Try our new research platform with insights from 80,000+ expert users
reviewer1062186 - PeerSpot reviewer
Sr. IT Manager at a pharma/biotech company with 10,001+ employees
Real User
Top 20
Good log aggregation and scales well, with good technical support that is responsive and helpful
Pros and Cons
  • "The most valuable feature is that it's very good for log aggregation."
  • "The implementation and the scanning of the logs can be difficult."

What is our primary use case?

We are using Splunk to look at the logs, and see what is happening.

What is most valuable?

The most valuable feature is that it's very good for log aggregation.

What needs improvement?

Splunk is very complex. The implementation and the scanning of the logs can be difficult.

For how long have I used the solution?

I have been using Splunk for approximately three years.

Buyer's Guide
Splunk Enterprise Security
March 2025
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
849,190 professionals have used our research since 2012.

What do I think about the stability of the solution?

In general, Splunk is stable.

What do I think about the scalability of the solution?

It's a scalable product. it's pretty good.

How are customer service and support?

Technical support is usually pretty good.

They are responsive, knowledgeable, and helpful.

How was the initial setup?

The initial setup was relatively straightforward.

What's my experience with pricing, setup cost, and licensing?

The price is comparable.

What other advice do I have?

I would rate Splunk and eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
VMware Engineer at First Data Corporation
Real User
In-depth logs but downloading and uploading logs have become an issue

How has it helped my organization?

100%. VMware needs log information to troubleshoot; it's not easy finding problems.

Downloading and uploading logs have become an issue.

What is most valuable?

  • In-depth logs
  • Add-ons 
  • The ability to ingest data from other tools
  • The detailed log view
  • It's easy to read

What needs improvement?

  • The amount of time it takes to troubleshoot not-easily-available data
  • Also, hours on the phone with VMware techs.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
March 2025
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
849,190 professionals have used our research since 2012.
Application Engineer at Expedia
Real User
The most valuable feature is its centralized log analytics
Pros and Cons
  • "We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
  • "The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."

What is our primary use case?

The primary use case is for log analytics. Although, we have been using it as a hammer which hits all the nails. We have sort of overused it in some areas where it doesn't need to be used.

How has it helped my organization?

We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health. From there, you can drill in to see the real deep dive example of what is happening in your environment. It has reduced our time to resolve incidents. 

What is most valuable?

The most valuable feature is its centralized log analytics.

What needs improvement?

The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer. Splunk is good about viewing data within the last seven or 14 days, but if you want to see a year-over-year trend, you have to do a lot of work to get to that point. If there was a better way to extract the data point and put it into a long-term viewing ability for a year-over-year analysis, then compare that to your other business metrics. That is what I am looking for, as an example, for a call center you want to see the time it takes for your customer to be handled on their need comparatively to the system performance that is happening, then overlay that data. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We put a lot of trust in it. It has been pretty rock-solid outside of a couple of changes that we made. Upgrades sometimes don't always go smoothly, but otherwise the system performs, and operates. 

What do I think about the scalability of the solution?

When we were trying to implement an enterprise solution on-premise, we had scaling issues. It was very difficult to search the data retention beyond a few days. A lot of talent was given to the ability to go into AWS and scale with our need. We still had to do some administrative things to prevent consumers from trying to search all records for all time in very inefficient searches. This could sometimes bring our core system functionality to a halt, so we had to do some user administration in it.

How is customer service and technical support?

I don't engage with the support directly. Another member of my team does. Any time that we have needed support, he hasn't had an issue opening a ticket and receiving the help that he needs.

How was the initial setup?

The integration and configuration in the AWS environment was pretty good. They have a consumption method for pretty much every service. They might be able to do a little better at advertising different patterns for best practices for different service, but overall there's a method to get everything.

What was our ROI?

We have had a reduction in the time it takes to resolve issues and correlate what has failed. This has significantly helped.

Which other solutions did I evaluate?

We looked at the Elk Stack, Kibana, and Sumo Logic.

