What is our primary use case?
We are a solution provider and Splunk is something that we provide as a service to our customers.
What is most valuable?
The most valuable feature is the reporting and the information that is provided by the tool.
It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.
The integration is seamless with many devices and operating systems.
It is flexible enough that you can choose what kind of deployment model you want.
They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.
What needs improvement?
Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it. It should be easy to customize dashboards.
When we are monitoring something, we would like to have a more granular outlook. Splunk has a good dashboard that is easier to use than some competing products, but better customizability would be a great help for the users.
For how long have I used the solution?
We have been working with Splunk for approximately three years.
What do I think about the stability of the solution?
This product is very stable.
What do I think about the scalability of the solution?
Splunk is a very scalable solution. Being a Japanese product, they will ensure that all of the features work in any environment. It is very heterogeneous. It can integrate with Windows, Linux, AIX, HP-UX, and Solaris. It also supports IoT devices, mobile phones, and more.
We have more than 150,000 people using our services.
How are customer service and technical support?
The Splunk team has good, proactive support. Also in terms of assisting with the installation, they are quite good.
Which solution did I use previously and why did I switch?
Splunk is similar to IBM QRadar, which we also have experience with. However, Splunk has advanced SIEM features included with it, so we often use it to satisfy this requirement. Whenever an organization is looking to implement SIEM, they have the flexibility to choose Splunk, QRadar, or the ArcSight Logger solution.
One of the major differences that I see between Splunk and QRadar is that Splunk gives the users fewer devices, so they can do things quicker.
How was the initial setup?
The installation for Splunk is easier than competing products QRadar and ArcSight.
We have Splunk deployed on the cloud so that we can provide the service, but some of our customers have it installed on-premises.
All the user has to do is download the Splunk server agent, install it on the laptop or endpoint, integrate 50 or 100 devices, then see what kind of reporting is available.
What about the implementation team?
We have an in-house team for deployment in maintenance. Splunk is a tool that does not require much staff to maintain. The users can start with a PoC, simply learn it, and deploy it for themselves. They don't require subject experts to be hired for the installation and configuration.
What's my experience with pricing, setup cost, and licensing?
Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive.
What other advice do I have?
This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer.
I would rate this solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
agree with you Mr. Kent this machine have more valuable feature.