Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Incident Manager at CyberCore Technologies
Real User
Powerful, flexible query language can morph difficult to understand log formats into usable data
Pros and Cons
  • "The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
  • "Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
  • "There is a definite learning curve to starting out."

What is our primary use case?

We started using Splunk to serve as a SIEM. In addition to correlating security information, we have begun to use it as a developer and customer advocate by analyzing user behaviors and system response times. 

How has it helped my organization?

Log files which were previously either not reviewed or reviewed incompletely are now being used in operations daily. Security and operational events are discovered and resolved with greater efficiency than we have ever before. The way Splunk allows for data to be correlated together has given our organization a more complete picture of our system security status and how users organically move through our applications. This information has allowed us to focus development efforts which will directly benefit our customers the most. 

What is most valuable?

The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data. 

Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined.

What needs improvement?

There is a definite learning curve to starting out. However, there is quite a bit of documentation out there to help you get started. 

Buyer's Guide
Splunk Enterprise Security
October 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
815,854 professionals have used our research since 2012.

For how long have I used the solution?

Less than one year.

How are customer service and support?

The community (Splunk Answers/Slack Channel/User Groups) can help get you started. 

Which solution did I use previously and why did I switch?

We previously used ArcSight, but found Splunk to be more cloud capable.  

What's my experience with pricing, setup cost, and licensing?

Truly evaluate the data you want to ingest and go slow. Pulling in data that can provide no use to your mission only wastes data against your license.  

Which other solutions did I evaluate?

Other options were evaluated, such as ELK, but Splunk was identified to be more feature rich out-of-the-box.

What other advice do I have?

Pick it up and jump into the community!  It can help get you started a lot faster.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2400237 - PeerSpot reviewer
Cloud Customer Experience Lead at a media company with 10,001+ employees
User
Flexible licensing, good support, and helpful for responding quickly to an event
Pros and Cons
  • "They are a good partner for Google Cloud. It provides great visibility, threat detection, and proactive mitigation of risks for our mutual consumers."

    What is our primary use case?

    We are using it for logging and monitoring.

    How has it helped my organization?

    Splunk Enterprise Security helps with application events. It provides end-to-end visibility into our environment which is most important for us. It reduces the time to react to an event.

    Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data. It can help identify and solve problems in real-time, but we have mainly utilized it for post-identification correction.

    It provides us with the relevant context to help guide our investigations. It is easier for developers to take action once an anomaly is detected. We have been leveraging Splunk dashboards for that.

    Splunk Enterprise Security has helped speed up our security investigations, but I do not have the metrics.

    They are a good partner for Google Cloud. It provides great visibility, threat detection, and proactive mitigation of risks for our mutual consumers.

    For how long have I used the solution?

    We have been selling Splunk Enterprise Security along with Google Cloud for about two years.

    What do I think about the scalability of the solution?

    We had a very bespoke solution. It was a shared model. The scalability was good.

    How are customer service and support?

    Their technical support has been good. I would rate them an eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We have not used any other solution previously.

    What was our ROI?

    Our customers have seen an ROI, but I do not have the metrics.

    What's my experience with pricing, setup cost, and licensing?

    The variables and the flexibility that Splunk provides are helpful, especially in a hybrid and multi-cloud environment.

    What other advice do I have?

    I would advise others to start early.

    Overall, I would rate Splunk Enterprise Security a ten out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Google
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Splunk Enterprise Security
    October 2024
    Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
    815,854 professionals have used our research since 2012.
    Senior security consultant at a comms service provider with 51-200 employees
    Consultant
    Threat hunting is a key feature for us
    Pros and Cons
    • "One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
    • "Splunk could be improved by reducing the cost. The cost is one of the biggest challenges for us in keeping to our production requirements."

    What is our primary use case?

    Our initial use case was for security investigation, with the intention of creating some use cases. We ended up adding operational aspects, monitoring certain operational activities, such as high CPU utilization or any other applicational basis. 

    This is obviously a cloud solution, but it does have some presence on-premises as well, so it's hybrid. 

    What is most valuable?

    One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us. 

    What needs improvement?

    Splunk could be improved by reducing the cost. The cost is one of the biggest challenges for us in keeping to our production requirements. 

    As for additional features, I think they need to refine their AI capability. I know that everyone is talking about artificial intelligence and threat hunting, so I guess one of the key requirements for us is for the solution to automatically provide us some kind of indication and then mitigate any risk. So automation should be a feature. 

