We use Splunk for log analysis and security monitoring.
Sr. IT Manager at a pharma/biotech company with 10,001+ employees
Log aggregation helps us quickly detect widespread threats, but it can be resource-heavy
Pros and Cons
- "The most valuable feature is the log aggregation, being able to scan through all of the logs."
- "Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
What is our primary use case?
How has it helped my organization?
Splunk allows us to look at logs from different groups within NIH and see if there's a widespread threat or issue.
What is most valuable?
The most valuable feature is the log aggregation, being able to scan through all of the logs.
What needs improvement?
Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for.
In the next release of this product, I would like to see it offer more recommendations as to what needs to be done.
Buyer's Guide
Splunk Enterprise Security
March 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
849,190 professionals have used our research since 2012.
For how long have I used the solution?
We have been using Splunk for between two and three years.
What do I think about the stability of the solution?
In terms of stability, the product seems to work just fine. We haven't had any problems with it.
What do I think about the scalability of the solution?
It can be somewhat of a resource hog; some of the scans can take a while. We do plan to increase our usage in the future.
How are customer service and support?
Technical support for Splunk is good.
How was the initial setup?
The initial setup is relatively straightforward.
What about the implementation team?
There were consultants involved in the deployment.
What other advice do I have?
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Director at a tech services company with 10,001+ employees
It has the flexibility to do multiple analyses
Pros and Cons
- "It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
- "The product is adept at log mining."
- "If it could be made available as a service, this would be much better than as a product."
What is our primary use case?
- Log mining
- Log analysis
How has it helped my organization?
It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are.
What is most valuable?
- The product is adept at log mining.
- It has the flexibility to do multiple analyses.
- It works across heterogeneous environments in different ways.
What needs improvement?
I have not tested the hybrid model yet. I don't know whether all its integrations and interfaces will work between the cloud and on-premise model. I also don't know if across multiple clouds all the products will perform properly.
If it could be made available as a service, this would be much better than as a product.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is stable under production environments.
What do I think about the scalability of the solution?
The scalability is decent. We have implemented it in our production environment, and it scales.
What was our ROI?
We have seen ROI and improvements as we have continued to use the product, but they are more reactive. We want to be proactive on an enterprise-wide scale.
Which other solutions did I evaluate?
We considered Oracle Enterprise Manager, but Splunk is way more powerful. Splunk is product-agnostic, as it can move across different platforms and products.
What other advice do I have?
Explore Splunk. The product has a lot of depth.
It works with multiple products which are scheduling systems to ERPs to legacy, and it works perfectly fine.
I use the on-premise version. I have not had the opportunity to explore the AWS on Splunk version yet.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Splunk Enterprise Security
March 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
849,190 professionals have used our research since 2012.
Director of IT at BLUE LAKE RANCHERIA
Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed
Pros and Cons
- "Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations."
- "Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
- "The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
What is our primary use case?
We primary use Splunk for log aggregation and search across multiple systems with Splunk Enterprise Security layered on top.
How has it helped my organization?
Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations. This has not only
increased our speed of response, but our efficiency dealing with the issue(s)
raised.
What is most valuable?
Aggregation searches, allowing for conditions to be automatically found in the data, have reduced time and difficulty of identifying trends and conditions which need to reviewed.
What needs improvement?
The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement.
For how long have I used the solution?
One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Junior SAP Security Engineer at Sagesse Tech
Helps reduce our alert volume, speed up security investigations, and normalize data
Pros and Cons
- "The graph visualization is the most valuable feature."
- "The UI can be difficult to understand for non-technical people."
What is our primary use case?
We use Splunk Enterprise Security for our enterprise security.
How has it helped my organization?
Adding more use cases to Splunk can improve our threat detection speed.
It has helped normalize our data.
Splunk Enterprise Security has helped reduce our alert volume and speed up our security investigations.
What is most valuable?
The graph visualization is the most valuable feature.
What needs improvement?
Splunk Enterprise Security needs to improve its stability.
The UI can be difficult to understand for non-technical people.
For how long have I used the solution?
I have been using Splunk Enterprise Security for four months.
What do I think about the stability of the solution?
I would rate the stability of Splunk Enterprise Security a four out of ten. Some bugs cause downtime.
What do I think about the scalability of the solution?
I would rate the scalability a six out of ten.
What other advice do I have?
I would rate Splunk Enterprise Security an eight out of ten.
Splunk Enterprise Security's robust framework enables it to support a wider range of use cases, making it more adaptable and versatile for tackling diverse security challenges.
We have Splunk Enterprise Security deployed across multiple locations.
Splunk Enterprise Security's visualizations are detailed and help users normalize data, making it extremely useful.
The vast array of use cases enabled by Splunk Enterprise Security empowers security teams to address diverse threats and enhance overall security posture.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Account Presale at a tech services company with 1,001-5,000 employees
A flexible solution
Pros and Cons
- "Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
- "I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
What is our primary use case?
The project we are working on with Splunk is short as the customer has given us two months to implement. My company is a Splunk partner.
What is most valuable?
Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later.
What needs improvement?
I would like Splunk to add more integration. QRadar has many indications with more products than Splunk.
For how long have I used the solution?
I have been working with Splunk for three months.
What do I think about the scalability of the solution?
Splunk is quite good if you want to scale it.
Which solution did I use previously and why did I switch?
My client has some pain points with QRadar and does not feel the kilogram function is accurate. Other features do not match with the customer behavior as well. They want to replace QRadar with Splunk because they are familiar with this solution.
How was the initial setup?
The initial setup of Splunk is complex. It requires a lot of equipment and uploads.
What about the implementation team?
