Try our new research platform with insights from 80,000+ expert users
Senior Cyber Security Expert at a security firm with 11-50 employees
Real User
Great performance, easy to set up, and offers good speed
Pros and Cons
  • "The level of robustness on offer is very good."
  • "The complexity could be worked on so that it's even easier and faster."

What is our primary use case?

Typically, we use the solution for critical infrastructure companies. 

What is most valuable?

The speed is a very valuable aspect of the solution. 

The way Splunk handles low data and low-rate costs are great.

The level of robustness on offer is very good. 

The initial setup is very straightforward. 

We have found that the solution offers good integrations with other products.

Overall, the solution works very well.

What needs improvement?

The complexity could be worked on so that it's even easier and faster. However, I understand that, if some complexity was removed, there might be slightly more limitations.

Occasionally there are data sizing and data-related issues that need to be overcome.

For how long have I used the solution?

I've been using the solution for a couple of years.

Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.

What do I think about the stability of the solution?

The performance is very good. It's something that customers are always looking for. The product offers good stability. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

We have about five to ten partners that use Splunk.

Which solution did I use previously and why did I switch?

I'm a fan of QRadar. I use them as well.

How was the initial setup?

The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issues with the process. The deployment process doesn't take too long. You can manage it with fewer people and smaller teams. This is especially true if it isn't the critical infrastructure that you are working with. 

For deployment and maintenance, you only need two to three people. That can include one manager and two professionals. Since Splunk is easier to handle, more people can join in on the client-side.

What's my experience with pricing, setup cost, and licensing?

We also use QRadar, and we make more money with QRadar than with Splunk as we can make bigger projects happen. However, we find that with Splunk, while we don't make as much money on each project, we can do more of them.

What other advice do I have?

I'd rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
System Administrator and DevOps Engineer at a tech services company with 10,001+ employees
Real User
Very straightforward, easy to configure, stable and scalable.
Pros and Cons
  • "This is a straightforward solution, easy to configure."
  • "This is a costly solution."

What is our primary use case?

Our primary use case of Splunk is for log monitoring and infrastructure monitoring. If we want to diagnose any issue in our application, we just push our application logs. This is on any client server using the universal forwarder logs on the Splunk server. After indexing, we can create a base log, and create attractive dashboards that are simple to understand and use. I'm a system administrator and we are customers of Splunk. 

What is most valuable?

This is a straightforward solution, easy to configure and difficult to mess up. 

What needs improvement?

Splunk is a very costly solution and I think it's the most expensive in the market in terms of costing. Splunk provides an application for infrastructure monitoring. If we're monitoring the docker with containers, we can't see the container name, only the ID. That's a big drawback.

For how long have I used the solution?

I've been using this solution for two years. 

What do I think about the stability of the solution?

This is a stable solution. Deployment takes one person, it can be a system admin or an engineer.

What do I think about the scalability of the solution?

This is a scalable solution. We can do the clustering of it for large applications. We have around 15 users for this product. 

How are customer service and technical support?

If I have any issues, I'll go to the community. I can generally get a response within a day. Although most of the documentation is good, some of it is unclear, particularly if you're new to the product. 

How was the initial setup?

I think it takes around 10 minutes to install it on the server. On the client side, it takes around five minutes. I do the installation myself. 

What other advice do I have?

If you're going with this solution, make sure that when implementing the ports are open. If they're not open, it creates problems with the server. Other than that, this is a very stable and very easy to configure product. We can easily deploy and easily use. Other similar solutions are difficult to configure, Splunk is the simplest. I've used three or four monitoring tools and Splunk is the easiest. If a company can afford it, this is a good product. We are planning to shift to another product because of the cost. We're searching for an open source or cheaper product.

I would rate this solution a nine out of 10. They lose one point for the price and lack of infrastructure support.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
it_user867936 - PeerSpot reviewer
Works at a financial services firm with 10,001+ employees
Real User
Looks for incidents which could cause damage to a company's infrastructure
Pros and Cons
  • "Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks."
  • "Splunk can improve regex/asset analysis as we do not want to crawl until it is done."

What is our primary use case?

With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.

How has it helped my organization?

Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.

What is most valuable?

Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents.

What needs improvement?

Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security Engineer at Information Innovators Inc. (Triple-i)
Real User
Correlates logs throughout the enterprise for searching and use in investigations
Pros and Cons
  • "We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations."
  • "It can be tough to get a hold of somebody in technical support depending on the complexity of the issue."
  • "The Enterprise Security app could be improved. We have had trouble with it working from the first day."

What is our primary use case?

We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.

How has it helped my organization?

We previously did not have a good centralized solution which could ingest just about any log type, which has been a plus.