    For how long have I used the solution?

    I have been using Splunk for two years. 

    What do I think about the stability of the solution?

    This solution is excellent from a performance and stability perspective. There's very minimal maintenance required. Basically the only aspect we need to maintain is the one we have on-prem. So patching up everything and making sure it has the required updates. 

    What do I think about the scalability of the solution?

    There are no issues at all in terms of scalability, since this is a cloud-based solution. There are around 25 to 30 users in my company accessing Splunk. 

    How are customer service and support?

    Splunk's support is good. The process was smooth and they provided sufficient support, so there was no need to escalate anything. Also, they provide training on a regular basis, which is good. 

    Which solution did I use previously and why did I switch?

    I have never worked with other similar products. I've worked for three companies, all of which use Splunk. 

    How was the initial setup?

    The initial setup was very smooth. I think we got some support from the Splunk team. Since it's a cloud-based solution, it took us probably three or four weeks to actually start working. But deploying agents, configuration, refining, fine tuning, and other ongoing activities went on for about a month. 

    What about the implementation team?

    We implemented through an in-house team with some support from the Splunk team. It was a very smooth process, from our perspective. 

    What's my experience with pricing, setup cost, and licensing?

    This solution is costly. Splunk is obviously a great product, but you should only choose this product if you need all the features provided. Otherwise, if you don't need all the features to meet your requirements, there are probably other products that will be more cost-effective. It's cost versus the functionality requirement. 

    Which other solutions did I evaluate?

    I also evaluated IBM QRadar and LogRhythm NextGen SIEM

    What other advice do I have?

    I work in security architectures, not operations, so I don't actually work with Splunk on a regular basis, but the team that does is working on threat hunting and incident management. 

    I rate Splunk an eight out of ten. 

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    DevOps Engineer at Amplify Education, Inc.
    Real User
    It is easy for our developers to use if they want to search their logs. Something should be built into the product that if you're close to your license, then it shuts things down.
    Pros and Cons
    • "Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
    • "A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."

    What is our primary use case?

    We use it for application log monitoring.

    It is a logging product. Our application generates log files, then we upload them to Splunk. We run their agent on our EC2 instances in AWS, then we view the logs through their product, and it is all stored on their infrastructure.

    How has it helped my organization?

    We have used the alerts for a lot of things. They gave us the ability to kind of make an alert simply. So, we did one for SQL injection. We also had some services which were problematic that would fail, but we figured out what log line that we could look for, so it was easy to make an alert for that.

    What is most valuable?

    Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc.

    What needs improvement?

    A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down. This sort of thing would help out a lot. It would help them out too, because then they wouldn't be hollering at us for going over our license.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    Stability has been great. I don't think we have ever had an outage from it.

    We don't do a lot of searching. If there is somewhere with problems, it will probably have to be with a lot of searches, and we don't have that. We don't have many developers searching every day. It is mostly when there is a problem, then we use it for diagnostics. So, we don't put a large search load on it. However, the reliability of it has been great. It hasn't been down for us at any point.

    What do I think about the scalability of the solution?

    It seems to have worked out great. We haven't had any problems yet.

    How are customer service and technical support?

    I haven't used the technical support.

    Which solution did I use previously and why did I switch?

    Before Splunk, we used Kibana and Elasticsearch. Sometimes, with them, logs wouldn't even be there. We have received an infinite time reduction there. We couldn't use what we had before, so Splunk being there and working does a lot.

    How was the initial setup?

    The integration and configuration with the AWS environment was easy. They had the documentation. All we had to do was get their agent running on our EC2 instance, and their documentation was good for that. It worked, which was great.

    The product is also integrated with PagerDuty, Slack, and AWS. Those integrations are good and seamless.

    What was our ROI?

    It has made life easier for us through use, then by troubleshooting problems. It reduces the cost of the intangibles.

    What's my experience with pricing, setup cost, and licensing?

    The pricing seems good relative to the other vendors that we have had here. However, they need to find ways to be more flexible with the licensing and be able to deal with situations where we start generating more logs. Maybe having some controls in the Splunk interface to turn it off, so we don't have to change anything in our application.

    We have an existing contract with Splunk, so it makes sense to stay with them for now. Our license is for a 100 GB/logs a day.

