Splunk Enterprise Platform Reviews

We use the solution mainly for security operations. We receive logs from different log sources.

The product is very easy to use. We just have to run the agent and collect the log. We don't have many delays or problems. We faced an issue once or twice when there was a network issue and when the system was rebooted. The percentage of issues is very low compared to the overall deployment. It is 0.001%.

The solution supports our organization's security and compliance monitoring very much. We rely on the platform to detect abnormalities and to perform searches. If someone brings a compliance issue, we request logs from the platform to determine whether it happened. We use the tool’s search feature and Intel's machine learning platform to conduct our analysis.

We don't face any issues in real-time monitoring. There is no latency. We have options to create our own dashboards. The GUI is very simple. It's a simple platform. It is very easy to use.

The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches.

It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management.

We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.

I have been using the solution for two years. I am using the latest version of the solution.

The tool is stable enough. In my demo environment, I used my own physical machines to run it. I was able to ingest as many log sources as I wanted within the data limit, and it did not have any issues. The search is very responsive when compared to the other platforms. There was no lag.

Splunk has been supporting free text searches for two years. We can query anything out of the box without specifying any indexes. We can perform free-text queries. Usually, it takes very little time to produce the results if the data set is too small. If the data set is too large, the product suggests we finetune our search, and it provides us with hints on which indexes to specify. It has three different options: Fast mode, Push mode, and Smart mode. We can switch the modes to get results quicker. Later, we can change the mode back to do a deeper analysis.

Scalability is not an issue for SMBs and moderately big companies. When we went beyond certain limits, like 700 Gbps or 800 Gbps, we faced some issues with the engine. So, we split up the platform and diverted some of the logs into different indexes. It solved the problem. Up to 500 Gbps per day is okay. When we go beyond that, a single instance cannot handle it. We need to split it up.

This issue was only with the on-premise version. We do not face such issues in the cloud. When customers wanted to renew their subscriptions, we suggested they move to the cloud. On-premise, we have to manage our indexes and searches, but in the cloud, it's done by the vendor. It's a plug-and-play process. Splunk automatically takes care of parsing. We have more than 30 customers.

The technical support is very good. The team supported us even during the Christmas holidays. The support engineer walked us through every step. The team is always reachable. We never had issues while contacting them.

I built some demo environments for my practice since Splunk was new to me two years ago. I used the free license. It was a pretty straightforward setup. I did not find any difficulties in setting up my lab environment. The deployment can be done within 15 minutes.

The return on investment is very good. It's very easy to use. Many of our customers decided to continue using Splunk because they have invested much in the training modules, the analysts are familiar with the tool, and it's very easy to search. Open-text queries are the best in Splunk. It is easy for our customers to perform the search. It's very lightweight compared to other solutions.

Our customers pay for the licenses. It’s bundled together in a yearly subscription.

There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.

We use Splunk Enterprise Platform as a Security Incident and Event Management (SIEM) tool.

The most valuable feature of Splunk Enterprise Platform is that it's a customizable solution.

Splunk Enterprise Platform needs a bit of tuning, and it would be beneficial if it came with some prebuilt use cases.

Splunk Enterprise Platform should include more integrations with other security tools.

I have been using Splunk Enterprise Platform for six years.

I rate Splunk Enterprise Platform a nine out of ten for stability.

I rate Splunk Enterprise Platform an eight to nine out of ten for scalability.

The technical support team's initial response is too late.

I rate the solution's technical support a five or six out of ten.

Neutral

The solution's initial setup is average and a little bit tricky. On a scale from one to ten, where one is difficult, and ten is easy, I rate Splunk Enterprise Platform a three out of ten for the ease of its initial setup.

Splunk Enterprise Platform was deployed in a month in our organization.

Splunk Enterprise Platform is an expensive solution.

On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a nine out of ten.

I am working with the latest version of Splunk Enterprise Platform. Splunk Enterprise Platform is deployed on-cloud in our organization.

I recommend that users not expect value from Splunk Enterprise Platform immediately. It might take time to set it up and get any value out of it.

Overall, I rate Splunk Enterprise Platform a nine out of ten.

I use the solution in my company to capture the events to deal with threat detection, incident response, and compliance reporting. For IT operation management, it gets complex to track the health and performance of IT infrastructure, including our network devices and applications, so Splunk Enterprise Platform can be used for centralized log management.

The most valuable feature of the tool for DevOps and from a continuous delivery perspective is that the tool is useful in areas like deployment, monitoring, and incident management.

If I compare Splunk Enterprise Platform with the other tools, the dashboard and the user interface need to be built at a console level and in a user-friendly mode. Sometimes, the tool looks a bit complex, and we can't find out the exact area where we need to make the changes in the configuration and changes for the log events monitoring. The dashboard and the console-level areas need to be made friendly.

The product's initial setup phase needs to be made easy since it looks like it is very complex compared to the other tools in the market.

I have been using Splunk Enterprise Platform for three years.

