These are all the topics which would be best talked over with one of your local Splunk Partners who will explain to you all the "organizational" details and help you choose the better solution.
how the service/product is licensed/purchased (for some organization it might be important if the price can be counted agains OPEX or CAPEX, for example)įor a finance company there can be also some compliance issues which might need to be looked into (and I don't have a ready answer which option would be better for your particular needs especially since the law can differ greatly across the world). Splunk Cloud is backed by a 100 uptime SLA, scales to over 10TB/day, and offers a highly secure environment Splunk Enterprise: Splunk Enterprise is the. where the data is stored (your infrastructure vs. who manages the environment (your own team or Splunk)
Other than that there is no significant difference in available functionality. Splunk Enterprise Security (ES) is a security platform designed to improve utilization and analysis of existing security-related data through the use of big data security analytics - the platform also has traditional SIEM capabilities and features, which can be found here. There are also some differences in possible methods of getting events (you can't send your syslogs directly to Cloud, you must use local forwarder whereas with Splunk Enterprise you could set up a UDP input directly on your indexer even though it's not a very good idea). There are minor technical differences due to the fact that with Splunk Cloud you don't have direct access to servers and some settings are either deployed differently by automation scripts running "behind the scenes" in Cloud infrastructure or you have to request some changes through support. Splunk Enterprise is mainly maintained by the data center and here you need to simply style up the structure of the hardware while the Splunk cloud is mainly hosted on the cloud server and entire set of the configurations as well as the maintenance is completely done by Splunk.
0 kommentar(er)
