Splunk Enterprise Security Reviews

Splunk – ease of searching large amounts of data. 

Splunk – real time alerts on critical indicators, compliance reports, troubleshooting and predictive abilities using trends. 

Splunk – 3 years 

Splunk – Had one issue requiring a support call regarding the configuration of the automated configuration deployment package. Quickly resolved. 

Splunk – None. 

Splunk – Not needed yet. 

Splunk – Splunk has a very knowledgeable support staff and the Splunk support website is outstanding. The message boards are very active and often using them will often prevent having to call support. 

Splunk – Easy, but can get very complex depending on the type of logs to ingest. While Splunk, out of the box, handles most common types. The extraction of data from custom logs can be problematic. Although Splunk does provide tools for accomplishing this. 

Both Splunk and LogLogic excel at their intended purpose. If you are looking for an appliance that you can stick in the rack, minimally configure and then forget about, you will like the LogLogic solution. If you need to regularly search different logs for different data you will like Splunk better.

We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. 

Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.

It is very easy to use and integrate. There are connectors for every technology.

The UI can be improved. Dashboards and reports can be better in terms of graphics.

We have been using this solution for a few years. In 2016, we became a Splunk partner.

It is very stable.

Its scalability is very good. We work with this platform for our own services. We use Splunk extensively, and we also offer it to our clients. We plan to increase its usage.

Our company has three offices. We have offices in Spain, Columbia, and Mexico. We have around 100 people, and about 50 people are working with Splunk. They all are focused on cyber security. They are security engineers or security specialists.

I don't know about their support. I don't work with it much. On an activity level, I'm not so close to the platform. I'm the country manager, so I am a bit far from the operation.

We tried to work with Exabeam for user behavior analytics, but we stopped it.

Its setup is very easy, but we have been working with Splunk for a lot of years. We have all the certifications in Splunk, and we are a specialist in Splunk. So, for us, it is very easy to set it up and integrate it, but it might not be easy for other companies.

Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable.

I would rate it a nine out of 10.

Splunk has a great platform. Their edge is in their lock management and being a very powerful lock server. Recently, they added some licensing and updated correlation rules to act as a SIEM Solution. They seem to be penetrating the market in a proper way.

I have been using Splunk for more than five or six years.

Splunk solutions are much more expensive than others. Especially when it comes to megaprojects or deals, there's a lot of competition when it comes to financials.

I would rate this solution a seven out of ten. Splunk has a user-friendly interface and GUI. Its architecture is also much more sophisticated than others. 

It's the primary place where I'd go to do an investigation if I want to see what's going on within an endpoint, or on a network, or with a user.

The flexibility of the solution is quite good.

The product is stable.

It offers good scalability if you are willing to pay.

The technical support on offer is responsive.

The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do.

The solution needs a bit more functionality. For example, being able to save a search and select it when you're doing an investigation. I know you can create dashboards and things like that, however, sometimes being able to have a pre-saved search and just fill in whatever value you need would make everything so much easier.

I've been using Splunk for four years so far. It's been a while.

I haven't had any stability issues with it. It's pretty stable. There aren't bugs or glitches. It doesn't crash or feeze.

You can scale the solution, however, users need to be aware of the product increasing in cost as well.

The technical support is very good. We're quite satisfied with the level of service provided. They are knowledgeable and responsive.

When I came to the company, they were already using Splunk. It's only now that we're looking to possibly move to another vendor. The cost of Splunk is much too high.

I wasn't here when this solution was put into place, however, from looking at the documentation and things like that, the setup is pretty involved. I'd say it's a bit more complex than straightforward.

We find the solution to be quite expensive. Therefore, we're looking for other options.

I don't know of the exact costs, as licensing is handled by another department.

We're just users. We don't have a business relationship with Splunk.

We're on a variation of version seven. I'm not sure of the exact one. It's not quite the latest.

I'd advise new users, if they have the budget for it, to go and take the training that they offer. Or, for casual users, you just want to spend as much time watching YouTube videos as you can. It will help lessen the learning curve.

As a solution, it's still pretty much industry standard. I would give it a nine out of ten overall, even though I have my gripes with it.

We need something to collect all our logs in a centralized solution. We have several servers but we don't have any log collection system.

Without Splunk or a similar product, if I want to check the log files every day, I have to log in to the individual hardware components in our system. I have to log in to the firewall, I have to log in to Windows. There are so many devices I would have to manually log into, one-by-one. It would take a very long time for me. 

Also, we don't have a dashboard so we don't know which issues are critical. When we use a centralized log monitoring system we can see things on the dashboard and it is easier for the IT manager or an IT engineer to take corrective action in the system.

The most valuable feature of Splunk is the log monitoring.

If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well.

It's very stable.

Up until we trialed Splunk we did not have any solution. We used Splunk because we don't have anything to monitor our system. I contacted our local vendor in Vietnam, and they suggest using the trial version of Splunk to see how it works in our environment. This is the main reason I trialed Splunk. We just used the trial version in our office and, since it expired, we haven't used it.

For me, the initial setup was not too complex. For an IT person like me, it was okay.

Our local vendor knows Splunk very well. He had already implemented Splunk for another customer. I called him to our office to have him install the Splunk. It took a couple of hours for him to finish.

We used a consultant for the deployment, from KDDI Vietnam. Our experience with him was good.

