Splunk'd?
I have been playing with Splunk, for about 45 minutes.
So far, I like it.
I’ve previously been exposed to Arcsight, but what I have more of an affinity for psychologically is not so much a correlation engine, but a great visualization tool that automagically can grok log formats without making me write a hairy regex. I have no idea whether I will use Splunk for anything real, but it made a good first impression. Since my budget is zero, the price of the non-enterprise version looks good, too. I am sure that for those of a less penurious station, there are many more fine contenders.
I have been using Splunk to aggregate Windows events (mostly for security purposes)into one location. The more I use it the more I feel I can’t live without it. Trying to correlate security events across 300 Windows boxen was a nightmare before Splunk, no I just set a time frame and search.