Is anyone using or considering using Splunk Edge Processor? We are in early discussions to determine use cases, evaluate product maturity, level of effort vs returns in the form of reduced compute and data storage, etc. I would welcome any feedback anyone has on this new offering.
Sort By:
Oldest
CISO in Software7 months ago
No plans in this area. VP Cybersecurity in Banking5 months ago
Splunk Edge Processing will require a lot of ongoing maintenance to keep the use cases up to date. We have looked at cribl.io and its very promising with out of the box functionality to reduce log ingestion to Splunk by 10-30% depending on the log source. In addition to that you can redirect or split your logs to go to an S3 bucket for archival and then rehydrate Splunk when needed. This is a good use case if you want to keep the raw data in case of an investigation that you do not have use cases for currently but might need it for forensics. You do not consume Splunk licensing to do this and keeps your operating costs under control.