Wow. I'm really shocked by some of the reviews here. I've only started using Splunk in the last 6 months, so perhaps it's just improved rapidly.
A couple of points here based on previous reviews:
- Every report and graph I've generated so far, I've done in Safari 4 through 5 with no problems at all. Even so, if Splunk is what you need, you'll use whatever browser works.
- Uninstall instructions were located by clicking the 'help' link at the upper right of the Splunk web interface. A search of the online docs produced this:
http://www.splunk.com/base/Documentation/4.1.3/Installation/InstallonMacOS#Uninstall_Splunk
Installation was very simple. Within minutes, the syslog data from my Firewall was streaming into the Splunk server. I wanted to use the default syslog port. Splunk's documentation provided the necessary extra steps to allow use of the lower port numbers (launch splunk with sudo).
Anyone with a database mindset can easily craft a report and quickly locate and graph the desired log data. The interface offers several clues along the way as you work - very intuitive.
Anyone can install Splunk for free and try it out. After a period of time, you lose some of the enterprise features and Splunk switches to the free version which you can use indefinitely.
Bottom line, if you have syslog data to manage, you should try Splunk. There's nothing to lose, and so very much to gain. There's even an excellent online community that doesn't exclude free version users.