On 16 Apr 2010, at 18:49, "nate" <centos at linuxpowered.net> wrote: > rainer at ultra-secure.de wrote: > >> I'd like to hear of people who have used both Splunk and/or prelude >> in an >> environment with, say, 500<x<1000 servers, for collection of logs >> and can >> voice a few opinions. > > I use Splunk with a few hundred systems and it works alright, using > it right can take some time though creating the reports and stuff, > but it does make searching and reporting very easy. > > Splunk licenses based on the amount of indexed data it collects per > day, so you should know how much data your going to index before > you buy, and of course give plenty of headroom. > > I have a friend who works over at T-mobile who is one of the biggest > Splunk customers in the world they do something well over 1TB of new > data per day, and it works ok for them(off the record it sucks but > it sucks FAR less than everything else they have tried). > > nate > > We will most likely go with loglogic in the future but I need something in the interim. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos