Try our new research platform with insights from 80,000+ expert users
Engineercb47 - PeerSpot reviewer
Engineering Manager at a manufacturing company with 10,001+ employees
Real User
Its AMIs make it easy to spin up a Splunk cluster or add a new node to it
Pros and Cons
  • "It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
  • "On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
  • "For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster."

What is our primary use case?

It is mostly centralized logging, a whole bunch of BI metrics, and an aggregation point, which we have adulterated for some PCI data.

It does meet our use case for the most part.

What is most valuable?

We like the dashboard creation and the ease with which we can harness the APIs to create custom BI dashboards on the fly. This adds most value for us. The nature of some of our microservices that I have run on the cloud are mixed workloads, wherein with the flow of data, it can change over time. In order to adjust for this, and cater to the needs of some of our internal customers, BI dashboards need to be created, tweaked, and modified. Also, doing this by hand is next to impossible. Therefore, we have strung all of this through a programmatic pipeline, which s something which we like because it is easier for us to harness it utilizing the API.

What needs improvement?

For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster.

With the AWS hosted version, we have not hit this bottleneck yet, simply because we are not yet at the multiple terabyte scale. We have hit with the on-premise enterprise version. This is a problem that we run into every so often. We don't run into this problem day in and day out. Only during the month of August through October do we contend with this issue. Also, there is a fair bit of lag. We have our ways to work around it. Between those few months, we are pumping in a lot of data. It is between 8 to 10 terabytes of data easily, so it is at a massive scale. There are also limitations from the hardware perspective, which is why it is an optimizing problem.

For how long have I used the solution?

More than five years.
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.

What do I think about the stability of the solution?

On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures. Therefore, we have had no issues at all. In terms of availability or outages that we've experienced, there haven't been any. We've been fairly happy with the overall landscape of how it works on AWS.

What do I think about the scalability of the solution?

On cloud, we absolutely like it. Splunk AMIs make it easy for us to spin up a Splunk cluster or add a new node to it. For our rapid development and scale of deployments in terms of microservices and the number of microservices that we run, we have had no problems here.

On-premise requires a lot of planning, which happens on a yearly basis. We have Splunk dedicated staff onsite for on-premise to help us through this. 

We have 450 people making use of Splunk in our organization, and there was a bit of knowledge transfer needed on how to write a Splunk query. So, there is a bit of a learning curve. Once you get over it, it is fairly simple to use. We also have ready-made Splunk queries to help people get started.

How are customer service and support?

We do deal with technical support on an ongoing basis. They can definitely do better from a technical point of view. Their only purpose working onsite is to make sure that our massive set of Splunk clusters are online, and the clusters are tuned well enough to work well.

We would expect the technical support people onsite to be subject-matter experts of Splunk. We have seen in a few areas where we have been left wanting more, wherein some of our engineers happen to know more than them in terms of some of the query optimizations, etc. This is where we think there is a fair amount of improvement that can be done. 

What about the implementation team?

We wrote the automation to bootstrap everything onto AWS, which was fairly easy. As long as we had all the hooks going into AWS, and we had the SDK. So, we did not have too much trouble getting the bootstrap up and running.

What was our ROI?

Some of the insights that we have obtained as a part of using Splunk have greatly helped us in increasing our revenue in terms of selling our products.

We have seen a decent ROI. For the month of October 2018, when we had a product launch, we were able to query and generate BI dashboards on the fly. This was huge, and not possible two and a half to three years back because it was more of a manual process. Now, with APIs being available, it is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product.

Which other solutions did I evaluate?

I wasn't there when the evaluation was done. When I came on board, this product was handed down to me, and we have not evaluated any other solutions or products since then.

What other advice do I have?

Make sure it fits your use case. Be clear about what you want to achieve, get out of the product, and how you want to integrate it. Once you tie the solution into your systems, it is not trivial or easy to walk away from. Therefore, due diligence needs to be made to understand what your requirements are before choosing a product. Some companies may not even want to host, and prefer to go the managed services route.

We have it integrated with every product that I can think of.

