As a guy who used to resell Splunk, it offers a lot more in comparison to it's open source alternatives. Being data agnostic with decent log compression, with an extremely rich searching syntax, some very good (HTML 5) reporting dashboards, decent reporting and a verbose API make it very attractive for users (companies) who have compliance requirements or require some form of performance monitoring. (I know it's a mega sentence)
I have since left working with Splunk directly but I would still advocate its use because it's one of the better commercial (albeit expensive) log management/SIEM products around.
I have since left working with Splunk directly but I would still advocate its use because it's one of the better commercial (albeit expensive) log management/SIEM products around.