Splunk is my favourite log management tool. We don't use it any more because it was too expensive. I knew the search language inside out. It was super powerful. One of the few products where people get to feel like a ninja. I knew everything about the configuration of the log forwarders too. It was great. They set the bar high, and competing products struggle to give the same experience. I have been red-pilled by the fact that Splunk is the superior log management tool. For [[Computer security]], [Sigma](https://github.com/SigmaHQ/sigma) is an interesting proposition. It supports Splunk and [[Humio]]. Sigma is for log files what [Snort](https://www.snort.org/) is for network traffic and [YARA](https://github.com/VirusTotal/yara) is for files.