All,
Saw Splunk for Infra today at the Conf and i liked that I saw. A few questions
1) Will it play friendly with ES? Our ES team is really into SPlunk_TA_NIx and it's working out well. I am confident this will help them too.
2) Using the stock configuration as it is presented how many megs of data per day per CentOS server? Licensing/retention concerns.
3) Do we have to collect vi a HEC since we already have the UF on every endpoint? seems to me we should be able to pick up from a file
↧