    Which other solutions did I evaluate?

    There are a lot of vendors in the space at the conference this year. Therefore, we probably talked to six or seven different ones, and the market seems to be consolidating. The market's metrics and log monitoring all seem to be rolling up into a single provider. It looks like that is what will be happening in the next few years.

    Right now, there are a ton of different smaller providers doing little pieces of this and that. All the big players, like Splunk, New Relic, and Datadog, seem to be rolling them all up into one offering. 

    What other advice do I have?

    Implement something and watch how much data you are sending to it, then have some way to shut it off without redeploying your app in case things get hairy.

    We use the cloud version of the product.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer2125956 - PeerSpot reviewer
    Senior Threat Intelligence Analyst/Manager at a tech services company with 1,001-5,000 employees
    Real User
    Top 20
    Provides good visibility and threat hunting, but is expensive
    Pros and Cons
    • "The most valuable features of Splunk Enterprise Security are the enterprise search bar and the dashboards."
    • "The high cost of Splunk Enterprise Security prevented us from using its full capabilities."

    What is our primary use case?

    I use Splunk Enterprise Security for threat hunting.

    How has it helped my organization?

    The end-to-end visibility provided in the dashboards is great for our needs.

    Splunk Enterprise Security allows monitoring across multi-cloud, on-prem, and hybrid environments.

    Splunk does a good job of ingesting and correlating data.

    Splunk provides real-time monitoring.

     The framework's features, such as the MITRE ATT&CK framework, are great.

    Our MTTR has improved with Splunk. It has improved our investigation time.

    What is most valuable?

    The most valuable features of Splunk Enterprise Security are the enterprise search bar and the dashboards.

    What needs improvement?

    The threat intelligence management feature would benefit from a broader range of APIs for enhanced integration. This would facilitate seamless connection with various threat intelligence platforms, as some currently are missing APIs, making integration difficult.

    The high cost of Splunk Enterprise Security prevented us from using its full capabilities. 

    For how long have I used the solution?

    I have been using Splunk Enterprise Security for one year.

    What do I think about the stability of the solution?

    Splunk Enterprise Security has been largely stable, experiencing only a few brief periods of downtime.

    Which solution did I use previously and why did I switch?

    We use Splunk and Sentinel for different purposes mainly due to cost factors not because one is better. For example, we use Splunk more for network traffic.

    What's my experience with pricing, setup cost, and licensing?

    The price of Splunk Enterprise Security fluctuates based on the customer, but I believe it's quite costly, especially for our clientele. Furthermore, to access the full range of features, it's exceedingly expensive to have comprehensive log data.

    When evaluating SIM tools and considering the cheapest option, Splunk Enterprise Security might be worth considering, especially for larger organizations. While cost is a factor, Splunk offers significant value, and I recommend it over focusing solely on price.

    What other advice do I have?

    I would rate Splunk Enterprise Security seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    ShilpeeSinha - PeerSpot reviewer
    Senior Security Engineer at Citrix
    Real User
    Great security and reporting functionality with good integration capabilities
    Pros and Cons
    • "I really like the user interface and how it works."
    • "Writing queries is a bit complicated sometimes."

    What is most valuable?

    Enterprise security is the solution’s most valuable feature.

    Its reporting functionality is excellent.

    I really like the user interface and how it works.

    It’s scalable.

    The solution is stable.

    You can integrate any other tool or any other solution, including existing solutions, with Splunk. They have a good setup.

    The log analysis is something that is good. In general, data analysis is something you can do in Splunk in various ways. You can leverage it as per your requirements or as per your investigations. You can write your own queries and complicated queries, and you can have your own alerts. You can correlate events. It’s very flexible.

    What needs improvement?

    It is one of the best tools that I'm using. I don't have any feedback as such right now regarding improvements. I'm not also an expert, so maybe I'm missing something.

    Writing queries is a bit complicated sometimes. If they could provide some building queries, that would be great.

    For how long have I used the solution?

    It's been a while. For maybe four years, I've used Splunk, however, I'm not an expert on it.

    What do I think about the stability of the solution?

    It's a stable solution. We are not going to get rid of it anytime soon. It’s reliable. There are no bugs or glitches and it doesn’t crash or freeze. The performance is good.

    What do I think about the scalability of the solution?

    The solution scales very well.

