No more typing reviews! Try our Samantha, our new voice AI agent.
Balamurali Vellalath - PeerSpot reviewer
Practice Head-CyberSecurity at ALTEN calsoft Labs
MSP
Nov 18, 2020
Good support with an intuitive dashboard but the cost is too high
Pros and Cons
  • "The most valuable aspect of the solution is the dashboard. It's very intuitive."
  • "In terms of technical support, we don't have any issues, as the professional services which they have extended to us are very, very good."
  • "There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."

What is our primary use case?

Since we have an IT services company, we have been using Splunk for the deployment to the customer locations as well. Sometimes the customer will come back to us and say that we need to have a SIEM tool, and when we do the benchmarking, we'll do a couple of deployments on the Splunk side and at the customer's locations as well.

As an example use case, we deployed Splunk to a banking institution a few years ago. There the use case was basically this: the customer wanted to set up a security operation center, and they wanted to have a pretty large deployment in terms of the number of endpoints and number of switches and routers. There were many regional branch offices and they have data centers and therefore, many assets in terms of endpoints. They had 30% of their assets are running on the cloud and they needed a complete solution from an incident monitoring and management perspective. That's why we deployed Splunk. 

They wanted to reduce the MTTR, and meantime resolution, and maintain detection. They didn't want to add more SOC analysts into their SOC as the organization scaled up. They have a plan to scale from 5,000 endpoints into 15-20,000 endpoints. They're very particular about deploying the SOC operation center.

Splunk has since acquired Phantom as a SOAR platform. Therefore, we have tried to manage the security automation using Phantom with the help of Splunk deployments. It helps us meet the customer's requirements.

How has it helped my organization?

In terms of support, we're able to get the right support at the right time. If there's a break or an appliance issue, they're are on top of it.

This is very important during large-scale deployments. It's not easy to address product-related issues or appliance-related issues, and the number of collectors or number of logs that come into the collector, and managing the collectors across the branch offices, across the corporate offices, etc. It is a cumbersome process for us. That's why it's integral that we get the right support at the right time - and they make this happen.

What is most valuable?

The most valuable aspect of the solution is the dashboard. It's very intuitive. 

The reporting is excellent. The team and the SOC analyst are able to easily track the alerts and the correlation is very good compared to other SIEM tools. 

What needs improvement?

There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side.

The automation could be better. Typically, the issue that we face is that it has to go to the analytics engine, then goes to the automation engine, basically. Therefore, if there are no proper analytics, the SOAR module is going to be overloaded, and we are not able to get the expected result out from the SOAR module. If they improve the analytics, I think they'll be able to solve these issues very quickly.

The playbooks which they create and provide to premium users can improve a lot. They have to create a common platform wherein the end-customers like us can choose the playbooks, and automation playbooks readily available.

In terms of integration with the third-party tools, what we are seeing is that it's very limited compared to the competitive products. Competitive products have a lot of connectors and APIs that they have developed, and that's where the cloud integration, whether it is a public cloud or a private cloud integration comes in. There are a lot of limitations to this product compared to other products.

Buyer's Guide
Splunk Enterprise Security
June 2026
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,899 professionals have used our research since 2012.

For how long have I used the solution?

In terms of Splunk, I've been working on it for more than three years in the current company. Prior to that, I worked with it at another company as well. In total, I have been using Splunk for close to six or seven years.

What do I think about the stability of the solution?

The solution is stable, however, sometimes in some of the collectors, we are facing a lot of issues. That said, overall, if you rate it from one to five, I would say in terms of stability, it will stand at a three. 

What do I think about the scalability of the solution?

The scalability is perfectly fine. It's very awesome compared to all the other tools, as easily we can integrate with the log forwarding modules and the collector management appliances or modules. That aspect won't be a problem. 

If you look at the SIEM as a market today, Splunk is expensive compared to other competitive products. I'm also into the SIEM evaluation in my current role. I've seen that there are many tools are coming up in the last one and half years. I have also seen many other mature tools that are available now. If you compare next-gen SIEM tools compared to the Splunk, it's expensive. Therefore, it's possible we may not use this in the future or expand on current usage.