What is most valuable?

The search application has been the most useful. We have also liked the reporting features and dashboard capabilities.

What needs improvement?

The Enterprise Security app could be improved. We have had trouble with it working from the first day.  

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Yes, there have been issues with the Enterprise Security application instance.  

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

It has been a weak point, but has improved over the years. It can be tough to get a hold of somebody depending on the complexity of the issue.  

Which solution did I use previously and why did I switch?

Years ago, we did use another solution, but I am not sure it exists any longer. We have been using Splunk for many years.  

How was the initial setup?

We had professional services set it up, as it was quite complex.  

What about the implementation team?

Vendor implementation, and I would rate them as a seven out of 10.  

What was our ROI?

Excellent overall. 

What's my experience with pricing, setup cost, and licensing?

It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation.  

Which other solutions did I evaluate?

We evaluated Trustwave and QRadar.

What other advice do I have?

It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality.  

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Business Intelligence Engineer at SONIFI Solutions, Inc.
Real User
Allows us to dig into raw events
Pros and Cons
  • "Splunk allows us to find insights that we were not able to with traditional BI tools using ETL​. It allows us to dig into raw events."
  • "Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
  • "The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."

What is our primary use case?

Primary use is business intelligence. 

How has it helped my organization?

Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events. 

What is most valuable?

Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. 

What needs improvement?

The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more. 

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

We ingest roughly 30GB/day. We have a small environment, but it provides big insights. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1297563 - PeerSpot reviewer
Director General de España at a cloud solution provider with 51-200 employees
Real User
Integrates with every technology, easy to use, and good for analytics and cybersecurity
Pros and Cons
  • "It is very easy to use and integrate. There are connectors for every technology."
  • "The UI can be improved. Dashboards and reports can be better in terms of graphics."

What is our primary use case?

We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. 

Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.

What is most valuable?

It is very easy to use and integrate. There are connectors for every technology.

What needs improvement?

The UI can be improved. Dashboards and reports can be better in terms of graphics.

For how long have I used the solution?

We have been using this solution for a few years. In 2016, we became a Splunk partner.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

Its scalability is very good. We work with this platform for our own services. We use Splunk extensively, and we also offer it to our clients. We plan to increase its usage.

Our company has three offices. We have offices in Spain, Columbia, and Mexico. We have around 100 people, and about 50 people are working with Splunk. They all are focused on cyber security. They are security engineers or security specialists.

How are customer service and support?

I don't know about their support. I don't work with it much. On an activity level, I'm not so close to the platform. I'm the country manager, so I am a bit far from the operation.

Which solution did I use previously and why did I switch?

We tried to work with Exabeam for user behavior analytics, but we stopped it.

How was the initial setup?

Its setup is very easy, but we have been working with Splunk for a lot of years. We have all the certifications in Splunk, and we are a specialist in Splunk. So, for us, it is very easy to set it up and integrate it, but it might not be easy for other companies.

What other advice do I have?

Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable.

I would rate it a nine out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Donald Baldwin - PeerSpot reviewer
Principal Enterprise Architect at Aurenav Sweden AB
Real User
Top 5
Handles a high volume of data, collects information from multiple sources, and is very stable
Pros and Cons
  • "The reporting aspect is good and it does what I need it to do."
  • "If you monitor too much, you can lose performance on your systems."

What is our primary use case?

In our organization, Splunk is used in our data centers.

We have integration services and other types of systems in our new IoT architecture. We're using it to capture information.

We use Splunk as an aggregator for monitoring information from different sources, however, for our protection suite, we're using Comodo.

It's designed to collect data from different points. It has a lot of integrations built into it and that's why we're using it.

We use it for our enterprise more - such as for messaging. There's a lot of stuff we do on our integration services layer that we use Splunk for. For security purposes, we're using Comodo. Therefore we're not using Splunk for security purposes. We're using it for monitoring what's happening at our integration services layer.

How has it helped my organization?

Splunk indicates when we've got problems popping up somewhere or we're not getting the flow we expected. If there's a problem, we have those flagged and we use it for logging.

What is most valuable?

Splunk handles a high volume of data that we have, and it does it really well.

For what we're using it for, we're happy with its functionality.

The reporting aspect is good and it does what I need it to do.

From an operational standpoint, it helps us on the operations side and it also shows where we're having issues.

It connects to a lot of stuff. We can collect information from a lot of sources.

What needs improvement?

The interface or maybe some settings need to be improved a bit. It cannot be perfect, however, the issues may be related to the configuration or setup.

If you monitor too much, you can lose performance on your systems. You have to be careful what you're monitoring. If you monitor everything, everything stops working. You can go overboard in monitoring. You have to plan your monitoring pretty carefully.