    How are customer service and support?

    I wasn't part of the engineering side, so I never got a chance to contact the support team directly.

    Which solution did I use previously and why did I switch?

    We have a SIEM solution, however, now the company is also trying to move to an Excel solution since the automation is better on their side. We aren't going to get rid of it or did not have any other SIEM solution in their mind when they were acquiring it. However, if any XOR solution works perfectly for us, the company might consider moving out of Splunk.

    How was the initial setup?

    A different organization would have a different setup of Splunk. If you ask me, mostly, it is a simple setup. However, here in my current organization, it is mostly on the cloud, and a lot of things are integrated in a bit of a complex manner. I also understand that this changes from organization to organization in terms of how they will leverage it.

    What was our ROI?

    I’ve never looked into ROI and have not been a part of conversations concerning ROI.

    What's my experience with pricing, setup cost, and licensing?

    I don’t have any idea what the cost of the solution is. I don’t handle the licensing.

    What other advice do I have?

    A company that wants to leverage Splunk should understand its environment first - including the organization, the network infrastructure, and the overall infrastructure. Then, based on requirements, they should go ahead with any SIEM solution. Splunk is kind of an expensive tool to have. Therefore, the company should be clear about what requirements they have, what they need, and whether they want to use Splunk. It is very crucial to understand your requirements and your network or your environment first before going ahead.

    I’d rate the solution eight out of ten.

    Overall, it's a good tool. It's a very intelligent tool. It definitely depends on how you are going to use it. However, I love the product. I love Splunk. I want to learn more about it as much as I can.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    reviewer1454661 - PeerSpot reviewer
    Automation Specialist, Analytics at a computer software company with 10,001+ employees
    Real User
    Identifies data patterns and provides metrics and intelligence for business operations
    Pros and Cons
    • "Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
    • "I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."

    What is our primary use case?

    I use Splunk on-and-off — I started with in-house projects, then moved up to commercial projects. 

    What is most valuable?

    Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data. 

    The ease of deploying the agent is great in Splunk. One can easily deploy the Universal Forwarder which can extract any amount of information and put it into an indexer. The flexibility of ingesting any kind of data is good with Splunk.

    In regards to action-oriented tasks, If an alert is triggered where I have to perform a certain action in the form of executing a Python script or invigorating a PowerShell script — this is easy to do with Splunk. 

    The Splunkbase is great. There are thousands of apps that are already available, I can install those apps with full-connectivity and use them to extract any form of data. The community in the Splunkbase is also really strong. 

    The ease of integration with third-party tools is great. In the Splunkbase, there are so many apps that are easy to integrate with. 

    The user interface is really good. There is a machine learning toolkit — I like it a lot. They have use cases in place so that people with little experience in machine learning can go through these examples of use cases and gain a better understanding. 

    What needs improvement?

    Sometimes we experience issues when formatting and configuring files; however, this is a very technical issue that's hard to explain.

    When extracting the data or structuring the data in the right format, sometimes it becomes challenging. It's up to the user to understand the regex commands. 

    Our customers often complain that the price of Splunk is too high.

    When Splunk is deployed on the cloud, there are certain considerations that cannot be met. Cloud-based configuration cannot be done by our Splunk admin team. It needs to be routed via a ticket. You don't have more control on the cloud from a configuration point of view, whereas, with on-premise, you are in control — you can define any configuration settings. 

    When you install on-premise, many types of configurations can be done but when Splunk is on the cloud, you're dependent on their specific configurations.

    For how long have I used the solution?

    I started using Splunk in 2018.

    What do I think about the scalability of the solution?

    The scalability is good. If you have the money, you can expand — it's volume-based, not instance-based. 

    How are customer service and technical support?

    I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need. I've only ever raised two big support issues, and both times they haven't been about to fully resolve the issue. In the end, I had to figure it out myself.

    What about the implementation team?

    We have one or two engineers that take care of all maintenance-related issues. It really depends on the scale of your project. One of our projects required a huge deployment — we needed a huge team to match. If it's a small deployment, then two people are enough.

    What's my experience with pricing, setup cost, and licensing?

    Its cost model is dependent upon the amount of data used — how many GBs we extract in a day determines our price. The price is not dependent upon how many instances we installed in Splunk. I can install thousands of instances, but it will only charge me according to how many GBs I extract per day. 