How are customer service and support?

In terms of technical support, we don't have any issues, as the professional services which they have extended to us are very, very good. We're able to manage many of the critical issues with their support. I'd say we are definitely satisfied with the level of service provided.

How was the initial setup?

In terms of deployment, it's not so complex compared to the competitive products, however, we will be able to manage that deployment. We don't feel there's any problem on the deployment side. In that sense, I don't think deployment is a complex one when somebody going for Splunk as a tool.

How long it takes to deploy the solution depends on the size of the deployment, basically. Even a large deployment won't take more than a week. When I say deployment, I'm considering all the log collection, log management, and the curation of the incidents, and how incidents are created and routed properly according to prioritization. 

What was our ROI?

In terms of ROI, for example, if you look at one of our customers today, they are managing close to 100 million events per day. If you look at a traditional SIEM with 100 million events, they need to manage this environment with at least 25 to 30 people. That's 30 security analysts that have to be there. However, when Splunk was deployed, a lot of automation was added on top of it, and today we are managing the same environment with Splunk with close to 15 people. In that sense, if you look at it that way, the ROI is between 30-40%.

What's my experience with pricing, setup cost, and licensing?

In terms of a comparison with the rest of the competition, the licensing cost would be, I would say, 30% higher than most.

Which other solutions did I evaluate?

Before choosing Splunk, we have evaluated QRadar and LogRhythm. QRadar is much more expensive. LogRhythm lacked reporting.

We ended up choosing Splunk due to the pricing and the reporting features. It also had the kind of scalability that was required. We felt it would help us in terms of positioning from both a cost perspective and an incident alert perspective.

What other advice do I have?

We're partners. We have a business relationship with Splunk.

We're using the latest version of the solution.

Overall, I would rate the solution at a seven out of ten.

I'd advise potential new users to ensure they do proper sizing before deploying the product. If it's a very large deployment, the number of endpoints will be quite sizeable. You need to figure out the correct number of endpoints as well as endpoint devices, switches, routers, etc.

It's also a good idea to look at use cases. Splunk is very strong in some use cases. It's important to look into deployment scenarios and check out the use cases before deploying anything.

My biggest takeaway after working with the solution is that the environment is very important. You need to be clear about the problem you are addressing and it takes a lot of planning at the outset.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. partner
PeerSpot user
Principal Systems Engineer at Aricent
Real User
Nov 15, 2020
A reliable and complete solution, but the pricing model is complex and it's expensive
Pros and Cons
  • "The completeness of the solution is what we like the most."
  • "It's difficult to set up initially, and their billing model is also a bit complicated."
  • "Because the licensing model is very complicated to understand, it would be better to start with another product that provides a better licensing model."

What is our primary use case?

We are using the mobile SDK to check the stability of mobile applications.

What is most valuable?

The completeness of the solution is what we like the most.

What needs improvement?

It's difficult to set up initially, and their billing model is also a bit complicated. 

We have to predict in advance how much data we will have and what the storage would be that we don't have. This makes the licensing complicated because when you start you don't have these numbers.

In order to know how much it will cost, you need those numbers.

I really wish that it was an application that was easier to use.

For how long have I used the solution?

I have been working with Splunk for more than five years.

What do I think about the stability of the solution?

We have not experienced any issues.

What do I think about the scalability of the solution?

For our use cases, we have not required any scaling.

How are customer service and technical support?

The technical support is fine. At times, they take time to respond back but it may have been the support contract that our client had.

I would assume that they are not as responsive as we want them to be.

How was the initial setup?

We have a team of approximately 100 people who are responsible for the development of mobile applications, DevOps, and application development.

What's my experience with pricing, setup cost, and licensing?

The licensing cost model is complicated.

I think that most of the monitoring solutions are expensive. I wish they were less expensive, for all types of products for monitoring.

Which other solutions did I evaluate?

We work with Splunk, but we are looking for some LOG Kinetics solutions for our clients.

What other advice do I have?

