Splunk Enterprise Security Reviews

I use Splunk for testing purposes. It is used for school research and to learn how to use Splunk. 

Splunk is mainly used for collecting logs and dashboards.

Splunk provides a free version so you can test it before purchasing.  It's better than IBM, in my opinion, because it's an independent entity. IBM, for example, if you want to use EDR, and other features, you must use the features of other companies, such as ServiceNow and Jira.

I am still exploring the features provided in Splunk. As I have not used it for a long time, I don't have a clear vision of it.

As a student, I'd like to see more labs and things for students to test in order to learn.

Having a trial version or more training on Splunk would be helpful.

There is a free version, but it is insufficient for training and learning because it is a little bit difficult to work with, especially if you are a beginner. It's difficult to improve when you're just starting out with logs and SOC. As a result, we require a longer free version.

Splunk is not used in my company. During my internship, I am being taught how to use it at school.

I have been using Splunk for one month.

I did not have any issues with the stability of Splunk. It was quite stable.

There was technical assistance available. When you require assistance, they provide it, they will respond.

We integrate Jira with QRadar which is helpful.

The initial setup was simple because there is available support and tutorials.

I completed the installation with the help of some friends, in the IT department.

I'm only using the free version for the time being.

The cost is reasonable.

Splunk's costing is a little more difficult. The pricing method is complicated, and the way that costing is calculated in Splunk is a little more difficult.

When compared to QRadar, QRadar, it's simple to pay. 

I did some research for a school project. I needed to compare it to Splunk and a few other tools. As a result, I'm not particularly interested in purchasing them.

I would rate Splunk an eight out of ten.

We are using Splunk for querying data from different sources.

Splunk has machine learning which is a valuable feature.

The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use.

I have used Splunk within the past 12 months.

Splunk is a stable solution.

We have contacted the support and most of the reasons we have contact support has been project-related. For example, we want the APAs to work in a certain way or for certain fixes.

I have been using Splunk for approximately 

We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job.

The solution could improve by giving more email details.

In a future release, the solution could improve on the artificial intelligence features, such as if an alert comes, it could automatically do logging from the system, get the KV knowledge base, and perform other functions. This would be a benefit.

I have used Splunk for approximately five years.

The technical support is good.

The initial setup is complex.

The price of Splunk is reasonable.

We have evaluated SoapUI and Postman, and we are still evaluating others.

I rate Splunk a seven out of ten.

There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.

Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. 

The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature.

A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable.

I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure.

I have been using this solution for almost two years. I am using its latest version.

It is a stable product.

Splunk is definitely scalable.

I have not interacted with them. Another team is taking care of raising tickets with their technical support.

It is quite simple.

Its pricing model can be improved.

A few years ago, I would have definitely recommended Splunk, but nowadays, better alternatives are available. We are currently exploring a few other alternatives, so I won't recommend Splunk as of now.

I would rate Splunk a seven out of ten.

We are using Splunk to look at the logs, and see what is happening.

The most valuable feature is that it's very good for log aggregation.

Splunk is very complex. The implementation and the scanning of the logs can be difficult.

I have been using Splunk for approximately three years.

In general, Splunk is stable.

It's a scalable product. it's pretty good.

Technical support is usually pretty good.

They are responsive, knowledgeable, and helpful.

The initial setup was relatively straightforward.

The price is comparable.

I would rate Splunk and eight out of ten.

We use Splunk for log analysis and security monitoring.

Splunk allows us to look at logs from different groups within NIH and see if there's a widespread threat or issue.

The most valuable feature is the log aggregation, being able to scan through all of the logs.

Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for.

In the next release of this product, I would like to see it offer more recommendations as to what needs to be done.

We have been using Splunk for between two and three years.

In terms of stability, the product seems to work just fine. We haven't had any problems with it.

It can be somewhat of a resource hog; some of the scans can take a while. We do plan to increase our usage in the future.

Technical support for Splunk is good.

The initial setup is relatively straightforward.

There were consultants involved in the deployment.

I would rate this solution a seven out of ten.

• Log mining
  
• Log analysis

It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are.

• The product is adept at log mining.
• It has the flexibility to do multiple analyses.
• It works across heterogeneous environments in different ways. 

I have not tested the hybrid model yet. I don't know whether all its integrations and interfaces will work between the cloud and on-premise model. I also don't know if across multiple clouds all the products will perform properly.

If it could be made available as a service, this would be much better than as a product.

It is stable under production environments.

The scalability is decent. We have implemented it in our production environment, and it scales.

We have seen ROI and improvements as we have continued to use the product, but they are more reactive. We want to be proactive on an enterprise-wide scale.

We considered Oracle Enterprise Manager, but Splunk is way more powerful. Splunk is product-agnostic, as it can move across different platforms and products. 

Explore Splunk. The product has a lot of depth.

It works with multiple products which are scheduling systems to ERPs to legacy, and it works perfectly fine.

I use the on-premise version. I have not had the opportunity to explore the AWS on Splunk version yet.

We use Splunk for a few different use cases:

1. We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards.
2. We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams.
3. We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.

It has improved our organization in many ways:

1. Having Splunk as part of one of our software products was our choice for giving our customers a great user experience.
2. It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems.

• The easy automatic field parsing of logs. 
• Data model acceleration
  
• The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink.

It needs to improve the way to install third-party apps and enable installation without logging into splunk.com.

Not at all.

Not really.

Their support is pretty good, but not amazing. Although we have our own in-house Splunk expert who worked for Splunk themselves for a few years, we do not really need external support that much. We basically use them for licensing stuff. 

The forums are pretty thorough, so technically we have not had much need for support.

The initial setup is easy. Although, we currently use just a single server and not multi-server clustered instances. 

For our Linux instance setup, an upgrade is very easy. It is all managed by about three simple Bash scripts.

It is possible to use a developer's license, which is up to 10GB per day of volume traffic, which is usually enough for most use cases.

We evaluated ELK Stack and QlikView.

We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.