We use both the AWS and on-premise versions. The AWS hosted version typically caters to all the microservices that we run on AWS, so there is a clear segregation between on-premise and cloud. In terms of usability and experience, both of them have been similar. We have seen a few bottlenecks on the cloud, but that can probably be attributed more on the user side of the house in terms of the way we write our applications and the type of payloads that we sent this month. This is an optimization which is ongoing from our end. Other that, we have been fairly happy with Splunk and what we get out of it.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Chief Architect at PathMaker Group
MSP
It has a big user base, so the community is useful
Pros and Cons
  • "It has a big user base, so the community is useful."
  • "The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."

What is our primary use case?

We primarily use it for SIEM.

What is most valuable?

It has a big user base, so the community is useful.

What needs improvement?

The community surrounding the product is okay, but I would like more material supplied by Splunk around some more common integration stuff. I wish there was a bigger library, because we are building stuff. Where I often feel like other people have done things before, we are reinventing the wheel. While it is not a core piece of our organization and it is not a priority, it does inform our SIEM platform. It would be nice if there was a little more cookie cutter solutioning inside of it, and that they would take a little more time to shake it out.

The first year and a half was a little wacky with its usefulness, but now it is a solid piece of our infrastructure.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We don't have any issues with it now. We had some issues in the past, but we chalked those up to user error. We didn't know what we were doing at first.

What do I think about the scalability of the solution?

We haven't had any issues with it.

How is customer service and technical support?

I haven't heard any complaints about the technical support.

How was the initial setup?

The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us.

What's my experience with pricing, setup cost, and licensing?

It would be nice if the pricing were cheaper. However, we did purchase it.

Which other solutions did I evaluate?

We evaluated Alert Logic and Splunk. We still use both products heavily. 

We have different use cases for the products. At first, Splunk was free, so we started to take more advantage of it.

What other advice do I have?

Do your homework and make sure it fits your needs.

The product is pretty good. We are pretty satisfied with it. It does what it does.

We host the product on AWS, but we did not purchase it on the AWS Marketplace.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
PeerSpot user
Lead Systems Architect at a energy/utilities company with 10,001+ employees
Real User
Visualizations helped the organisation have a better understanding of its KPIs
Pros and Cons
  • "Visualizations helped the organisation with a better understanding of its KPIs."
  • "Splunk setup is easy and straightforward. ​"
  • "Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform."
  • "Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
  • "Configuring a few apps is complex, not straightforward."

What is our primary use case?

Splunk provided me a platform to analyze both infrastructure loads and application performance for quick troubleshooting saving a load of time. Versatile apps at Splunkbase helped me to better configure and enhance visualization of the KPIs in my application.

How has it helped my organization?

  • Splunk has reduced application downtime by helping identify the point of failure.
  • It has helped in identifying information streaming bottlenecks. 
  • Its machine learning capabilities along with custom script implementation has helped the organization a lot.
  • Visualizations helped the organisation have a better understanding of its KPIs. 

What is most valuable?

Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform. 

What needs improvement?

  • Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex.
  • Configuring a few apps is complex, not straightforward.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How was the initial setup?

Splunk setup is easy and straightforward. 

What's my experience with pricing, setup cost, and licensing?

Splunk is a bit pricier, but the benefits and ROI are huge.

Which other solutions did I evaluate?

We also evaluated ELK, Dynatrace, and New Relic, but Splunk provided a comprehensive solution to fit our all around needs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Information Architect at a financial services firm with 5,001-10,000 employees
Real User
Provides visibility into business metrics and insights that deliver value.
Pros and Cons
  • "Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
  • "We usually have to follow up with technical support on our open cases."

How has it helped my organization?

It is deployed to investigate, detect, respond, and prevent security incidents and threats by providing valuable context and visual insights to make faster and smarter security decisions.

What is most valuable?

  • Splunk delivers a holistic view of an application (the big picture).
  • Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value.
  • Significant reduction in mean-time-to-investigate (MTTI) and mean-time-to-resolve (MTTR) production incidents from days to hours.
  • Splunk visualization capabilities help pinpoint problem areas, spikes, and anomalies easier and faster.
  • Ability to monitor and resolve integration problems before they impact the business user area.
  • Splunk is being used as part of the development life cycle, resulting in better quality and more efficient applications.
  • Provides additional insights into a 360 degree view of the customer.

What needs improvement?

We usually have to follow up with technical support on our open cases. Otherwise, Splunk listens to customers and is constantly incorporating their feedback in future releases.

