain to you all the "organizational" details and help you choose the better solution.

0 Karma

Theo_
Engager

Your advice is greatly appreciated, Thanks!

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...