Splunk Enterprise Platform Reviews

We used the product for cloud-based monitoring or systems monitoring. 

The key difference I noticed for my use case, which involved understanding user behaviors and responses to digital elements, was that I could obtain more detailed reporting than what was possible with Amplitude. I could download a file with very specific information, which was helpful.

I did not use it for real-time monitoring. My focus was on investigating incident reports to understand the extent of user impact. Primarily, I utilized the Splunk Enterprise Platform to analyze user behavior.

I found the incident notification to be very helpful. While Splunk Enterprise Platform provided detailed data, it didn't seem to check as many boxes for user behavior as Amplitude did. At the same time, I'm not sure if Amplitude offers features for monitoring or incident coverage.

Its ability to access granular details in Excel was beneficial. It's always helpful to transition from visualizations to detailed user reports. 

The tool lacked in providing a shareable format. I had to use pivot tables and manually parse and edit the data to create a visualization-friendly format. It was helpful when we had an issue. What would make it stronger is if it were more proactive. For example, if it highlighted major incidents and their impact on users without digging through notifications, that would be better. Typically, the first question we get is, "Oh, we had an incident. How bad was it? How many customers were impacted?" So having that information pop up from the notification would be helpful.

Splunk Enterprise Platform is stable. 

I saw no issues or reasons to think that the product wouldn't scale over time. Our data is growing. 

I haven't contacted the tool's support. 

I rate the overall product a seven out of ten.

I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.

We use Splunk for onboarding updates, dashboards, application monitoring, and insights.

We are using it for event management. We don't have that much exposure on the security side.

It is very easy to use logs and create dashboards. You can define extractions for specific exceptions. Splunk can extract historical data and process upcoming data in real-time. You can easily modify, update, or edit extraction rules as needed. Additionally, you can create custom knowledge objects at any time. The platform allows you to restrict user access based on permissions. Even regular users can create reports and dashboards for their workflows.

Splunk Enterprise Platform needs some improvement. For instance, the dashboard sizing and customization options could be enhanced. There seems to be a limitation in adjusting the size of individual panels within a dashboard. This can be frustrating when comparing data across different panels, as users are forced to scroll continuously. Additionally, while Splunk offers some new features like student dashboards, modifying these dashboards requires a level of JavaScript expertise that not all users possess. Providing more user-friendly options for customization, such as adjusting colors and fonts directly from the user interface, could greatly improve the user experience.

Moreover, for users transitioning from other monitoring tools like Dynatrace, the interface may feel less intuitive and more cumbersome. Offering more intuitive visualization options and simplifying the customization process could bridge this gap and make Splunk more accessible to a wider range of users.

I have been using Splunk Enterprise Platform for seven years. We are using V9.0.4.1 of the solution.

The product is stable. I rate the solution’s stability a nine out of ten.

I've encountered numerous issues and challenges, but I've managed to overcome them. I rely on the Splunk community to find solutions whenever I face difficulties. I want to fully engage with the platform and be active in its development, but sometimes, I struggle to find the right resources or support.

The initial setup is easy.

Splunk Enterprise Platform can seem a bit costly compared to their five-year plans. There's a need to provide options, such as offering a free license for up to ten GB of data or a limited-time test and development license at no cost. For instance, if a company purchases a one-year product license, it could receive additional test and development licenses for free, up to a certain data limit. While there would naturally be some restrictions, such as limitations on certain features or functionalities, offering these options could encourage more people to adopt Splunk for their needs. Many individuals and stakeholders hesitate due to Splunk's perceived high costs when considering the additional expenses for enterprise support, operational support, and device licenses. Introducing more flexible licensing options could alleviate these concerns and attract more users to the platform, benefiting both Splunk and its customers.

Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end.

Overall, I rate the solution a nine out of ten.

We monitor our airtight network traffic using the Splunk Enterprise Platform. We also use the solution for port monitoring, to monitor which ports are closed, which are open, and flapping if in any port. We use it to check our server performance to see if it gets choked because of high CPU or RAM utilization.

Splunk Enterprise Platform is an easy-to-use and easy-to-configure solution.

There should be continuous customer engagement and training programs on the new features and capabilities introduced by the solution.

I have been using Splunk Enterprise Platform for four years.

I rate Splunk Enterprise Platform a nine out of ten for stability.

Splunk Enterprise Platform is a scalable solution. Two people are using the solution in our organization to monitor data.