Because it was a trial version, I was the only one who used it in our company.

I kept some snapshots from our trial with the Splunk system and we are preparing a proposal to submit to our manager in Vietnam. If in the near future we have enough money to purchase the system, we will invest in this system for our company.

It was used for security event management on landscape hosted over AWS.

It helped the organisation to proactively monitor threats and reduce its threat footprint.

Deployment server for deploying changes in one go.

It is quite stable.

No.

Professional support is great, but too expensive. Otherwise content published over website is good.

Not applicable.

Do proper estimation on log ingestion per day as that will impact pricing and licensing.

It was the customer's choice.

It provides a great range of plugins and one can really take great advantage of utilising inbuilt dashboards to derive the desired monitoring.

Our company consults for different customers and are in a good position to recommend the best solution to our clients.

In our organization, Splunk is used in our data centers.

We have integration services and other types of systems in our new IoT architecture. We're using it to capture information.

We use Splunk as an aggregator for monitoring information from different sources, however, for our protection suite, we're using Comodo.

It's designed to collect data from different points. It has a lot of integrations built into it and that's why we're using it.

We use it for our enterprise more - such as for messaging. There's a lot of stuff we do on our integration services layer that we use Splunk for. For security purposes, we're using Comodo. Therefore we're not using Splunk for security purposes. We're using it for monitoring what's happening at our integration services layer.

Splunk indicates when we've got problems popping up somewhere or we're not getting the flow we expected. If there's a problem, we have those flagged and we use it for logging.

Splunk handles a high volume of data that we have, and it does it really well.

For what we're using it for, we're happy with its functionality.

The reporting aspect is good and it does what I need it to do.

From an operational standpoint, it helps us on the operations side and it also shows where we're having issues.

It connects to a lot of stuff. We can collect information from a lot of sources.

The interface or maybe some settings need to be improved a bit. It cannot be perfect, however, the issues may be related to the configuration or setup.

If you monitor too much, you can lose performance on your systems. You have to be careful what you're monitoring. If you monitor everything, everything stops working. You can go overboard in monitoring. You have to plan your monitoring pretty carefully.

It could be easier for beginners. As it is, right now, You have to have a good understanding of the solution in order to use it properly.

That said, as the user, I'm at a higher level of management on the architecture side in dealing with resilience. My concerns are different from other user concerns. Also, most of our clients are using it way more than we're using it.

We've used the solution for more than a decade. It's been a long time. 

We haven't had any problems with stability. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

We've never had an issue with scalability. If a company needs to scale, it can.

The danger of Splunk is that it can get too big too quickly and you have to be very careful with what you want to be monitoring due to the fact that if you monitor too much, you can slow down things and you can hurt your performance on your system. We have to be very careful of what we're logging.

We have about 12 users on the solution right now.

We do not plan to increase usage in the future.

We don't use technical support very much. We've been using it for so long, we generally understand it and do not require assistance.

We used to use Splunk a lot more, however, we've moved more to Comodo right now. I'd say we've moved to Comodo from Splunk in a lot of areas.

On the security side, we use Comodo. Not all of our clients even have Comodo. A lot of them are using Splunk, however, a lot of them are using Splunk for enterprise operations and network operations items. Some of them are using security and a lot of them aren't. Splunk is offered as a security option now, however, originally, when you used it, it was to collect enterprise operations information and know-how your systems are running. 

We've been using it for a long time, therefore, I don't even remember when we set it up or how it went. We do keep it updated and use the latest versions.

I only have one or two people doing maintenance on it.

ROI's a hard thing to pin down. We've had it for so long, it's part of our core operating infrastructure.

Everything we do is either yearly or multi-year. I don't know if there is any additional cost to standard license fees.

We use Splunk and we also sell and support it for our clients.

Normally our policy is to keep software updated to the latest version.

The main issue is that we do enterprise architecture and network and security operations. We recommend certain platforms to clients. We don't always sell Splunk directly to them due to the fact that, since we're being hired to help them make choices, we need to be neutral. In the cases where it doesn't make sense, we don't sell it. We just help clients make decisions.

I don't know which version of the solution we're using. I'm an architect; I'm not on the operations level. I'm not the one who actually uses it. Our operations use it. I get dashboard results and I do reports that are based on it, however, I'm not the one actually running it. We have a NOC and a SOC and others use it a lot more individually. They have a lot more interaction than I do. I'm getting reports out of it. Others are actually connecting to it, using it as a tool. I'm not a tool user. I'm an information user.

All Splunk is, is data collection and it can sort things out on a dashboard. However, a lot of what Splunk does is collect data and you have to decide what kind of information you're going to let it collect. When we're doing design operations we have to really pay attention to what we're doing, so we don't actually slow things down or impede things. The reason we use Splunk is we put a lot of data into it.

With Splunk, you need to really be careful about what you're monitoring and how you use it, to get keep the results working. It's a good tool if you know what you're doing and what you need to be logging. You need to be aware of what you're logging to ensure it isn't going to cause problems with your performance.

I wouldn't recommend it for somebody who's coming in new. Of the clients we have using it, I don't know if any of them don't have professional IT running it. It's important to really understand what's going on.

I'd rate the solution at an eight out of ten. In certain environments, it could be a bit complex. It's not something you could just drop into an organization, you need to be trained to use it. You need the experience to use it properly.