We chose Splunk because their cost is better, the maintenance factor is a little higher, and the core functionality is higher than what other products provide. The core functionality is out-of-the-box. E.g., with a Toyota Scion, you can customize the parts to make it whatever you want, but it's a lot of work to get there. Where if you buy a Cadillac, you pay the Cadillac's price, but it's a Cadillac. It will work right out-of-the-box.

What other advice do I have?

It works well when searching logs. If you looked to try to do things beyond this, the problem that we ran into is that we treated it as the hammer which hits all nails. That is not really feasible, and there are other tools out there that can do more specialized things.

User administration is key. Trying to prevent users from being able search records all the time is a huge problem. You need a tight approval process on dashboards, making sure the dashboards are queried in the most efficient way possible. 

The on-premise version that we had was not scalable at all. It was very difficult to use. We have EC2 instances in the cloud with Splunk installed, which is more scalable and easier to use. It now works much better.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security1747 - PeerSpot reviewer
Security Architect at a comms service provider with 10,001+ employees
Real User
It is a place for all our logs and everything goes in one place.
Pros and Cons
  • "The stock analysts and security people use one single dashboard (one single location) to check our logs."
  • "It scales better in the cloud than on-premise."
  • "We would like more integrations with other cloud products, not just AWS, e.g., Azure."
  • "There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."

What is our primary use case?

We use it for log analysis and alerting, and our stock analysts use it.

I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.

How has it helped my organization?

It is a place for all our logs, and everything goes in one place. The stock analysts and security people use one single dashboard (one single location) to check our logs.

What is most valuable?

  • Easy indexing.
  • The solution is faster.

What needs improvement?

Every product needs improvement. If we can get a faster product, we will take it. There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good.

We would like more integrations with other cloud products, not just AWS, e.g., Azure.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The stability is good. We stress it at 98 percent.

What do I think about the scalability of the solution?

The AWS scalability is pretty good. We currently have it running on three servers.

How is customer service and technical support?

Other teams have told me that the technical support is pretty good.

How was the initial setup?

For the few integrations that we have already made, these have been easy to do.

What was our ROI?

We have seen ROI.

What's my experience with pricing, setup cost, and licensing?

Splunk is not free.

What other advice do I have?

I would recommend trying different stuff based on your company's needs and log types.

We like the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security Architect at a energy/utilities company with 1,001-5,000 employees
Vendor
Some of the valuable features Machine learning, Common Information Model, and Log storage.
Pros and Cons
  • "Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
  • "The GUI can be improved to include some of the capabilities that other BI solutions have."

How has it helped my organization?

  • We can do things in minutes instead of days.
  • We solve issues which we could not before since we have the data.
  • We can quickly search for almost anything across many log sources in seconds
  • Teams have the dashboards or alerts that they need

What is most valuable?

There are too many features to list, but here are a few:

  • Schema on the fly
  • Ease of on-boarding data
  • Machine learning
  • Apps or Splunk base.
  • Great list of apps to use and also build upon once you learn more about how Splunk works.
  • We build many of our own apps by leveraging the logic in the others.
  • Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort
  • Data Models Acceleration for super fast searches across tens of millions of events
  • Common Information Model
  • Security Essentials App
  • Enterprise Security
  • Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities
  • Log storage or compression is great and retention is not an issue
  • Dashboards are simple to create and the input options like Time Range, Text
  • Drop-downs are simple to create.
  • Integration with cloud solutions is great and keeps getting better.
  • Can get info from rest API’s easily and there are apps for services like ServiceNow, Azure, Office365, etc.

What needs improvement?

The GUI can be improved to include some of the capabilities that other BI solutions have. Basically, the layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this could become a non-issue.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How are customer service and technical support?

Technical support is excellent. They also have Splunk Answers, which is community driven and it great.

Which solution did I use previously and why did I switch?

We were not able to get the value we needed from the previous solution. It was too difficult or complex. With Splunk, we can do things we want and things we have not even dreamed of yet.

How was the initial setup?

The initial setup was straightforward. We had the POC up in minutes. Within days, we got more value out of this solution than our existing solution.