I rate Splunk Enterprise Platform ten out of ten for scalability.

The solution’s initial setup is easy.

One or two hours is enough to deploy the solution, but its configuration will take time, based on the users. Just one person is enough to deploy the solution.

We have seen a return on investment with Splunk Enterprise Platform for security and performance use cases.

The solution’s pricing is moderate. We have to pay a yearly licensing fee for the solution, and there is an additional cost for support.

Splunk Enterprise Platform is a good and easy-to-use solution. It has to be regularly upgraded to the changing network or customer needs.

Overall, I rate Splunk Enterprise Platform an eight out of ten.

Splunk Enterprise Platform is a powerful application that offers extensive visibility into events, notable occurrences, and correlations, providing robust capabilities.

The valuable feature is the onboarding of various logs using different methods. Additionally, it excels in content development and use case creation. I want to learn about upcoming technologies like Splunk Cloud and Azure integration. These platforms offer extensive capabilities for visualizing and manipulating data according to our requirements. Splunk's proficiency in field extractions and onboarding logs from diverse sources makes it highly capable. Its logging addition and parsing capabilities are particularly noteworthy.

In Splunk Enterprise Platform, while the dashboard feature is powerful, it does have limitations in terms of the number of parameters that can be included in one dashboard. However, it's important to note that these limitations can be addressed through effective dashboard design and optimization techniques. Despite these constraints, Splunk offers extensive capabilities for creating insightful dashboards that can visualize relevant data effectively.

Splunk excels in providing accurate and valuable alerts and reports. These features are crucial in reducing manual efforts, minimizing human errors, and expediting incident resolution processes. With Splunk's alerting and reporting functionalities, users can fine-tune alerts, apply filters, and include necessary information for thorough investigation and analysis. These capabilities contribute significantly to enhancing operational efficiency and decision-making within organizations.

I have been using Splunk Enterprise Platform for five years.

I rate the solution’s stability an eight out of ten.

Scalability is very flexible. Without the Splunk support, we can deploy and scale up.

The responsiveness of the support is very good. They will ask you if you are raising any P2, P1, or major incidents so they'll help us with immediate and accurate results.

The initial setup is straightforward , with detailed deployment steps outlined in their documentation. Additionally, the Splunk community is a valuable resource where users can ask questions and receive expert solutions. 

Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness.

The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool.

There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless.

Overall, I rate the solution an eight out of ten.

We use the solution to manage a large volume of data from our servers for the project I'm currently working on. Since we don't need all the data, we filter out and extract the specific information required for our applications. Depending on our needs, we use it to filter, investigate, and analyze log data for any errors or requirements.

The most valuable feature I've found in the Splunk Enterprise Platform is its log readability and filtering capabilities. The filters on the left side are particularly useful, allowing me to quickly narrow down the data to what's relevant for any application or server service. The interesting fields feature helps me get the values I need most of the time.

Additionally, the dashboard and report creation aspects are excellent, especially for automation. Integrating Splunk Enterprise Platform with Power Automate and other automation tools allows me to create precise reports that keep my team updated. The tool is not difficult for a beginner to learn. 

Splunk Enterprise Platform could improve in the area of basic log readability. When performing basic searches without advanced filters, the logs often contain timestamps and various unknown codes or other elements that can be confusing. Removing or simplifying these parts would make it easier for users who are not developers or do not have a development background to understand and find relevant information easily. 

If I could add a feature to the Splunk Enterprise Platform to make my life easier, I'd like to add an internal automation tool. We can use third-party automation tools like Power Automate, but it would be better if Splunk Enterprise Platform had its built-in tool.

This tool could automate reports and make sending emails with Excel attachments or other formats to specific people easier. We're currently using third-party tools for this, but having it as a first-party feature would be better.

I have been using the product for more than two years. 

I haven't found any bugs while working with the application. 

My company has more than 100 product users. 

I haven't contacted the support team yet. I get information from my seniors and leads. 

Before using the Splunk Enterprise Platform, basic knowledge of log analytics tools like Logstash is beneficial. While it does not require specific prerequisites, having some background knowledge will help. Remember that Splunk is a paid service, unlike other log analytics tools like ELK Stack, which may offer free versions.

I rate the overall solution a nine out of ten. 

