[mukaiji]

Splunk is a great tool for any sort of logs, and that includes user events and so forth. Basically, if you log it, Splunk will index it, and then you can find ways to search it, correlate it, reverse-analyze it... the whole nine-yards. However, as another user mentioned below, "Log every single action, decision, call, message, visit, and fault in detail. Log it with structure." If you don't do that, Splunk won't be that useful. I can think of a few example at work where missing details in log lines quickly deflates my Splunk enthusiasm. So, log everything and carefully, all the time. Then Splunk becomes your friend.