From a stability perspective, the tool is good. If any breakdowns exist, remediation and support are provided, so it is not a problem.

The tool is used by around 5,000 employees and servers in my company.

I have interacted with the solution's technical support. I rate the technical support a seven and a half out of ten.

Neutral

The solution is deployed in an on-premises version.

The tool is expensive.

To first-time users, I can say that proper analysis and bandwidth utilization, cloud resource monitoring, and cost optimization are the things I would ask one to check in the tool.

It is not easy for beginners to use, and for freshers, it will take time to understand the tool.

From a security perspective, I rate the tool a nine out of ten. From a user and the console perspective, I rate the tool a seven out of ten.

In general, I rate the tool an eight out of ten.

My company uses Splunk Enterprise Platform for monitoring and user base filtering.

The most valuable feature of the solution is the analytics part. Integration with other applications is another valuable feature of Splunk Enterprise Platform.

Splunk Enterprise Platform is already a refined product, so I don't have any recommendations related to areas that need improvement.

The cost of Splunk Enterprise Platform is an area of concern where improvements can be made by bringing down the costs. Product-related, I don't have any feedback.

The support offered by Splunk Enterprise Platform has certain shortcomings that need improvement.

I have been using Splunk Enterprise Platform for a few weeks since it was recently deployed in my company. I use the solution's latest version. My company operates as a service provider of the solution.

The product's stability is good. Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

Around 5,000 people use the solution. Around 10 to 15 analysts use Splunk Enterprise Platform in my company.

The solution is used on a regular and daily basis in my company.

I am moderately satisfied with the solution's technical support. I rate the technical support an eight out of ten.

Positive

Splunk Enterprise Platform was easy to implement. I rate the product's implementation phase an eight out of ten, where one is difficult, and ten is easy.

The solution is deployed on an on-premises model.

The solution's deployment phase was carried out over a period of one or two months.

I rate the product's pricing a ten on a scale of one to ten, where one is cheap, and ten is expensive. It is a very pricey tool.

I would recommend the product to those who plan to use it, provided the pricing of the solution is brought down.

I rate the overall product an eight out of ten.

We use Splunk Enterprise for data visualization.

We use Splunk administration rather than Splunk development.

We provide support to users so they can access our Splunk application and use it however they want. For example, if they are not able to view some of the logs that are coming from their servers in our Splunk, then we usually check all the logs here that have been missed and forward the ones that were not forwarded. 

Also, sometimes they use their access to install some apps. We have Splunk apps and they want us to create an app for their usage. We also need to create these apps in the Splunk application. Sometimes they aren't able to download or upload files into Splunk or other websites. They aren't able to download these reports as PDF files. We usually work on this and try to resolve it as quickly as possible.

We use Splunk for cyber security. We have a lot of teams who use Splunk for different purposes. The security team uses it to authorize log-ins, so in case something happens, Splunk monitors it. Also, the development team uses it to monitor data while they're creating a new application.

In the enterprise platform, all of the clusters and indexes are under our maintenance. If required, we can make changes and see the logs manually by getting into the servers.

Things have to be managed manually in Splunk Enterprise, which is not the case in Splunk Cloud, where the client could manage it on their own.

It would be useful if Splunk Enterprise Platform could monitor the application URL, to check whether it's responsive or not.

I've been using it for a year and a half.

It is completely stable and the infrastructure is good. We have no issues with our Splunk Enterprise Platform.

We contact technical support whenever there's an issue with logs and they work through it with us.

Positive

We use both Splunk Cloud and Splunk Enterprise. We might opt for Splunk Cloud in the future since it's less expensive, but we are currently using both.

The deployment takes about a day. I would say that the initial setup is quite a complex thing to do because there are a lot of things that have to be done for clustering all the features and indexing and then forwarding data to the indexes. When it comes to applications, we have to replicate the data. The process takes time. Once everything is done, we still need to monitor the infrastructure constantly.

It is easy to maintain if you are familiar with the deployment model.

I have hands-on experience with AWS, Linux, Ansible, and Terraform and with programs like Python, Java, and SQL as well. I also use tools like Catchpoint, Nagios, and Grafana.

I would suggest using Splunk Cloud first, and then Splunk Enterprise because the maintenance and the infrastructure management are easy. I would rate it an eight out of ten.

I use the platform to collect data and report to the clients that need reporting from Splunk. I work on gathering big data from all over my company and exporting it into proper reports.

What I find the most valuable about the platform is its DB Connect and its versatility in general. I also like its adaptability to any use case when it comes to collecting and analyzing data.

It is hard to say in what areas the platform could be improved since it's very versatile and applies to many use cases. It already has the functioning vetted into the core architecture of the product. In my opinion, there is no need for additional features because it already has many, and I haven't used them all.

I've been using Splunk Enterprise Platform for two and a half years. I am a Splunk software architect and Splunk is the only platform I use.

It's a very stable platform. A ten out of ten.