    Overall, our customers complain that the price is too high.

    What other advice do I have?

    I would definitely recommend using Splunk. They have free learning models available. There are models available on their learning page where you can gain a better understanding of how to use Splunk. Within one month alone, you can at least understand how to operate Splunk, whereas, with other tools, it can take a lot of time to understand.

    On a scale from one to ten, I would give Splunk a rating of nine. The only downside is the cost. Price is the only factor; sometimes, companies shy away from Splunk because of the price.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    PeerSpot user
    Infrastructure Engineer at Zirous, Inc.
    Real User
    Top 20
    Monitors all machine logins and actions taken on those machines under each user
    Pros and Cons
    • "The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
    • "We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
    • "I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."

    What is our primary use case?

    Our primary use case of Splunk has been on the implementation side for clients. Splunk has proven, on multiple occasions, to be extremely useful in the proactive monitoring of clients' hardware, networking, and security operations. Some use cases that we have implemented include, but are not limited to, proactive account lockouts based on machine learning of a typical person's average number of failed login attempts, aggregation of a servers logs in order to predict downtime/maintenance/hardware failures quite accurately, as well as helping administrators of all sorts to gain a full picture of their environments under a single screen.

    How has it helped my organization?

    Splunk has helped our organization mainly on our increased use of the security side. We use Splunk to monitor all machine logins (both successful and unsuccessful) and actions taken on those machines under each user. We have set up some predictive and proactive models, which are programmed to take action on anything outside of the normal usage. These actions range from alerts being sent to the Splunk page, administrators being notified, and if escalated enough, automatic account locks.

    What is most valuable?

    The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven effective as well, but given that we have not yet created the perfect model, we still find ourselves striving to develop a more efficient and predictive security analysis and action plan within Splunk.

    What needs improvement?

    Splunk has continually been increasing its features and also expanding and perfecting its core functionality. I would like to see it to continue to improve its predictive analytics and machine learning tools. It is not to be said that they are currently lacking, I don't believe it is, but given the current state and direction of the Information Technology world, I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor.

    Network Breach

    We did about a year and a half ago. The implementation was able to notify me 34 seconds after the initial breach had happened, but our implementation was already configured to auto-logout any "suspicious" users (our internal networking team had set this detection code up) which alleviated the problem, before it really became a problem for us.

    Efficiency of Security Team

    Immensely, I cannot stress enough the positive impact this has had on our security team.

    Events per Day

    Our personal implementation brings in only around 48GB to 48.5GB of events per day. Depending on the amount of remote workers in the office, it averages around 50 million events daily.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    We did not encounter any issues with stability.

    What do I think about the scalability of the solution?

    We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster.

    How are customer service and technical support?

    I have not personally dealt with customer service/technical support.

    Which solution did I use previously and why did I switch?

    We did not use a different solution before. The closest thing that we would have done to this would have been personally scraping logs reactively, which cost us roughly two to three hours per issue that arose purely through log searching and remediation.

    How was the initial setup?

    The initial setup is very straightforward, unzipping a tar, creating a service, starting the service.

    What about the implementation team?

    My team was the team who had set up this implementation. I would be remiss if I didn't say that our level of expertise is quite high with an average of 4 Splunk certifications per person on my team.

    What was our ROI?

    ROI is estimated at saving my team roughly 10 to 12 man hours per week in troubleshooting for our company as well as what our profits had been from our services of installing, configuring, and supporting other clients with the product.

    What's my experience with pricing, setup cost, and licensing?

    Setup cost is cheap: It is free, it is user-friendly, and it is fast. 

    I would highly recommend anyone evaluating this option to download the free trial which allows for the ingestion of 500MB of data per day in order to get a feel for what Splunk does at its core. It will get pricey once your ingestion rates start to sky rocket, but I would consider it expensive given the amount of information that it allows you to analyze and react on straight out-of-the-box.

    Which other solutions did I evaluate?

    We evaluated the ELK Stack, of which recently we have implemented with a customer who was looking for a more lightweight, cheaper alternative that would work "Good Enough". They felt they did not need all of the bells and whistles that came with Splunk.

    What other advice do I have?

    If you have an R&D department within your company that is looking for something new to increase the efficiencies and effectiveness of your company's operations, I would highly recommend having them get the free trial to test out.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: October 2024
    Buyer's Guide
    Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.