Try our new research platform with insights from 80,000+ expert users
General Manager at Intersoft S.A.
Reseller
A great solution for application management, security and compliance
Pros and Cons
  • "The correlation capabilities are the first value that our clients say they like with Splunk."
  • "The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."

What is our primary use case?

We use Splunk for security and also PCI compliance.

We have installed and implemented this solution for several clients in Bolivia with our team. We have received training from Splunk directly, and we have also provided training to our clients.

We deploy two versions: one for on-premise and one for the cloud.

Most of our customers purchase Splunk because they required a tool for gathering and collecting all of the logs from the infrastructure in order to make a correlation between data and to spot patterns surrounding security incidents.

What is most valuable?

The correlation capabilities are the first value that our clients say they like with Splunk. Another benefit is that they can connect to any device or log from any device from anywhere.

It's easy, the tool is very easy to install and set up. 

What needs improvement?

They could have more dashboards done or predefined so our clients could use them directly in order to have more information ready to use.

The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client.

For how long have I used the solution?

We have been using this solution for more than five years.

Buyer's Guide
Splunk Enterprise Security
March 2025
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.

What do I think about the stability of the solution?

Stability-wise, it's great.

What do I think about the scalability of the solution?

We do not require much scalability here because the clients are not so big; however, the hardware where we installed the products was enough to handle all the transactions of Splunk.

How are customer service and support?

The support is not so good, I would only give them a rating of six or seven.

They should provide support in Spanish here in Latin America. Their response time to inquires or requirement tickets is too long. It should be shorter.

How was the initial setup?

Deployment took us two weeks.

What other advice do I have?

I would recommend Splunk to any company: small, medium, and large.

Splunk is a great tool but you should get a partner who knows what they are doing, implementation-wise. 

On a scale from one to ten, I would give Splunk a rating of nine.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
reviewer1062186 - PeerSpot reviewer
Sr. IT Manager at a pharma/biotech company with 10,001+ employees
Real User
Top 20
Good log aggregation and scales well, with good technical support that is responsive and helpful
Pros and Cons
  • "The most valuable feature is that it's very good for log aggregation."
  • "The implementation and the scanning of the logs can be difficult."

What is our primary use case?

We are using Splunk to look at the logs, and see what is happening.

What is most valuable?

The most valuable feature is that it's very good for log aggregation.

What needs improvement?

Splunk is very complex. The implementation and the scanning of the logs can be difficult.

For how long have I used the solution?

I have been using Splunk for approximately three years.

What do I think about the stability of the solution?

In general, Splunk is stable.

What do I think about the scalability of the solution?

It's a scalable product. it's pretty good.

How are customer service and technical support?

Technical support is usually pretty good.

They are responsive, knowledgeable, and helpful.

How was the initial setup?

The initial setup was relatively straightforward.

What's my experience with pricing, setup cost, and licensing?

The price is comparable.

What other advice do I have?

I would rate Splunk and eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
March 2025
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
PeerSpot user
VMware Engineer at First Data Corporation
Real User
In-depth logs but downloading and uploading logs have become an issue

How has it helped my organization?

100%. VMware needs log information to troubleshoot; it's not easy finding problems.

Downloading and uploading logs have become an issue.

What is most valuable?

  • In-depth logs
  • Add-ons 
  • The ability to ingest data from other tools
  • The detailed log view
  • It's easy to read

What needs improvement?

  • The amount of time it takes to troubleshoot not-easily-available data
  • Also, hours on the phone with VMware techs.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Application Engineer at Expedia
Real User
The most valuable feature is its centralized log analytics
Pros and Cons
  • "We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
  • "The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."

What is our primary use case?

The primary use case is for log analytics. Although, we have been using it as a hammer which hits all the nails. We have sort of overused it in some areas where it doesn't need to be used.

How has it helped my organization?

We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health. From there, you can drill in to see the real deep dive example of what is happening in your environment. It has reduced our time to resolve incidents. 

What is most valuable?

The most valuable feature is its centralized log analytics.

What needs improvement?

The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer. Splunk is good about viewing data within the last seven or 14 days, but if you want to see a year-over-year trend, you have to do a lot of work to get to that point. If there was a better way to extract the data point and put it into a long-term viewing ability for a year-over-year analysis, then compare that to your other business metrics. That is what I am looking for, as an example, for a call center you want to see the time it takes for your customer to be handled on their need comparatively to the system performance that is happening, then overlay that data. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We put a lot of trust in it. It has been pretty rock-solid outside of a couple of changes that we made. Upgrades sometimes don't always go smoothly, but otherwise the system performs, and operates. 

