[AusNOG] Splunk in Cisco network environments

[Leesa]

Hi folks,

Is anyone here using Splunk for large network monitoring purposes?
If so, can I ask what sort of kit you're monitoring, the size of the
network, what sort of data you're getting (EG: snmp polling or just syslog
collection) and whether you've found it to be of much benefit or not?

The company that I work for are implementing Splunk with ITSI for the other
non-network teams but I can't find much benefit out-of-the-box for network
purposes on Cisco infrastructure. I've tried some of the available apps but
they're still based on syslog data and while you can for sure get some
beneficial data back from syslog, it's not enough for our core network
monitoring and definitely not a replacement for our existing tools.

I'm particularly interested to hear if anyone has already integrated
Cisco's Prime Infrastructure with Splunk and has it up and running? I've
just started on integrating Splunk's API module with Prime's inbuilt REST
API but am interested to find someone who's already done this and hear
whether it was a waste of time or whether it worked to their expectation.

The vendor aren't able to provide any demonstrations or clients who've done
it already so I thought I'd ask around here if that's ok.

Thank you, - Leesa