What's my experience with pricing, setup cost, and licensing?

While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events. We have replaced many solutions with Splunk, which have more than paid for the Splunk licensing.

Which other solutions did I evaluate?

We evaluated ArcSight, QRadar, and LogRhythm.

What other advice do I have?

Do a PoC and you will be amazed. Also, check out the Splunk .conf sessions to see what is possible. If you are into security, watch Mark Russinovich’s RSA 2017 presentation about Sysmon. Check out free EDR type capabilities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MS Alam - PeerSpot reviewer
MS AlamSystem Administrator at Abdullah Al-Othaim Markets
Real User

agree with you Mr. Kent this machine have more valuable feature.

Senior Information Technology System Analyst at YASH Technologies
Real User
Impressive UI, many useful features, and very scalable, but needs alerting feature and better pricing and integration
Pros and Cons
  • "There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
  • "Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."

What is most valuable?

There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.

What needs improvement?

Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. 

The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature.

A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable.

I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure.

For how long have I used the solution?

I have been using this solution for almost two years. I am using its latest version.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

Splunk is definitely scalable.

How are customer service and technical support?

I have not interacted with them. Another team is taking care of raising tickets with their technical support.

How was the initial setup?

It is quite simple.

What's my experience with pricing, setup cost, and licensing?

Its pricing model can be improved.

What other advice do I have?

A few years ago, I would have definitely recommended Splunk, but nowadays, better alternatives are available. We are currently exploring a few other alternatives, so I won't recommend Splunk as of now.

I would rate Splunk a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1524594 - PeerSpot reviewer
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
Seamless integration with devices and operating systems, centralized management and control, and proactive support
Pros and Cons
  • "The integration is seamless with many devices and operating systems."
  • "Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."

What is our primary use case?

We are a solution provider and Splunk is something that we provide as a service to our customers.

What is most valuable?

The most valuable feature is the reporting and the information that is provided by the tool.

It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.

The integration is seamless with many devices and operating systems.

It is flexible enough that you can choose what kind of deployment model you want.

They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.

What needs improvement?

Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it. It should be easy to customize dashboards.

When we are monitoring something, we would like to have a more granular outlook. Splunk has a good dashboard that is easier to use than some competing products, but better customizability would be a great help for the users.

For how long have I used the solution?

We have been working with Splunk for approximately three years.

What do I think about the stability of the solution?

This product is very stable.

What do I think about the scalability of the solution?

Splunk is a very scalable solution. Being a Japanese product, they will ensure that all of the features work in any environment. It is very heterogeneous. It can integrate with Windows, Linux, AIX, HP-UX, and Solaris. It also supports IoT devices, mobile phones, and more.

We have more than 150,000 people using our services.

How are customer service and technical support?

The Splunk team has good, proactive support. Also in terms of assisting with the installation, they are quite good.

Which solution did I use previously and why did I switch?

Splunk is similar to IBM QRadar, which we also have experience with. However, Splunk has advanced SIEM features included with it, so we often use it to satisfy this requirement. Whenever an organization is looking to implement SIEM, they have the flexibility to choose Splunk, QRadar, or the ArcSight Logger solution.

One of the major differences that I see between Splunk and QRadar is that Splunk gives the users fewer devices, so they can do things quicker. 

How was the initial setup?

The installation for Splunk is easier than competing products QRadar and ArcSight.

We have Splunk deployed on the cloud so that we can provide the service, but some of our customers have it installed on-premises.

All the user has to do is download the Splunk server agent, install it on the laptop or endpoint, integrate 50 or 100 devices, then see what kind of reporting is available.

What about the implementation team?

We have an in-house team for deployment in maintenance. Splunk is a tool that does not require much staff to maintain. The users can start with a PoC, simply learn it, and deploy it for themselves. They don't require subject experts to be hired for the installation and configuration.

What's my experience with pricing, setup cost, and licensing?

Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive.

What other advice do I have?