What do I think about the scalability of the solution?

When we were trying to implement an enterprise solution on-premise, we had scaling issues. It was very difficult to search the data retention beyond a few days. A lot of talent was given to the ability to go into AWS and scale with our need. We still had to do some administrative things to prevent consumers from trying to search all records for all time in very inefficient searches. This could sometimes bring our core system functionality to a halt, so we had to do some user administration in it.

How is customer service and technical support?

I don't engage with the support directly. Another member of my team does. Any time that we have needed support, he hasn't had an issue opening a ticket and receiving the help that he needs.

How was the initial setup?

The integration and configuration in the AWS environment was pretty good. They have a consumption method for pretty much every service. They might be able to do a little better at advertising different patterns for best practices for different service, but overall there's a method to get everything.

What was our ROI?

We have had a reduction in the time it takes to resolve issues and correlate what has failed. This has significantly helped.

Which other solutions did I evaluate?

We looked at the Elk Stack, Kibana, and Sumo Logic.

We chose Splunk because their cost is better, the maintenance factor is a little higher, and the core functionality is higher than what other products provide. The core functionality is out-of-the-box. E.g., with a Toyota Scion, you can customize the parts to make it whatever you want, but it's a lot of work to get there. Where if you buy a Cadillac, you pay the Cadillac's price, but it's a Cadillac. It will work right out-of-the-box.

What other advice do I have?

It works well when searching logs. If you looked to try to do things beyond this, the problem that we ran into is that we treated it as the hammer which hits all nails. That is not really feasible, and there are other tools out there that can do more specialized things.

User administration is key. Trying to prevent users from being able search records all the time is a huge problem. You need a tight approval process on dashboards, making sure the dashboards are queried in the most efficient way possible. 

The on-premise version that we had was not scalable at all. It was very difficult to use. We have EC2 instances in the cloud with Splunk installed, which is more scalable and easier to use. It now works much better.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security1747 - PeerSpot reviewer
Security Architect at a comms service provider with 10,001+ employees
Real User
It is a place for all our logs and everything goes in one place.
Pros and Cons
  • "The stock analysts and security people use one single dashboard (one single location) to check our logs."
  • "It scales better in the cloud than on-premise."
  • "We would like more integrations with other cloud products, not just AWS, e.g., Azure."
  • "There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."

What is our primary use case?

We use it for log analysis and alerting, and our stock analysts use it.

I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.

How has it helped my organization?

It is a place for all our logs, and everything goes in one place. The stock analysts and security people use one single dashboard (one single location) to check our logs.

What is most valuable?

  • Easy indexing.
  • The solution is faster.

What needs improvement?

Every product needs improvement. If we can get a faster product, we will take it. There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good.

We would like more integrations with other cloud products, not just AWS, e.g., Azure.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The stability is good. We stress it at 98 percent.

What do I think about the scalability of the solution?

The AWS scalability is pretty good. We currently have it running on three servers.

How is customer service and technical support?

Other teams have told me that the technical support is pretty good.

How was the initial setup?

For the few integrations that we have already made, these have been easy to do.

What was our ROI?

We have seen ROI.

What's my experience with pricing, setup cost, and licensing?

Splunk is not free.

What other advice do I have?

I would recommend trying different stuff based on your company's needs and log types.

We like the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security Architect at a energy/utilities company with 1,001-5,000 employees
Vendor
Some of the valuable features Machine learning, Common Information Model, and Log storage.
Pros and Cons
  • "Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
  • "The GUI can be improved to include some of the capabilities that other BI solutions have."

How has it helped my organization?

  • We can do things in minutes instead of days.
  • We solve issues which we could not before since we have the data.
  • We can quickly search for almost anything across many log sources in seconds
  • Teams have the dashboards or alerts that they need

What is most valuable?

There are too many features to list, but here are a few:

  • Schema on the fly
  • Ease of on-boarding data
  • Machine learning
  • Apps or Splunk base.
  • Great list of apps to use and also build upon once you learn more about how Splunk works.
  • We build many of our own apps by leveraging the logic in the others.
  • Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort
  • Data Models Acceleration for super fast searches across tens of millions of events
  • Common Information Model
  • Security Essentials App
  • Enterprise Security
  • Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities
  • Log storage or compression is great and retention is not an issue
  • Dashboards are simple to create and the input options like Time Range, Text
  • Drop-downs are simple to create.
  • Integration with cloud solutions is great and keeps getting better.
  • Can get info from rest API’s easily and there are apps for services like ServiceNow, Azure, Office365, etc.

