I’ve heard from different people that is trapware. You getting it, investing time and building process around it. And when you starting to get valuable amount of data your bill grow to the deep space. The same time they said that it is good, but very expensive.
Splunk is great but very expensive, like you mentioned. They're actively getting disrupted by Sentinel and Backstory and Elastic though, so either pricing will change or the recommendation will change.
I don't recommend Splunk because I don't want someone recommending we run Splunk onsite ever again.
Running your own log infrastructure is the absolute worst. As in, we had to put a staff devops engineer on just that for 2 months the last time the company I was at needed an upgrade.
Correct, it's not uncommon to have one engineer full time on an internal Splunk infrastructure at a mediumish org. Not everything has to be Cloud. This is what people are paid to do.