It could be easier for beginners. As it is, right now, You have to have a good understanding of the solution in order to use it properly.

That said, as the user, I'm at a higher level of management on the architecture side in dealing with resilience. My concerns are different from other user concerns. Also, most of our clients are using it way more than we're using it.

For how long have I used the solution?

We've used the solution for more than a decade. It's been a long time. 

What do I think about the stability of the solution?

We haven't had any problems with stability. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

We've never had an issue with scalability. If a company needs to scale, it can.

The danger of Splunk is that it can get too big too quickly and you have to be very careful with what you want to be monitoring due to the fact that if you monitor too much, you can slow down things and you can hurt your performance on your system. We have to be very careful of what we're logging.

We have about 12 users on the solution right now.

We do not plan to increase usage in the future.

How are customer service and support?

We don't use technical support very much. We've been using it for so long, we generally understand it and do not require assistance.

Which solution did I use previously and why did I switch?

We used to use Splunk a lot more, however, we've moved more to Comodo right now. I'd say we've moved to Comodo from Splunk in a lot of areas.

On the security side, we use Comodo. Not all of our clients even have Comodo. A lot of them are using Splunk, however, a lot of them are using Splunk for enterprise operations and network operations items. Some of them are using security and a lot of them aren't. Splunk is offered as a security option now, however, originally, when you used it, it was to collect enterprise operations information and know-how your systems are running. 

How was the initial setup?

We've been using it for a long time, therefore, I don't even remember when we set it up or how it went. We do keep it updated and use the latest versions.

I only have one or two people doing maintenance on it.

What was our ROI?

ROI's a hard thing to pin down. We've had it for so long, it's part of our core operating infrastructure.

What's my experience with pricing, setup cost, and licensing?

Everything we do is either yearly or multi-year. I don't know if there is any additional cost to standard license fees.

What other advice do I have?

We use Splunk and we also sell and support it for our clients.

Normally our policy is to keep software updated to the latest version.

The main issue is that we do enterprise architecture and network and security operations. We recommend certain platforms to clients. We don't always sell Splunk directly to them due to the fact that, since we're being hired to help them make choices, we need to be neutral. In the cases where it doesn't make sense, we don't sell it. We just help clients make decisions.

I don't know which version of the solution we're using. I'm an architect; I'm not on the operations level. I'm not the one who actually uses it. Our operations use it. I get dashboard results and I do reports that are based on it, however, I'm not the one actually running it. We have a NOC and a SOC and others use it a lot more individually. They have a lot more interaction than I do. I'm getting reports out of it. Others are actually connecting to it, using it as a tool. I'm not a tool user. I'm an information user.

All Splunk is, is data collection and it can sort things out on a dashboard. However, a lot of what Splunk does is collect data and you have to decide what kind of information you're going to let it collect. When we're doing design operations we have to really pay attention to what we're doing, so we don't actually slow things down or impede things. The reason we use Splunk is we put a lot of data into it.

With Splunk, you need to really be careful about what you're monitoring and how you use it, to get keep the results working. It's a good tool if you know what you're doing and what you need to be logging. You need to be aware of what you're logging to ensure it isn't going to cause problems with your performance.

I wouldn't recommend it for somebody who's coming in new. Of the clients we have using it, I don't know if any of them don't have professional IT running it. It's important to really understand what's going on.

I'd rate the solution at an eight out of ten. In certain environments, it could be a bit complex. It's not something you could just drop into an organization, you need to be trained to use it. You need the experience to use it properly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1521537 - PeerSpot reviewer
Consultant at a financial services firm with 5,001-10,000 employees
Real User
Good scalability, dashboards, and alarms, but should have a default dashboard for a firewall and better knowledge base
Pros and Cons
  • "Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
  • "Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."

What is our primary use case?

We are using Splunk for cybersecurity operations.

What is most valuable?

Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.

What needs improvement?

Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding.

To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.

For how long have I used the solution?

I have been using this solution for eight months.

What do I think about the stability of the solution?

In terms of operations, it is stable, but if you don't have a proper configuration and sizing, there could be many issues. It could be more efficient on the storage part. We are still in the deployment stage to be able to say that for sure.

What do I think about the scalability of the solution?

It is very scalable. Currently, we have around 50 users. We will increase its usage if more people need access.

How are customer service and technical support?

We have raised multiple tickets. Some of them are good, and some of them can be better. Overall, their technical support is okay.

Which solution did I use previously and why did I switch?

We didn't use any other solution.

How was the initial setup?

I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.

Which other solutions did I evaluate?

We are a partner of Splunk. So, we did not evaluate other solutions.

What other advice do I have?

I would rate Splunk a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.