What needs improvement?

The GUI can be improved to include some of the capabilities that other BI solutions have. Basically, the layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this could become a non-issue.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

Technical support is excellent. They also have Splunk Answers, which is community driven and it great.

Which solution did I use previously and why did I switch?

We were not able to get the value we needed from the previous solution. It was too difficult or complex. With Splunk, we can do things we want and things we have not even dreamed of yet.

How was the initial setup?

The initial setup was straightforward. We had the POC up in minutes. Within days, we got more value out of this solution than our existing solution.

What's my experience with pricing, setup cost, and licensing?

While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events. We have replaced many solutions with Splunk, which have more than paid for the Splunk licensing.

Which other solutions did I evaluate?

We evaluated ArcSight, QRadar, and LogRhythm.

What other advice do I have?

Do a PoC and you will be amazed. Also, check out the Splunk .conf sessions to see what is possible. If you are into security, watch Mark Russinovich’s RSA 2017 presentation about Sysmon. Check out free EDR type capabilities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MS Alam - PeerSpot reviewer
MS AlamSystem Administrator at Abdullah Al-Othaim Markets
Real User

agree with you Mr. Kent this machine have more valuable feature.

Senior Information Technology System Analyst at YASH Technologies
Real User
Impressive UI, many useful features, and very scalable, but needs alerting feature and better pricing and integration
Pros and Cons
  • "There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
  • "Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."

What is most valuable?

There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.

What needs improvement?

Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. 

The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature.

A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable.

I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure.

For how long have I used the solution?

I have been using this solution for almost two years. I am using its latest version.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

Splunk is definitely scalable.

How are customer service and technical support?

I have not interacted with them. Another team is taking care of raising tickets with their technical support.

How was the initial setup?

It is quite simple.

What's my experience with pricing, setup cost, and licensing?

Its pricing model can be improved.

What other advice do I have?

A few years ago, I would have definitely recommended Splunk, but nowadays, better alternatives are available. We are currently exploring a few other alternatives, so I won't recommend Splunk as of now.

I would rate Splunk a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1524594 - PeerSpot reviewer
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
Seamless integration with devices and operating systems, centralized management and control, and proactive support
Pros and Cons
  • "The integration is seamless with many devices and operating systems."
  • "Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."

What is our primary use case?

We are a solution provider and Splunk is something that we provide as a service to our customers.

What is most valuable?

The most valuable feature is the reporting and the information that is provided by the tool.

It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.

The integration is seamless with many devices and operating systems.

It is flexible enough that you can choose what kind of deployment model you want.

They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.

What needs improvement?

Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it. It should be easy to customize dashboards.

When we are monitoring something, we would like to have a more granular outlook. Splunk has a good dashboard that is easier to use than some competing products, but better customizability would be a great help for the users.

For how long have I used the solution?

We have been working with Splunk for approximately three years.

What do I think about the stability of the solution?

This product is very stable.

What do I think about the scalability of the solution?

Splunk is a very scalable solution. Being a Japanese product, they will ensure that all of the features work in any environment. It is very heterogeneous. It can integrate with Windows, Linux, AIX, HP-UX, and Solaris. It also supports IoT devices, mobile phones, and more.

We have more than 150,000 people using our services.

How are customer service and technical support?

The Splunk team has good, proactive support. Also in terms of assisting with the installation, they are quite good.

Which solution did I use previously and why did I switch?

Splunk is similar to IBM QRadar, which we also have experience with. However, Splunk has advanced SIEM features included with it, so we often use it to satisfy this requirement. Whenever an organization is looking to implement SIEM, they have the flexibility to choose Splunk, QRadar, or the ArcSight Logger solution.

One of the major differences that I see between Splunk and QRadar is that Splunk gives the users fewer devices, so they can do things quicker. 

How was the initial setup?

The installation for Splunk is easier than competing products QRadar and ArcSight.

We have Splunk deployed on the cloud so that we can provide the service, but some of our customers have it installed on-premises.

All the user has to do is download the Splunk server agent, install it on the laptop or endpoint, integrate 50 or 100 devices, then see what kind of reporting is available.

What about the implementation team?

We have an in-house team for deployment in maintenance. Splunk is a tool that does not require much staff to maintain. The users can start with a PoC, simply learn it, and deploy it for themselves. They don't require subject experts to be hired for the installation and configuration.

What's my experience with pricing, setup cost, and licensing?

Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive.

What other advice do I have?

This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.