I would definitely suggest sending people to analyze or evaluate Splunk.

Because the licensing model is very complicated to understand, it would be better to start with another product that provides a better licensing model. Later, if the product is not working well, they can consider using Splunk and may have a better understanding of the cost.

For me, I would not recommend Splunk as their first solution unless they have all of the data that is required.

I would rate Splunk a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
June 2026
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,899 professionals have used our research since 2012.
reviewer2400237 - PeerSpot reviewer
Cloud Customer Experience Lead at a media company with 10,001+ employees
User
May 28, 2024
Flexible licensing, good support, and helpful for responding quickly to an event
Pros and Cons
  • "They are a good partner for Google Cloud. It provides great visibility, threat detection, and proactive mitigation of risks for our mutual consumers."

    What is our primary use case?

    We are using it for logging and monitoring.

    How has it helped my organization?

    Splunk Enterprise Security helps with application events. It provides end-to-end visibility into our environment which is most important for us. It reduces the time to react to an event.

    Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data. It can help identify and solve problems in real-time, but we have mainly utilized it for post-identification correction.

    It provides us with the relevant context to help guide our investigations. It is easier for developers to take action once an anomaly is detected. We have been leveraging Splunk dashboards for that.

    Splunk Enterprise Security has helped speed up our security investigations, but I do not have the metrics.

    They are a good partner for Google Cloud. It provides great visibility, threat detection, and proactive mitigation of risks for our mutual consumers.

    For how long have I used the solution?

    We have been selling Splunk Enterprise Security along with Google Cloud for about two years.

    What do I think about the scalability of the solution?

    We had a very bespoke solution. It was a shared model. The scalability was good.

    How are customer service and support?

    Their technical support has been good. I would rate them an eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We have not used any other solution previously.

    What was our ROI?

    Our customers have seen an ROI, but I do not have the metrics.

    What's my experience with pricing, setup cost, and licensing?

    The variables and the flexibility that Splunk provides are helpful, especially in a hybrid and multi-cloud environment.

    What other advice do I have?

    I would advise others to start early.

    Overall, I would rate Splunk Enterprise Security a ten out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Google
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Junior SAP Security Engineer at Sagesse Tech
    Real User
    Jan 8, 2024
    Helps reduce our alert volume, speed up security investigations, and normalize data
    Pros and Cons
    • "The graph visualization is the most valuable feature."
    • "The UI can be difficult to understand for non-technical people."

    What is our primary use case?

    We use Splunk Enterprise Security for our enterprise security.

    How has it helped my organization?

    Adding more use cases to Splunk can improve our threat detection speed.

    It has helped normalize our data.

    Splunk Enterprise Security has helped reduce our alert volume and speed up our security investigations.

    What is most valuable?

    The graph visualization is the most valuable feature.

    What needs improvement?

    Splunk Enterprise Security needs to improve its stability.

    The UI can be difficult to understand for non-technical people.

    For how long have I used the solution?

    I have been using Splunk Enterprise Security for four months.

    What do I think about the stability of the solution?

    I would rate the stability of Splunk Enterprise Security a four out of ten. Some bugs cause downtime.

    What do I think about the scalability of the solution?

    I would rate the scalability a six out of ten.

    What other advice do I have?

    I would rate Splunk Enterprise Security an eight out of ten.

    Splunk Enterprise Security's robust framework enables it to support a wider range of use cases, making it more adaptable and versatile for tackling diverse security challenges.

    We have Splunk Enterprise Security deployed across multiple locations.

    Splunk Enterprise Security's visualizations are detailed and help users normalize data, making it extremely useful.

    The vast array of use cases enabled by Splunk Enterprise Security empowers security teams to address diverse threats and enhance overall security posture.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer1804125 - PeerSpot reviewer
    Tech Lead Security at a comms service provider with 51-200 employees
    Real User
    Mar 17, 2022
    A great product with good indexing and data collection capabilities
    Pros and Cons
    • "The indexing and data collection are valuable."
    • "Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
    • "Their sales support and tech support are really bad. They take really long to respond."

    What is our primary use case?

