Splunk Enterprise Security Reviews

We use it for searching logs in a production environment.

It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues. 

Being able to search across all the different production environments at the same time, then being able to do search queries to scope out specific environments, specific components, or specific logs from different languages, such as Java or C++. Thus, being able to have really fine grain control on log searching is really good.

Out-of-the-box, it seems very powerful.

The search query seems slow, but I am not sure if that is just because it is searching millions upon millions of lines of text. Also, I just started using it, so I might have no idea what I am doing. I could probably speed up the queries by improving my search skills.

My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it. It is possible that we have already done this and I haven't participate, but this type of training would be helpful.

It is always up when I need to search. I am probably not using it that much. I will maybe search a couple times a day for something specific, so I am not using it too much. I know plenty of the people who are doing a lot more for debugging, and who use it a lot all day.

It seems like it scales well. We have hundreds of production and development environments, and we are searching on all of them. Therefore, it seems like the scale is good. 

We have hundreds of production environments, and each production environment has ten to 20 host machines. Each production environment can manage tens of thousands of customers.

Maybe going to AWS and scaling it better would be more cost-effective for our company. However, I am not involved in those decisions.

I have not used technical support.

We have other log searching tools, but we have standardized on Splunk. 

It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign.

It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. 

I am using the on-premise version.

We use Splunk for a few different use cases:

1. We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards.
2. We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams.
3. We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.

It has improved our organization in many ways:

1. Having Splunk as part of one of our software products was our choice for giving our customers a great user experience.
2. It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems.

• The easy automatic field parsing of logs. 
• Data model acceleration
  
• The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink.

It needs to improve the way to install third-party apps and enable installation without logging into splunk.com.

Not at all.

Not really.

Their support is pretty good, but not amazing. Although we have our own in-house Splunk expert who worked for Splunk themselves for a few years, we do not really need external support that much. We basically use them for licensing stuff. 

The forums are pretty thorough, so technically we have not had much need for support.

The initial setup is easy. Although, we currently use just a single server and not multi-server clustered instances. 

For our Linux instance setup, an upgrade is very easy. It is all managed by about three simple Bash scripts.

It is possible to use a developer's license, which is up to 10GB per day of volume traffic, which is usually enough for most use cases.

We evaluated ELK Stack and QlikView.

We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.

Operational intelligence monitoring for several different systems. We collect logs from applications and performance data from hardware, as well as information pulled from databases.

The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting. The visualizations are easy and well received by business and management users. 

It is ease to integrate with other solutions, like Slack, JIRA, Remedy, etc. 

The user community is extremely beneficial, particularly with Splunk Answers and the Slack User Groups.

The licensing model can be expensive, but the value it provides is significant.

The recent acquisition of Phantom makes the future seem bright with more automated responses.

The solution is primarily a SIEM tool and it basically helps companies with security.

It's basically one of the best SIEM products on the market.

The scalability is great.

We have found the solution to be stable. 

Technical support is helpful. They respond in a timely manner. 

I'd like to see more documentation on the product.

The initial setup is not straightforward.

You do need a lot of training and certification with this product. Other than that, it's pretty good.

I've been dealing with the solution for about three years. It's been a while. 

The stability of the product is very good. The performance is reliable. There are no bugs or glitches. it doesn't crash or freeze. We've had no issues. 

The scalability of the solution is great. If a company needs to expand it, it can do so. It's not a problem.

We have about nine customers that are using Splunk.

I've dealt with technical support and it's pretty good. They are helpful. I find them responsive. 

The initial setup is not straightforward. It depends upon the IT infrastructure that the customer has. If they have a lot of security solutions, such as DLP and other security solutions, then it is more complicated. The more you have the more complicated it gets.

The deployment of Splunk takes about three weeks.

We have six or seven team members within our organization that can handle deployment and maintenance tasks. 

I handled the implementation myself. It was done in-house. 

Splunk requires a paid license. There's no free option. Customers have to pay for the license, implementation, support - everything.

The solution can be deployed both on-premises and on the cloud. 

I'd rate the solution at a nine out of ten. We've been very happy with the product.

I would recommend the solution. It really is the best.

Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is. 

We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.

The security can be improved. 

It is scalable. We have five admins so far that we have in the solution. We have two as techs to develop the design on the world map of the solution, and we have the end users, so 80,000 users altogether. 

The initial setup was complex. We have two data centers in France, two in Germany, and we have 18 countries in the world. It's a big company and we have a lot of services, servers, etc. So the setup is more complex.

I would rate this solution a perfect ten out of ten. 

We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.

We previously did not have a good centralized solution which could ingest just about any log type, which has been a plus.

The search application has been the most useful. We have also liked the reporting features and dashboard capabilities.

The Enterprise Security app could be improved. We have had trouble with it working from the first day.  

Yes, there have been issues with the Enterprise Security application instance.  

No issues.

It has been a weak point, but has improved over the years. It can be tough to get a hold of somebody depending on the complexity of the issue.  

Years ago, we did use another solution, but I am not sure it exists any longer. We have been using Splunk for many years.  

We had professional services set it up, as it was quite complex.  

Vendor implementation, and I would rate them as a seven out of 10.  

Excellent overall. 

It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation.  

We evaluated Trustwave and QRadar.

It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality.  

Primary use is business intelligence. 

Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events. 

Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. 

The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more. 

We ingest roughly 30GB/day. We have a small environment, but it provides big insights.