What do I think about the stability of the solution?

There are no software stability issues. The issues so far have been internal.

What do I think about the scalability of the solution?

There are no scalability issues. If you are planning on using Splunk for security use cases, I would recommend you go with Linux for your OS.

How are customer service and technical support?

We have the enterprise level of support. This is one area Splunk could improve upon, since we usually have to follow up with them on our open cases.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

There were no issues with the initial setup. We utilized Splunk’s partner zones for the initial setup. In retrospect, we should have utilized Splunk Professional Services.

What's my experience with pricing, setup cost, and licensing?

Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO.

We contacted Gartner and other business associates to determine what others are paying for Splunk.

Which other solutions did I evaluate?

We started researching ELK (Elastic, Logstash, Kibana). But management was so impressed with Splunk that we ended this research.

What other advice do I have?

Ensure you have an executive sponsors to fully deploy Splunk across your organization to maximize your ROI and lower your TCO.

Make use of Splunk Professional Services.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Alireza Ghahrood - PeerSpot reviewer
Alireza GhahroodConsultant & Instructor -Cyber Security,GovernanceRIskCompliance (CISO as a Services) at Independent
Top 10Real User

If there's gold in log files, Splunk will help you to find it. Splunk bridges the gap between simple log management and security information and event management products from vendors such as ArcSight, RSA, Q1 Labs and Symantec.

Splunk lets you gather log data from systems and devices, and run queries on that data to find issues and debug problems. Splunk's capabilities also include reporting and alerting, pushing it ever-so-slightly into the world of SIEM.

What separates out Splunk from the world of Syslog servers and SIEM tools is Splunk Apps, a library of nearly 200 addons that make Splunk smarter about particular types of log information, change its look-and-feel or add new types of analysis.

Sontas Jiamsripong - PeerSpot reviewer
Account Presale at a tech services company with 1,001-5,000 employees
Real User
Top 10
A flexible solution
Pros and Cons
  • "Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
  • "I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."

What is our primary use case?

The project we are working on with Splunk is short as the customer has given us two months to implement. My company is a Splunk partner.

What is most valuable?

Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later.

What needs improvement?

I would like Splunk to add more integration. QRadar has many indications with more products than Splunk.

For how long have I used the solution?

I have been working with Splunk for three months.

What do I think about the scalability of the solution?

Splunk is quite good if you want to scale it.

Which solution did I use previously and why did I switch?

My client has some pain points with QRadar and does not feel the kilogram function is accurate. Other features do not match with the customer behavior as well. They want to replace QRadar with Splunk because they are familiar with this solution.

How was the initial setup?

The initial setup of Splunk is complex. It requires a lot of equipment and uploads.

What about the implementation team?

My company provides the implementation and maintenance services to our customers.

What's my experience with pricing, setup cost, and licensing?

Splunk licensing requires you to purchase licenses for any feature per user. For example, if you need UEBA, it is difficult to propose in the project. QRadar has a free upcharge for UEBA. Customers cannot calculate the additional costs based on gigabytes per day because they can not forecast the future.

What other advice do I have?

Due to the cost of Splunk, I recommend it for larger companies. Splunk is powerful when sorting huge amounts of data. 

Implementation of Splunk takes preparation. It requires a lot of resources and needs the infrastructure to support the project.

I would rate the solution an 8 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1524594 - PeerSpot reviewer
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
Seamless integration with devices and operating systems, centralized management and control, and proactive support
Pros and Cons
  • "The integration is seamless with many devices and operating systems."
  • "Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."

What is our primary use case?

We are a solution provider and Splunk is something that we provide as a service to our customers.

What is most valuable?

The most valuable feature is the reporting and the information that is provided by the tool.

It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.

The integration is seamless with many devices and operating systems.

It is flexible enough that you can choose what kind of deployment model you want.

They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.

What needs improvement?

Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it. It should be easy to customize dashboards.

When we are monitoring something, we would like to have a more granular outlook. Splunk has a good dashboard that is easier to use than some competing products, but better customizability would be a great help for the users.

For how long have I used the solution?

We have been working with Splunk for approximately three years.

What do I think about the stability of the solution?

This product is very stable.

What do I think about the scalability of the solution?

Splunk is a very scalable solution. Being a Japanese product, they will ensure that all of the features work in any environment. It is very heterogeneous. It can integrate with Windows, Linux, AIX, HP-UX, and Solaris. It also supports IoT devices, mobile phones, and more.

We have more than 150,000 people using our services.

How are customer service and technical support?

The Splunk team has good, proactive support. Also in terms of assisting with the installation, they are quite good.

Which solution did I use previously and why did I switch?

Splunk is similar to IBM QRadar, which we also have experience with. However, Splunk has advanced SIEM features included with it, so we often use it to satisfy this requirement. Whenever an organization is looking to implement SIEM, they have the flexibility to choose Splunk, QRadar, or the ArcSight Logger solution.

One of the major differences that I see between Splunk and QRadar is that Splunk gives the users fewer devices, so they can do things quicker. 

How was the initial setup?

The installation for Splunk is easier than competing products QRadar and ArcSight.

We have Splunk deployed on the cloud so that we can provide the service, but some of our customers have it installed on-premises.

All the user has to do is download the Splunk server agent, install it on the laptop or endpoint, integrate 50 or 100 devices, then see what kind of reporting is available.

What about the implementation team?

We have an in-house team for deployment in maintenance. Splunk is a tool that does not require much staff to maintain. The users can start with a PoC, simply learn it, and deploy it for themselves. They don't require subject experts to be hired for the installation and configuration.

What's my experience with pricing, setup cost, and licensing?

Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive.

What other advice do I have?

This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1505082 - PeerSpot reviewer
Assistant Manager System at a financial services firm with 10,001+ employees
Real User
Stable, with easy log connection and the capability to scale
Pros and Cons
  • "Its compatibility with other SIEMS is very useful."
  • "We find that the maintenance process could be a lot better."

What is our primary use case?

We are using Splunk as a SIEM tool. We're using it for monitoring.

What is most valuable?

The ease of log connection has been great. 

Its compatibility with other SIEMS is very useful. 

They have many basic use cases that we like. 

The cloud version of the solution is especially scalable.

The product has been quite stable so far.

The initial setup is very easy.

What needs improvement?

Technical support is lacking post-sale.

The modification of firmware could be improved.

We find that the maintenance process could be a lot better. 

The solution is more expensive than other options on the market.

For how long have I used the solution?

We haven't been using the solution for too long at this point. It's been about four months or so.

What do I think about the stability of the solution?

The stability has been good. It offers good performance and doesn't seem to be buggy. There aren't glitches. It doesn't crash or freeze. It's reliable.

What do I think about the scalability of the solution?

The solution is scalable. This is especially true for the cloud deployment model. There really isn't anything holding you back if you use that version.

We have around 100 people on the solution currently. 60 to 70 of those are technical users.

We do plan to keep using Splunk

How are customer service and technical support?

Technical support services are lacking, especially after you buy the product. They aren't as helpful or responsive as we need them to be. However, when we do reach them, they are good and they help.

Which solution did I use previously and why did I switch?

I have used McAfee Nitro in the past and IBM QRadar as well.

How was the initial setup?

The initial setup is not complex. It's very straightforward. In fact, it's far easier to install than other log tools on the market. A company shouldn't have any issues with the process.

That said, I did not work on the installation myself. Other people at the company handled that aspect of the process.

The maintenance process could be better. It's a bit difficult once the deployment is done. We need about five people for maintenance tasks.

What's my experience with pricing, setup cost, and licensing?

When you compare the services and features, the pricing is reasonable. That said, if you compare Splunk to other options on the market, it is more expensive.

What other advice do I have?

As we recently purchased the solution, we are using the latest version right now.

I would recommend the solution to other users. 

I would rate the solution at an eight out of ten. If the solution offered a better price and better support services, I would likely rate it higher. However, for the most part, we have been satisfied with the product and its capabilities.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Splunk Administrator at Arizona State University
Real User
Provides important insights to more efficiently make decisions and take action
Pros and Cons
  • "My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
  • "Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data."
  • "While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
  • "Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."

What is our primary use case?

We use Splunk primarily to provide our security and ops groups with important insights to more efficiently make decisions and take action.

How has it helped my organization?

My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports.

What is most valuable?

Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data. They can make connections that we could not have foreseen. They dig deeper when they are searching.

What needs improvement?

Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run.

While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.