    I used it in the SOC environment to get logs, create dashboards, and filter out data.

    What is most valuable?

    The indexing and data collection are valuable. 

    What needs improvement?

    Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better.

    Their sales support and tech support need improvement. Their support is really bad.

    For how long have I used the solution?

    I used it for nearly one year in my previous organization. I last used it about seven months ago.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    Its scalability is good.

    How are customer service and support?

    Their sales support and tech support are really bad. They take really long to respond.

    Which solution did I use previously and why did I switch?

    We were using AlienVault. We switched because we weren't really happy with it. So, we looked into different solutions, such as Splunk.

    How was the initial setup?

    Its initial setup was okay.

    What about the implementation team?

    We did it ourselves. We had around two people for deployment and maintenance, but we had around 15 users. They all were SOC people.

    What's my experience with pricing, setup cost, and licensing?

    We had a yearly subscription.

    What other advice do I have?

    I can recommend this solution to others. It is a great product. 

    I would rate it an eight out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer2305767 - PeerSpot reviewer
    CISO at a financial services firm with 501-1,000 employees
    Real User
    Top 5Leaderboard
    Mar 13, 2022
    Cloud-ready, with forums and README tutorials that cover everything you need to know
    Pros and Cons
    • "Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
    • "Splunk can be scaled to any environment; the way it's designed, it's cloud-ready, and it has a lot of performance, in-built indexing, and performance tuning options, and Splunk is easily scalable."
    • "I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."

    What is our primary use case?

    Splunk just acts as an extra presentation layer, and we tried it because of the plugins they have to try and get more logs into the environment.

    What is most valuable?

    Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize.

    What needs improvement?

    Aside from the 5GB limit on the community version, I believe it is the same as ELK. It's a useful tool, and nothing comes to mind right now.

    I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part.

    What do I think about the stability of the solution?

    Splunk is a stable solution. I am very happy with the stability of Splunk.

    What do I think about the scalability of the solution?

    Splunk can be scaled to any environment. The way it's designed, it's cloud-ready, and it has a lot of performance, in-built indexing, and performance tuning options. Splunk is easily scalable.

    How are customer service and support?

    I am happy to report that I've never needed to contact technical support. The README tutorials and the existing forums provide me with practically everything I need. So far, I haven't had to do so. This should be a testament to the solution.

    Which solution did I use previously and why did I switch?

    We broaden the scope of IT governance and IT security.

    We look at everything from SIEM to network management to endpoint protection, server protection, database protection, and anything else that can aid in visibility, policy enforcement, and monitoring.

    Our organization is using a combination of Splunk and Elasticsearch. We get most of what we need from the ELK suite. ELK Stack is usually the primary focus.

    ELK has the same inbuilt reports and dashboards that you can customize, but ELK is better for central logging and log aggregation. Once they've all been aggregated, you'll be able to run any kind of queries and APIs to query the logs on ELK and then use Splunk as a presentation layer for the consumers to use.

    Security tools, in my opinion, are business tools and should be used by businesses rather than security engineers. I'm experimenting with a hybrid of the two, in which ELK serves as the engine for central logging and Splunk handles the presentation layer and aggregation of additional third-party logs from tools that might be difficult to integrate into ELK.

    I would rate Elasticsearch a ten out of ten.

    How was the initial setup?

    It's a cloud-ready package. It has the same characteristics as ELK. From a deployment standpoint, I don't have any issues with it. The material is freely accessible to anyone who wishes to use it. There is a virtual machine option. You can get a virtual machine by downloading it. The deployment options are simply numerous, and it is up to the implementer.

    It wasn't that difficult for me. There are no complaints from me. The material is present, and there are numerous options for deployment. It's relatively simple to go from zero to viewing data with Splunk. ELK is the same way. It is now up to the implementers and their environment to provide you with more data about it.

    What's my experience with pricing, setup cost, and licensing?

    They could improve their discounts. I think it's a good solution, and it's gaining a lot of traction, maybe they are recouping their R&D costs, Further reductions would be fantastic, and I believe that more and more people would flock to it.

    Which other solutions did I evaluate?

    We provide IT consulting services. Our customers occasionally ask us to assist them in locating specific solutions.

    What other advice do I have?

    I would recommend this solution to others who are interested in using this solution.

    I would say the forums and READMEs provide more than enough information about Splunk. Most people struggle because they move too quickly through the implementation process. As long as you follow the guidelines, particularly the specifications for environment requirements and implementation methodology, these solutions should work out of the box.

    Splunk is a very good solution, I would rate it a ten out of ten.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer1795125 - PeerSpot reviewer
    Cyber Security Consultant at a tech services company with 10,001+ employees
    Real User
    Mar 5, 2022
    Responsive, and available, technical support, that is easy to install
    Pros and Cons
    • "It's better than IBM, in my opinion, because it's an independent entity."
    • "Splunk provides a free version so you can test it before purchasing."
    • ". Having a trial version or more training on Splunk would be helpful."
    • "There is a free version, but it is insufficient for training and learning because it is a little bit difficult to work with, especially if you are a beginner."

    What is our primary use case?

    I use Splunk for testing purposes. It is used for school research and to learn how to use Splunk. 

    Splunk is mainly used for collecting logs and dashboards.

    What is most valuable?

    Splunk provides a free version so you can test it before purchasing.  It's better than IBM, in my opinion, because it's an independent entity. IBM, for example, if you want to use EDR, and other features, you must use the features of other companies, such as ServiceNow and Jira.

    I am still exploring the features provided in Splunk. As I have not used it for a long time, I don't have a clear vision of it.

    What needs improvement?

    As a student, I'd like to see more labs and things for students to test in order to learn.

    Having a trial version or more training on Splunk would be helpful.

    There is a free version, but it is insufficient for training and learning because it is a little bit difficult to work with, especially if you are a beginner. It's difficult to improve when you're just starting out with logs and SOC. As a result, we require a longer free version.

    For how long have I used the solution?

    Splunk is not used in my company. During my internship, I am being taught how to use it at school.

    I have been using Splunk for one month.

    What do I think about the stability of the solution?

    I did not have any issues with the stability of Splunk. It was quite stable.

    How are customer service and support?

    There was technical assistance available. When you require assistance, they provide it, they will respond.

    Which solution did I use previously and why did I switch?

    We integrate Jira with QRadar which is helpful.

    How was the initial setup?

    The initial setup was simple because there is available support and tutorials.

    What about the implementation team?

    I completed the installation with the help of some friends, in the IT department.

    What's my experience with pricing, setup cost, and licensing?

    I'm only using the free version for the time being.

    The cost is reasonable.

    Splunk's costing is a little more difficult. The pricing method is complicated, and the way that costing is calculated in Splunk is a little more difficult.

    When compared to QRadar, QRadar, it's simple to pay. 

    Which other solutions did I evaluate?

    I did some research for a school project. I needed to compare it to Splunk and a few other tools. As a result, I'm not particularly interested in purchasing them.

    What other advice do I have?

    I would rate Splunk an eight out of ten.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer1789335 - PeerSpot reviewer
    Senior Manager, Analytics & Insights at a consultancy with 10,001+ employees
    Real User
    Feb 26, 2022
    Effective machine learning, reliable, and responsive support
    Pros and Cons
    • "Splunk has machine learning which is a valuable feature."
    • "The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
    • "The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support."

    What is our primary use case?

    We are using Splunk for querying data from different sources.

    What is most valuable?

    Splunk has machine learning which is a valuable feature.

    What needs improvement?

    The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use.

    For how long have I used the solution?

    I have used Splunk within the past 12 months.

    What do I think about the stability of the solution?

    Splunk is a stable solution.

    How are customer service and support?

    We have contacted the support and most of the reasons we have contact support has been project-related. For example, we want the APAs to work in a certain way or for certain fixes.

    What other advice do I have?

