Splunk Enterprise Security Reviews

Our primary use case of Splunk is for log monitoring and infrastructure monitoring. If we want to diagnose any issue in our application, we just push our application logs. This is on any client server using the universal forwarder logs on the Splunk server. After indexing, we can create a base log, and create attractive dashboards that are simple to understand and use. I'm a system administrator and we are customers of Splunk. 

This is a straightforward solution, easy to configure and difficult to mess up. 

Splunk is a very costly solution and I think it's the most expensive in the market in terms of costing. Splunk provides an application for infrastructure monitoring. If we're monitoring the docker with containers, we can't see the container name, only the ID. That's a big drawback.

I've been using this solution for two years. 

This is a stable solution. Deployment takes one person, it can be a system admin or an engineer.

This is a scalable solution. We can do the clustering of it for large applications. We have around 15 users for this product. 

If I have any issues, I'll go to the community. I can generally get a response within a day. Although most of the documentation is good, some of it is unclear, particularly if you're new to the product. 

I think it takes around 10 minutes to install it on the server. On the client side, it takes around five minutes. I do the installation myself. 

If you're going with this solution, make sure that when implementing the ports are open. If they're not open, it creates problems with the server. Other than that, this is a very stable and very easy to configure product. We can easily deploy and easily use. Other similar solutions are difficult to configure, Splunk is the simplest. I've used three or four monitoring tools and Splunk is the easiest. If a company can afford it, this is a good product. We are planning to shift to another product because of the cost. We're searching for an open source or cheaper product.

I would rate this solution a nine out of 10. They lose one point for the price and lack of infrastructure support.

We use it for searching logs in a production environment.

It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues. 

Being able to search across all the different production environments at the same time, then being able to do search queries to scope out specific environments, specific components, or specific logs from different languages, such as Java or C++. Thus, being able to have really fine grain control on log searching is really good.

Out-of-the-box, it seems very powerful.

The search query seems slow, but I am not sure if that is just because it is searching millions upon millions of lines of text. Also, I just started using it, so I might have no idea what I am doing. I could probably speed up the queries by improving my search skills.

My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it. It is possible that we have already done this and I haven't participate, but this type of training would be helpful.

It is always up when I need to search. I am probably not using it that much. I will maybe search a couple times a day for something specific, so I am not using it too much. I know plenty of the people who are doing a lot more for debugging, and who use it a lot all day.

It seems like it scales well. We have hundreds of production and development environments, and we are searching on all of them. Therefore, it seems like the scale is good. 

We have hundreds of production environments, and each production environment has ten to 20 host machines. Each production environment can manage tens of thousands of customers.

Maybe going to AWS and scaling it better would be more cost-effective for our company. However, I am not involved in those decisions.

I have not used technical support.

We have other log searching tools, but we have standardized on Splunk. 

It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign.

It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. 

I am using the on-premise version.

We use Splunk for a few different use cases:

1. We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards.
2. We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams.
3. We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.

It has improved our organization in many ways:

1. Having Splunk as part of one of our software products was our choice for giving our customers a great user experience.
2. It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems.

• The easy automatic field parsing of logs. 
• Data model acceleration
  
• The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink.

It needs to improve the way to install third-party apps and enable installation without logging into splunk.com.

Not at all.

Not really.

Their support is pretty good, but not amazing. Although we have our own in-house Splunk expert who worked for Splunk themselves for a few years, we do not really need external support that much. We basically use them for licensing stuff. 

The forums are pretty thorough, so technically we have not had much need for support.

The initial setup is easy. Although, we currently use just a single server and not multi-server clustered instances. 

For our Linux instance setup, an upgrade is very easy. It is all managed by about three simple Bash scripts.

It is possible to use a developer's license, which is up to 10GB per day of volume traffic, which is usually enough for most use cases.

We evaluated ELK Stack and QlikView.

We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.

Operational intelligence monitoring for several different systems. We collect logs from applications and performance data from hardware, as well as information pulled from databases.

The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting. The visualizations are easy and well received by business and management users. 

It is ease to integrate with other solutions, like Slack, JIRA, Remedy, etc. 

The user community is extremely beneficial, particularly with Splunk Answers and the Slack User Groups.

The licensing model can be expensive, but the value it provides is significant.

The recent acquisition of Phantom makes the future seem bright with more automated responses.

The solution is primarily a SIEM tool and it basically helps companies with security.

It's basically one of the best SIEM products on the market.

The scalability is great.

We have found the solution to be stable. 

Technical support is helpful. They respond in a timely manner. 

I'd like to see more documentation on the product.

The initial setup is not straightforward.

You do need a lot of training and certification with this product. Other than that, it's pretty good.

I've been dealing with the solution for about three years. It's been a while. 

The stability of the product is very good. The performance is reliable. There are no bugs or glitches. it doesn't crash or freeze. We've had no issues. 

The scalability of the solution is great. If a company needs to expand it, it can do so. It's not a problem.

We have about nine customers that are using Splunk.

I've dealt with technical support and it's pretty good. They are helpful. I find them responsive. 

The initial setup is not straightforward. It depends upon the IT infrastructure that the customer has. If they have a lot of security solutions, such as DLP and other security solutions, then it is more complicated. The more you have the more complicated it gets.

The deployment of Splunk takes about three weeks.

We have six or seven team members within our organization that can handle deployment and maintenance tasks. 

I handled the implementation myself. It was done in-house. 

Splunk requires a paid license. There's no free option. Customers have to pay for the license, implementation, support - everything.

The solution can be deployed both on-premises and on the cloud. 

I'd rate the solution at a nine out of ten. We've been very happy with the product.

I would recommend the solution. It really is the best.

Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is. 

We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.

The security can be improved. 

It is scalable. We have five admins so far that we have in the solution. We have two as techs to develop the design on the world map of the solution, and we have the end users, so 80,000 users altogether. 

The initial setup was complex. We have two data centers in France, two in Germany, and we have 18 countries in the world. It's a big company and we have a lot of services, servers, etc. So the setup is more complex.

I would rate this solution a perfect ten out of ten. 

We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.

We previously did not have a good centralized solution which could ingest just about any log type, which has been a plus.

The search application has been the most useful. We have also liked the reporting features and dashboard capabilities.

The Enterprise Security app could be improved. We have had trouble with it working from the first day.  

Yes, there have been issues with the Enterprise Security application instance.  

No issues.

It has been a weak point, but has improved over the years. It can be tough to get a hold of somebody depending on the complexity of the issue.  

Years ago, we did use another solution, but I am not sure it exists any longer. We have been using Splunk for many years.  

We had professional services set it up, as it was quite complex.  

Vendor implementation, and I would rate them as a seven out of 10.  

Excellent overall. 

It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation.  

We evaluated Trustwave and QRadar.

It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality.