Avatar of Vijayanand Narayanasharma

Vijayanand Narayanasharma

DevOps/TechOps Consultant at Qantas Loyalty
Avatar of vijayanandsharma
DevOps/TechOps Consultant at Qantas Loyalty·
Recommends
on
AWS CloudTrailAWS CloudTrail

Well there are clear advantages of using either tools, it all boils down to what exactly are you trying to achieve with this i.e do you want to proactive monitoring or do you want debug an incident/issue. Splunk definitely is superior in terms of proactively monitoring your logs for unusal events, but getting the cloudtrail logs across to splunk would require some not so straight forward setup (Splunk has a blueprint for this setup which uses AWS kinesis/Firehose). Cloudtrail on the other had is available out of the box from AWS, the setup is quite simple and straight forward. But analysing the log could require you setup Glue crawlers and you might have to use AWS Athena to run SQL Like query.

Refer: https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html

In my personal experience the cost/effort involved in setting up splunk is not worth it for smaller workloads, whereas the AWS Cloudtrail/Glue/Athena would be less expensive setup(comparatively).

Alternatively you could look at something like sumologic, which has better integration with cloudtrail as opposed to splunk. Hope that helps.

READ MORE
3 upvotes·1 comment·63.1K views
Max Kaplan
Max Kaplan
·
July 16th 2020 at 1:03PM

avoid all the hastle of cloudtrail/glue/athena and just use a managed provider like chaossearch that does all of that with no maintenance and at half the cost.

·
Reply