What is our primary use case?
I use Splunk on my phone, on-premises, and for the automation tasks that we carry out.
We use it to work on dedicated forms and infrastructure and have a lot of virtual machines and instances that are being run for every single application. Our infrastructure is purely based on Azure by Microsoft.
Keeping CMDBs of all the virtual machines is a heavy task. When you use it for your portal use, it might be two or three virtual machines. When a virtual machine is created, we use post-provisioning inside the virtual machine. While post-provisioning, we install Splunk agents so that any activity that is happening inside the VM is virtually monitored by Splunk.
We create a dashboard. We are able to monitor everything from that dashboard.
Splunk also offers enhancements and automation. Splunk plays a major role when it comes to automation. We extract the data from Splunk, and then we use it to automate using a jump server so that we can put in actions on any number of virtual machines.
How has it helped my organization?
The automation is the main advantage. When we need to search for data, as engineers, it's very easy.
What is most valuable?
I like that it's an independent cloud platform. It can work with AWS or Azure.
Its monitoring is completely automated. We do not have to put in other engineers just to maintain Splunk. It maintains itself, and it's very user-friendly. For the dashboards to be created or any sort of code that we want to do with Splunk, we can do it by ourselves. We do not need to have separate resources so it is very cost efficient. We do not require many people; it's resource-efficient as well.
We do use the federated search feature and find it helpful. Earlier, it was hard to withdraw data. We'd have to maintain it. Now, Splunk does it for us. It's a very time-efficient service. It's made a huge impact on automation. We can grab data in real-time any time we need to.
The solution integrates well with other applications and systems in our environment.
What needs improvement?
It could have a more efficient UI. If they could integrate more AI and make search more efficient so that other people can access and use it, not just engineers, that would be ideal.
It needs to mature; it's just getting established in the industry on a wider scale.
The API still needs some enhancements from a post-performance point of view.
From a monitoring point of view, Splunk is doing very well. However, if they could provide a post-provisioning aspect. Right now, we have to install a monitoring tool while we are post-provisioning every virtual machine. If they could be a provider that precluded having a virtual machine being created or provisioned, that would be ideal.
Alerting could be faster. Sometimes the actions that happen take some time to reflect on the Splunk dashboard. There is still latency. Especially when you work in a multi-cloud environment, you deal with a lot of regions. They still need to focus on availability across regions.
They need to have some security enhancements. Most users are using it with other single sign-on features like Okta. If they had their own SSOs that would be ideal. we'd be able to work independently. Right now, we have to log onto the virtual machines then move to Okta, then go to Splunk.
For how long have I used the solution?
I've been using the solution for somewhere around a year or one year and a half.
What do I think about the stability of the solution?
The stability is okay. Sometimes it goes down. I have not witnessed that as I do not use it continuously after the deployment. The resiliency is good. I'd recommend it four out of five.
What do I think about the scalability of the solution?
Everyone in the company uses Splunk.
The scalability is very good. It's extendible.
How are customer service and support?
I don't directly deal with technical support. We have a dedicated team that would work with Splunk.
Generally, my understanding is that if we have a query, we raise a ticket. There may be a separate portal or mailbox we can access as well to get assistance.
Which solution did I use previously and why did I switch?
We previously used Qualys. We switched mainly due to the costs involved. We also didn't want to migrate our resources to it. We simply wanted a monitoring tool, which is why we chose Splunk. Splunk in comparison is really cost-efficient.
How was the initial setup?
I was involved in the deployment of the solution.
Whenever a new resource or a new agent comes into the picture, in an organization, it's always complex. I don't blame Splunk for it, or my firm. It's like two pieces of a jigsaw puzzle and it's the developers who need to cut the pieces. It works really well as of now.
The deployment took somewhere between six to eight months.
We did need a lot of resources or staff members for the deployment. We have a vast infrastructure. We have a dedicated team inside as well who manage incidents and tickets using platforms like ServiceNow, and we still have a lot of resources dedicated to maintaining Splunk. The number of resources that are required to maintain it is more than the number of resources we use for development, actually.
How many people you need depends on the region. I work for Asia and North America. So for us, it was not much personnel. We needed four to five people in the development. There were somewhere around ten to fifteen people working on different parts.
What about the implementation team?
About 90% of the deployment was handled in-house.
What's my experience with pricing, setup cost, and licensing?
I'm only aware of general pricing terms, however, they have enterprise agreements as well. I can't speak to the exact cost. It's reasonable, from my understanding. I'd rate the affordability seven or eight out of ten.
Which other solutions did I evaluate?
Evaluating other options would be a task reserved for the highest management personnel at our firm. I was not involved with that process.
What other advice do I have?
We aren't using the solution across all cloud platforms. We use Azure. However, we would have the flexibility to gather insights from others. We just don't use that particular capability.
Right now, the solution does not affect our decision-making. It's still a very new platform. We're not relying on it completely. It's a work in progress. We need some time with it, to build up trust with it. Splunk is great so far, however, we still need more time and it needs more of a presence in the market.
Right now, in terms of compliance and privacy policy regulations, we limit the features that are not compliant with us. However, they are very flexible. We just use the features we can and block the ones that are unnecessary.
It hasn't had an impact on our security posture. We have very detailed security layers and several processes and teams. We haven't had any real use cases for Splunk. It hasn't actively blocked anything. We already have what we need in place.
I'd advise new users to check if this solution is reliable from a security point of view. Talk to Splunk about the cost as well. Splunk is really convenient for that. And whenever you deploy it in your infrastructure, make sure that the cloud providers or the on-prem solution that you are using are compatible with Splunk. We had issues in that some features that we were using in the cloud were not compatible with Splunk. So we had to make a lot of changes. That is something anyone who is trying to deploy Splunk needs to check - compatibility.
I'd rate the solution seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.