The main use case is to analyze the data log coming from other systems. We use Splunk to identify anomalies in transaction patterns, which may indicate irregular activity from certain customers. Our goal is to create alerts for stakeholders when such anomalies are detected.

Splunk has made our job easier by streamlining data searching and decision-making processes. By using it for fraud detection, we have potentially saved billions of Indonesian rupiah.

Splunk is very flexible in handling various formats of data as long as basic rules are adhered to. Its integration with other systems is seamless and can be done overnight. This ease of integration is its best advantage. Additionally, Splunk is adequate for real-time data processing.

The Splunk Processing Language (SPL) poses a steep learning curve for new users. The software could benefit from additional processing power, such as GPU support, for handling large volumes of data faster. The language could also be more user-friendly, similar to platforms where actions are easier through button clicks.

I have used the solution for approximately three years.

I rarely encounter bugs or glitches during daily use. However, there was one instance where an issue required solutions from the headquarter's next upgrade session.

Splunk is scalable, provided the supporting infrastructure, such as CPU and GPU processing, is also scalable.

I rarely communicate with the Splunk headquarters, usually interacting with the local implementer.

Positive

We are not using anything else that functions like Splunk. However, for fraud detection, we also use GVD Instinct and FICO, along with Elasticsearch.

I have not been involved in implementing it, except in integration, where I've found it easy.

We have been saving significant amounts through fraud detection. I cannot say precisely how much. Overall, Splunk has simplified our data management and decision-making processes.

The official license operates like a subscription with an annual fee. Our local implementer offers pricing based on reserved quota, such as 80 gigabytes per day, costing under one billion Indonesian rupiah, or around $70,000 USD. It is affordable and flexible.

Elasticsearch, Kibana, Check Point, and other solutions like Microsoft Teams, OneDrive, and SharePoint are used.

Keep my identity anonymous; publishing my title is sufficient. It's important to master the SPL for efficient use. Seek solutions that better support GPU for real-time processing.

I'd rate the solution eight out of ten.

The solution is used for basically, to monitor various logs, so it is the application logs, some kind we are monitoring databases.

Splunk is providing, like, proactive monitoring using desserts and all. So these things have improved a lot. Like, in our done day to day activities and all. So whenever we are seeing any kind of alerts and also on that basis, we are going to create alert.

For monitoring security data is the most valuable feature. 

Currently, I think things are good only. There are certain things which is not which is there in the other platform like UAE, UBA is there. Like, Splunk is having another product itself. But the thing is, like, if that can be incorporated with the Splunk Enterprise three version. So it will be helpful for the users to explore more on that one.

I have been using Splunk Enterprise Platform for five years. 

The stability is a nine out of ten meaning the solution is highly stable. 

It is a scalable solution. Around thousand plus users are using the solution.

I have been using this Splunk only from my, like, a shorting of the career. During this period, I have been using AppDynamics and NetSync as well.

Normally so for trial version, it is easy. So it depends on how much data you are ingesting. So if you are going for the Flushing environment, so that setup Could be somewhat difficult, but, normally, it will be easy only.

I have seen a Return on Investment. 

Costing depends on, like, how much data you are investing. So that will increase your cost.

I will rate the overall solution a nine out of ten. 

I have a variety of use cases. My company uses it for cloud-related operations, anomaly identification, and threat detection.

It's been very useful in regard to security information and threat management (SIEM). Splunk is a valuable tool for my organization.

The timestamp indexing and the easy-to-use visualization features are the most valuable features for data analysis.

Moreover, the dashboard and visualization features have made a big difference. We can quickly identify issues within the dashboards and easily generate insightful reports. If something goes down, we can easily detect the issue.

Splunk's real-time processing capability has been pretty good for my use cases.

There is room for improvement in terms of scalability. They can enhance the ability to handle increasing volumes of data. 

I have been using it for four years now. 

There have been occasional issues, but nothing major.

I would rate the stability an eight out of ten.

I never had issues with scalability. My organization has 8,000 end users. 

I would rate the scalability an eight out of ten.

The customer service and support are good. 

Positive

In general, the initial setup is fairly easy.

Not everyone can do it. Some knowledge and experience would likely be helpful to get the most out of the setup.

Typically, the deployment would take around 16 to 20 hours.

The pricing is about average.

Overall, I would rate the solution an eight out of ten.

I would recommend using this solution. Overall, Splunk is a good tool for analysis and for representing data in a short span of time. It helps minimize unnecessary noise in the data.