My company provides the implementation and maintenance services to our customers.
What's my experience with pricing, setup cost, and licensing?
Splunk licensing requires you to purchase licenses for any feature per user. For example, if you need UEBA, it is difficult to propose in the project. QRadar has a free upcharge for UEBA. Customers cannot calculate the additional costs based on gigabytes per day because they can not forecast the future.
What other advice do I have?
Due to the cost of Splunk, I recommend it for larger companies. Splunk is powerful when sorting huge amounts of data.
Implementation of Splunk takes preparation. It requires a lot of resources and needs the infrastructure to support the project.
I would rate the solution an 8 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IT System Developer/Admin at a manufacturing company with 10,001+ employees
A stable, scalable solution with comprehensive dashboards and helpful technical support
Pros and Cons
- "The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
- "An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
What is our primary use case?
The primary use case of this solution is to monitor Cyber Mission databases.
I create the diagrams to create an architecture that is then implemented. However, creating these diagrams are for my own learnings since these implementations are usually already available in the cloud office logs.
What is most valuable?
The features I have found most valuable are the dashboards.
I monitor the complete capacity that users are using in the company.
What needs improvement?
An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times.
They also need to update their documentation.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data.
How are customer service and technical support?
The customer service/technical support was helpful and they answered my questions as best they could.
How was the initial setup?
The setup was easy, but you have to have a VPN connection depending on the security protocols in place.
What about the implementation team?
The deployment was in-house and took about two days with the correct licenses and permissions.
What other advice do I have?
It is important to define different guidelines to integrate Splunk in development, QA, and production deployments. Additionally, define the applications that will be used and the configuration of the databases to collect the data. If this is not done, there will be a lot of issues due to, for example, master access or permissions to use the database collector and blocks.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Administrator and DevOps Engineer at a tech services company with 10,001+ employees
Very straightforward, easy to configure, stable and scalable.
Pros and Cons
- "This is a straightforward solution, easy to configure."
- "This is a costly solution."
What is our primary use case?
Our primary use case of Splunk is for log monitoring and infrastructure monitoring. If we want to diagnose any issue in our application, we just push our application logs. This is on any client server using the universal forwarder logs on the Splunk server. After indexing, we can create a base log, and create attractive dashboards that are simple to understand and use. I'm a system administrator and we are customers of Splunk.
What is most valuable?
This is a straightforward solution, easy to configure and difficult to mess up.
What needs improvement?
Splunk is a very costly solution and I think it's the most expensive in the market in terms of costing. Splunk provides an application for infrastructure monitoring. If we're monitoring the docker with containers, we can't see the container name, only the ID. That's a big drawback.
For how long have I used the solution?
I've been using this solution for two years.
What do I think about the stability of the solution?
This is a stable solution. Deployment takes one person, it can be a system admin or an engineer.
What do I think about the scalability of the solution?
This is a scalable solution. We can do the clustering of it for large applications. We have around 15 users for this product.
How are customer service and technical support?
If I have any issues, I'll go to the community. I can generally get a response within a day. Although most of the documentation is good, some of it is unclear, particularly if you're new to the product.
How was the initial setup?
I think it takes around 10 minutes to install it on the server. On the client side, it takes around five minutes. I do the installation myself.
What other advice do I have?
If you're going with this solution, make sure that when implementing the ports are open. If they're not open, it creates problems with the server. Other than that, this is a very stable and very easy to configure product. We can easily deploy and easily use. Other similar solutions are difficult to configure, Splunk is the simplest. I've used three or four monitoring tools and Splunk is the easiest. If a company can afford it, this is a good product. We are planning to shift to another product because of the cost. We're searching for an open source or cheaper product.
I would rate this solution a nine out of 10. They lose one point for the price and lack of infrastructure support.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Software Engineer at Tableau Software
It has reduced the time to resolution and time to investigate, but the search query is slow
Pros and Cons
- "It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues."
- "Out-of-the-box, it seems very powerful."
- "My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
What is our primary use case?
We use it for searching logs in a production environment.
How has it helped my organization?
It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues.
What is most valuable?
Being able to search across all the different production environments at the same time, then being able to do search queries to scope out specific environments, specific components, or specific logs from different languages, such as Java or C++. Thus, being able to have really fine grain control on log searching is really good.
Out-of-the-box, it seems very powerful.
What needs improvement?
The search query seems slow, but I am not sure if that is just because it is searching millions upon millions of lines of text. Also, I just started using it, so I might have no idea what I am doing. I could probably speed up the queries by improving my search skills.
My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it. It is possible that we have already done this and I haven't participate, but this type of training would be helpful.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
It is always up when I need to search. I am probably not using it that much. I will maybe search a couple times a day for something specific, so I am not using it too much. I know plenty of the people who are doing a lot more for debugging, and who use it a lot all day.
What do I think about the scalability of the solution?
It seems like it scales well. We have hundreds of production and development environments, and we are searching on all of them. Therefore, it seems like the scale is good.
We have hundreds of production environments, and each production environment has ten to 20 host machines. Each production environment can manage tens of thousands of customers.
Maybe going to AWS and scaling it better would be more cost-effective for our company. However, I am not involved in those decisions.
How is customer service and technical support?
I have not used technical support.
Which other solutions did I evaluate?
We have other log searching tools, but we have standardized on Splunk.
What other advice do I have?
It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign.
It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing.
I am using the on-premise version.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Cortex XSIAM
Fortinet FortiSIEM
AlienVault OSSIM
Sumo Logic Security
Securonix Next-Gen SIEM
Google Chronicle Suite
ManageEngine Log360
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack