rainer at ultra-secure.de wrote: > I'd like to hear of people who have used both Splunk and/or prelude in an > environment with, say, 500<x<1000 servers, for collection of logs and can > voice a few opinions. I use Splunk with a few hundred systems and it works alright, using it right can take some time though creating the reports and stuff, but it does make searching and reporting very easy. Splunk licenses based on the amount of indexed data it collects per day, so you should know how much data your going to index before you buy, and of course give plenty of headroom. I have a friend who works over at T-mobile who is one of the biggest Splunk customers in the world they do something well over 1TB of new data per day, and it works ok for them(off the record it sucks but it sucks FAR less than everything else they have tried). nate