    I have been using Splunk for approximately 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer1297563 - PeerSpot reviewer
    Director General de España at a cloud solution provider with 51-200 employees
    Real User
    Feb 24, 2022
    Integrates with every technology, easy to use, and good for analytics and cybersecurity
    Pros and Cons
    • "It is very easy to use and integrate. There are connectors for every technology."
    • "Splunk is a very good platform for analytics and cybersecurity; we use it very extensively, and it is very easy to use, very stable, and scalable."
    • "The UI can be improved. Dashboards and reports can be better in terms of graphics."

    What is our primary use case?

    We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. 

    Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.

    What is most valuable?

    It is very easy to use and integrate. There are connectors for every technology.

    What needs improvement?

    The UI can be improved. Dashboards and reports can be better in terms of graphics.

    For how long have I used the solution?

    We have been using this solution for a few years. In 2016, we became a Splunk partner.

    What do I think about the stability of the solution?

    It is very stable.

    What do I think about the scalability of the solution?

    Its scalability is very good. We work with this platform for our own services. We use Splunk extensively, and we also offer it to our clients. We plan to increase its usage.

    Our company has three offices. We have offices in Spain, Columbia, and Mexico. We have around 100 people, and about 50 people are working with Splunk. They all are focused on cyber security. They are security engineers or security specialists.

    How are customer service and support?

    I don't know about their support. I don't work with it much. On an activity level, I'm not so close to the platform. I'm the country manager, so I am a bit far from the operation.

    Which solution did I use previously and why did I switch?

    We tried to work with Exabeam for user behavior analytics, but we stopped it.

    How was the initial setup?

    Its setup is very easy, but we have been working with Splunk for a lot of years. We have all the certifications in Splunk, and we are a specialist in Splunk. So, for us, it is very easy to set it up and integrate it, but it might not be easy for other companies.

    What other advice do I have?

    Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable.

    I would rate it a nine out of 10.

    Disclosure: My company has a business relationship with this vendor other than being a customer. Partner.
    PeerSpot user
    Splunk BDM in UA at a manufacturing company with 51-200 employees
    Real User
    Feb 19, 2022
    Optimizes network security, straightforward to deploy, and can handle a large volume of data
    Pros and Cons
    • "The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
    • "The support that is included with the standard licensing fee is very bad."

    What is our primary use case?

    We are a solution provider and Splunk is one of the products that we distribute.

    The primary use case is for SIEM and we have approximately 35 customers.

    What is most valuable?

    The fact that Splunk is a platform and not just a SIEM solution is a key benefit.

    Our customers like that they can use Splunk to optimize their security.

    What needs improvement?

    The Splunk licensing model should be more flexible.

    The support that is included with the standard licensing fee is very bad.

    For how long have I used the solution?

    We have been working with Splunk since 2017.

    What do I think about the stability of the solution?

    Stability-wise, it's perfect. We haven't had any problem with Splunk. It's good software.

    What do I think about the scalability of the solution?

    One of the key benefits and differences with this software is that the customer can scale up as much as they need to. Our largest Splunk customer is using between three and four petabytes of data per day.

    How are customer service and support?

    If you don't pay extra for technical support then it is very bad. If you pay extra for it, then the technical support is normal.

    Which solution did I use previously and why did I switch?

    I am familiar with other products and Splunk can handle much more data than IBM QRadar or any other competing product.

    Direct competitors are more flexible when it comes to licensing.

    How was the initial setup?

    We have not had any problems installing Splunk.

    For a standard case, it takes between one and two weeks to install correctly and deploy. This is for situations where the client has less than 50 gigabytes of data per day.

    Problems during the implementation are typically due to something on the customer's side. For example, if the client does not have somebody that is responsible for the deployment, helping to speed up the various procedures, then this is a key problem for us.

    What about the implementation team?

    It takes two people to deploy and maintain.

    What's my experience with pricing, setup cost, and licensing?

    Splunk is not a cheap solution and the license is billed annually. The licensing model should be improved and the price should be lower, in general.

    You can purchase additional technical support, which is much better than the support that is included.

    What other advice do I have?

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer.
    PeerSpot user
    Buyer's Guide
    Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2026
    Buyer's Guide
    Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.