Hello,
Can you please advise some easy-to-deploy and maintain soliton capable of digesting a LARGE number of events, a log-all-all-the-time style solution for at least 1-year retention? The scale is an enterprise with only a few sites and circa 10K users.
The solution should be able to generate some not-so-fancy reports now and again. For example, all users visiting NNN.YYY site last year, How many times MMM.ZZZ was hit every month last year etc. For the reports, we are concerned about quality rather than speed. Instant retrieval is nice but not a must. There is no need for forensic timestamping or threat hunting - just a plain reporting.
The reason for asking for an alternative - at the moment the customer is using the largest dedicated smart-event appliances but reporting quality is not always great. Long-period reports are not working great.
I checked some posts and can see people referring to ELK integrations. ELK looks fairly straightforward to install (if you know what you are doing - example link) However I'm worried about maintenance and support. I have seen Splunk management routines, and it is required to patch OS, Spluk app, and then Apps and resolve all issues with conf files. I never used ELK but worried about maintenance already.
I can see @masher and @Justin_Beavers were discussing ELK in the past. And curious if there is any more information in addition to this:
Regards,
Serg