The scalability of Splunk is ten out of ten. It's one of the best platforms on the market. Approximately 1,000-2,000 people use the platform at our company, but only two people are needed to maintain it and I'm one of them. Everything is automated and it is very easy to manage 2,000 users on my own.

I would compare Splunk Phantom with RSA NetWitness and Elasticsearch. All three solutions give the same output but in a different way. They analyze data in different ways. Each product has its scalability, versatility, and appliances in the current business needs of the company that uses it.

The initial setup is very easy. At our company, we deployed Splunk ourselves because we are a team of Splunk architects and we have done it before.

The platform is too expensive for small businesses. If you choose the free plan, it only has 15 GB of data per day, and it may not be enough to run a small business. You need to pay a subscription based on data ingestion, and that's very expensive. Splunk should focus more on delivering something for small businesses and entrepreneurs. I give the pricing a three or four out of ten. Although the product is pricey, it's truly magnificent.

Overall, I give Splunk a nine out of ten and not a solid ten just because there are new updates every day and we don't know exactly what we need to search for since it's not that viewable. 

We use the solution to monitor, alert, report, and analyze.

In identity and asset management, Splunk will detect any vulnerabilities , or if any upgrade patching is improperly done, it will send an alert to the specific admin team, indicating the need to patch their servers.

The feature of Splunk Enterprise Platform is its comprehensive capabilities, consolidating various functionalities into a single tool. It excels in searching, reporting, and learning. Additionally, it offers automation and integration features for generating reports at specified business times. One prominent feature widely utilized by companies is enterprise security, crucial for cybersecurity purposes.

The solution could enhance automation capabilities. Currently, the process involves daily manual checks for potential issues, maintenance tasks, and planning for automation. Rather than relying solely on daily activities, there's a need to implement automation solutions for streamlined operations.

The main issue with the Splunk Enterprise Platform is its licensing cost, which can be high for small companies. Many businesses are migrating from Splunk to alternative tools. If Splunk were to lower its licensing fees or offer discounts, it would likely retain more customers.

I have been using Splunk Enterprise Platform for seven years. We are using 9.0.1.2 of the solution.

The solution is stable. There is no impact. I can rate it a nine out of ten.

When increasing your volume of data, high availability is crucial. With Splunk's robust clustering and enrollment features, data availability remains constant. If one site experiences downtime, the other will seamlessly take over, ensuring continuous data availability without any loss or impact. 

10,000 users are using this solution.

As part of our operations focus, we often encounter numerous ticketed issues. Our team is dedicated to addressing these concerns and ensuring the best possible service for our customers.

Positive

Deployment typically takes just a fraction of an hour or two hours. Implementation can be completed within a single day, often within 24 hours.

Splunk Enterprise Platform allows customized data processing, making it highly versatile and easy to maintain. It seamlessly handles tasks like data masking and filtering, ensuring efficient data management.

When it comes to the visualization on the dashboard within the Splunk Enterprise Platform, we do have the chart available, and all its features are included. Additionally, if you require customization for a new customer's preferences, we can implement it using HTML or XML code. The primary approach for developing dashboards is based on XML. Therefore, if you need specific features like radio buttons or checkboxes, they are readily available for inclusion in the dashboards.

I recommend the solution.

Overall, I rate the solution a nine out of ten.

Splunk Enterprise Platform is a basic monitoring tool used for application performance monitoring, database monitoring, and infrastructure monitoring. Currently, I use the solution for application monitoring and security monitoring. I use the tool to monitor security breaches or suspicious activities.

The solution is very good for monitoring compared to other tools. It provides an accurate solution. We used to get a free trial of around 60 days to test and get a good experience on Splunk.

The solution's license cost is high and can be improved. There are some limitations on data onboarding if you have huge data.

I have been using Splunk Enterprise Platform for three to four years.

Compared to other monitoring tools, Splunk Enterprise Platform provides good stability.

I haven’t faced any issues with the solution’s scalability.

Splunk ITSI is very good for support, which includes getting an incident number and working on it.

We need to integrate Splunk Enterprise Platform with other tools, which provide some security events. After integrating, you get the logs from that application's API. Once you get those logs, we will create a code per the business requirements and create an alert, report, or dashboard, whichever is needed.

Splunk Enterprise Platform works based on apps installed in Splunk. For example, if you want SQL data to get into Splunk, you need to install an SQL database plugin on the Splunk server. That plugin will capture the logs related to an SQL database with Splunk. After that, we write a query, pull out the data we need, and provide knowledge objects.

Visualization is very good in Splunk Enterprise Platform. The solution has good visualization elements like bar graphs, pie charts, line graphs, single visualizations, and maps. I would recommend the solution to other users.

Splunk Enterprise Platform is a very good tool for monitoring your day-to-day activity logs. This will eventually help you create reports or dashboards to monitor the business's progress.

Overall, I rate the solution seven and a half or eight out of ten.