This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
it_user1415322 - PeerSpot reviewer
Senior Consultant at sectecs
Consultant
Powerful programming language and search capability, but it is expensive and the vendor is inflexible
Pros and Cons
  • "What I really like is that even if you have already collected the data, you can extract fields and can build searches."
  • "I would like to see more SIEM functionality and a better ticket tool."

What is our primary use case?

My reason for implementing it was just to learn more about the product. I wanted to learn about the Splunk programming language, how to pipe searches, add logs, verify the logs, create fields, extract data into fields, build dashboards, and to get hands-on experience with the product.

What is most valuable?

The Splunk programming language allows you to pipe searches into another searches.

What I really like is that even if you have already collected the data, you can extract data and  add fields which improves building searches. This is not the case with Elasticsearch, where this needs to be done upfront.

What needs improvement?

I really dislike how Splunk sales and partner manager behaves. I have faced several sales model and partnership changes. Also, the last time I wanted to by a license ro built a SIEM solution, they had removed the ability to purchase a splunk subscription or license from their website. In the past, there was a web page calculator it was possible to by online, but now it instructs to contact sales.

The free version is limited to 500 megabytes and there is no alerting. Due to the missing feature on the Splunk webpage, I have ask Splunk Sales to purchase a license like 1Gyte a day or a license for max 2500 Euro/year to use it as a test or development instance for myself. Asking Splunk for a quote willing to pay for Splunk license to learn and to get used to the product, Splunk didn't get it managed to offer my a license neither arranging the partnership paperwork I have ask for. Sales people from Splunk where calling, each time after I left my details on ther trial download page. I explained my experience and concerns about Splunk in the past. All excuses received and promises that someone will contact me to solve the issues faced in the past, was leading in excactly nothing. Well Done Splunk.

Inflexible and expensive and I do not have much faith in the people working there because if someone is asking for a test environment and is willing to spend up to €2,500 a year, I can't understand why they are unable to provide a license. This could be a lost opportunity because they are not able to onboard a potential new partner.

They definitely need to boost their sales and partner program because it changes to often, where they are dropping partners and it is difficult to get in contact with somebody. This is something that needs to be improved.

I would like to see more SIEM functionality and embedded moduled such a ticket tool to make a end to end SIEM.

For how long have I used the solution?

I have been using Splunk for a few weeks.

What do I think about the scalability of the solution?

As I was using a test environment, I can't comment on scalability. It was just myself and a colleague who was using it as a test instance.

How are customer service and technical support?

I have not been in contact with technical support.

Which solution did I use previously and why did I switch?

I have worked a little bit with Elasticsearch. I also have an instance of SIEMonster running, and I'm trying to get used to it. I found that Splunk provided a good benefit compared to Elasticsearch.

With Elasticsearch, if you have already inserted the data then it's gone because you need to do the pre-filtering. Once you've inserted or ingested the raw data, using Logstash, for example, you are no longer able to build the fields such as IP address, hostname, username, and the other fields that you want to export. This unsorted, raw data that you have is really a drawback for Elasticsearch and some other products. This is something from Splunk that I consider to be a heavy feature, where you can just insert data and ingest it later on.

How was the initial setup?

really fast and easy to install a test instance.

What's my experience with pricing, setup cost, and licensing?

The pricing model is expensive and could lead into a budget nightmare based on the amount of data.

A better pricing plan would be an improvement.

Which other solutions did I evaluate?

I have done some research on LogRhythm, IBM QRadar, and ArcSight, but I don't have any hands-on experience yet.

I did a comparison for a customer two weeks ago and the outcome of my comparison was SIEMonster, effortable price model, even though it's a niche player, it's quite powerful. I also provided Splunk as a recommendation because it is a market leader, really powerful, and really good to use. I also recommended LogRhythm; it is also expensive but it's also really powerful, and the feedback of customers is really good.

With respect to Splunk, I would recommend it but when a customer is budget-driven then Splunk is not the solution. Money shouldn't be the question.

What other advice do I have?

This is a solution that I could recommend for somebody who wants a really powerful product. It is not an end to end orchestrated SIEM yet.

This is a product that I would generally recommend, although I would not do so if the customer is really budget-driven.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.