Try our new research platform with insights from 80,000+ expert users
IT & Cloud Architect at AiM Services SA
Reseller
We use it for reporting and monitoring of all solutions in the company
Pros and Cons
  • "We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
  • "The security can be improved."

What is our primary use case?

Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is. 

How has it helped my organization?

We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.

What needs improvement?

The security can be improved. 

What do I think about the scalability of the solution?

It is scalable. We have five admins so far that we have in the solution. We have two as techs to develop the design on the world map of the solution, and we have the end users, so 80,000 users altogether. 

Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.

How was the initial setup?

The initial setup was complex. We have two data centers in France, two in Germany, and we have 18 countries in the world. It's a big company and we have a lot of services, servers, etc. So the setup is more complex.

What other advice do I have?

I would rate this solution a perfect ten out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
it_user782697 - PeerSpot reviewer
Security Operation Center Analyst at Sadad
Real User
User Behavior Analytics is key in detecting fraud and advanced persistent threats
Pros and Cons
  • "Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats."
  • "UBA, User Behavior Analytics, is a key feature."
  • "I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence."

What is our primary use case?

Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.

How has it helped my organization?

For a long period of time we analyzed logs, traffic, something like tcpdump. Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats. It's really important for our business because I work a PSP, a payment service provider, e-payments.

What is most valuable?

UBA, User Behavior Analytics.

What needs improvement?

In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features.

What do I think about the stability of the solution?

It's stable and very safe. 

What do I think about the scalability of the solution?

Splunk's scalability is good for an enterprise situation. It's scalable in all situations.

How are customer service and technical support?

For us, technical support has been good. Splunk has good documentation and it is really easy to work with Splunk and the Splunk community.

Which solution did I use previously and why did I switch?

I used ELK. It was good. It is an open-source solution, but there is some complexity in configuring it, working with it.

In choosing a vendor I use industry reviews to find feedback from the community that works with the solution.

How was the initial setup?

The initial setup was straightforward.

Which other solutions did I evaluate?

There are a lot of solutions: IBM QRadar, Splunk, LogRhythm. Splunk was good for us because of the support, the documentation, the scalability, the stability. It gives us everything that we need in our business, everything necessary for helping us do our job.

What other advice do I have?

There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best.

I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
PeerSpot user
System Administrator at Abdullah Al-Othaim Markets
Real User
Searches logs from all devices and gives valuable information to the organisation
Pros and Cons
  • "Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
  • "Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."

What is our primary use case?

  • Searches the logs for all network devices and server. 
  • Monitors clients' hardware, networking, and security operations. 
  • It is good for the administrator to use it when maintaining the whole IT Infrastructure.

How has it helped my organization?

Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses.

What is most valuable?

Searches logs from all devices and gives valuable information to the organisation, so it can drill down on all reports and security threats. 

What needs improvement?

Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk

Network Breach

No, we have not suffered a network breach.

Efficiency of Security Team

Yes, the solution has improved the efficiency of our security team.

For how long have I used the solution?

Trial/evaluations only.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How are customer service and technical support?

I have received a very good response from support that I have not seen in more than 10 years of my experience. 

Which solution did I use previously and why did I switch?

We are using OpManager to monitor server logs. 

What about the implementation team?

I implemented it myself.

What was our ROI?

It made our organization better through integration.

What's my experience with pricing, setup cost, and licensing?

Make it cheaper to help small organisations implement it easier. 

Which other solutions did I evaluate?

We evaluated QRadar.

What other advice do I have?

I have been using Splunk to increase my security experience. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MS Alam - PeerSpot reviewer
MS AlamSystem Administrator at Abdullah Al-Othaim Markets
Real User

splunk is google for all logs in organisation.

PeerSpot user
Systems/Applications Specialist with 201-500 employees
Vendor
It could be easier to set up but it has an innovative way of collecting and presenting data

What is most valuable?

Its performance, scalability and most importantly the innovative way of collecting and presenting data.

Fast search! Imagine a scenario with an application environment where a couple of modules are based at a different servers. There is a system issue and a check needs to be completed in a timely manner. Traditionally engineers would have to login to the servers, navigate to different folders and load the log files to check for errors. Splunk can give this at a glance for all of the systems at once! Furthermore a “trap” of known errors could be saved and a real time alert setup to send an email in a meaningful way with relevant details (e.g. priority, affected systems) and instructions what needs to be done next.

How has it helped my organization?

Helpful for systems support, monitoring of the operations and deliveries, analysing trends and performance. Great for making sense of the application log’s events for business needs - e.g. requests per day, completed tasks per user, exceptions, KPI etc.

What needs improvement?

It can be easier to setup and adding new sources which Splunk are improving with every new version.

For how long have I used the solution?

I have used it for two years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

It's running great given the information it processes.

What do I think about the scalability of the solution?

Really scalable solution. Could be split into soft/hard forwarders if needed and even completed in an HA setup.

How are customer service and technical support?

Customer Service:

Splunk have dedicated staff trying to change the world for the better.

Technical Support:

Splunk have introduced their own certification path which guarantees that the technical support will have the needed expertise.

Which solution did I use previously and why did I switch?

I am familiar that there are other solutions out there but I haven't used them. Started with Splunk.

How was the initial setup?

The initial setup requires some good analysis - what would be collected, from where, how to group the incoming data in virtual folders and indexes so it make sense and ease/scope the search later on. Apart from that the initial application setup is straightforward.

What about the implementation team?

Implemented in house with the support of the vendor with high level of expertise.

What was our ROI?

I'm not sure about the money but in saved time and a new kind of visibility for the system/business process this product has been revolutionary in the working environment. The demand for deeper integration and more details hasn't stopped since the initial implementation and we have moved on from just technical and business reports, KPI reports from other systems and we keep building new alerts, dashboards and reports as per new requirements.

What's my experience with pricing, setup cost, and licensing?

Not sure about the cost but I have heard it can get pretty costly for an Enterprise grade scale as the environment I work in. For home it is free up to 500Mb a day. Day-to-day cost for the product itself is costing just system resources, however the development work that needs to be completed for new requests and keeping the old one up-to-date can raise the budget according to the expertise needed.

What other advice do I have?

Go for it and be brave. Experiment, add, remove, modify. Keep what is not working until it is working how you want and then delete the rest. Make a library of useful search queries and a diagram of systems and related files included in the indexes. Do not allow access for everyone to run DB queries as per the other forms of DB access. Install 3rd party modules and play with them. Collect system events for the OS and relate it to application performance. Trap the errors you have identified, create alerts and follow name convention for email subject (e.g. priority, type, system, description).

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MS Alam - PeerSpot reviewer
MS AlamSystem Administrator at Abdullah Al-Othaim Markets
Real User

Splunk - SIEM

See all 3 comments
it_user142623 - PeerSpot reviewer
CEO with 51-200 employees
Vendor
Pros and Cons of Splunk, Sumo Logic, LogStash and Others

Splunk, Sumo Logic, LogStash, GrayLog, Loggly, PaperTrails – did I miss someone? I’m pretty sure I did. Logs are like fossil fuels – we’ve been wanting to get rid of them for the past 20 years, but we’re not quite there yet. Well, if that’s the case I want a BMW!

To deal with the growth of log data a host of log management & analysis tools have been built over the last few years to help developers and operations make sense of the growing data. I thought it’d be interesting to look at our options and what are each tools’ selling point, from a developer’s standpoint.

Splunk

As the biggest tool in this space, I decided to put Splunk in a category of its own. That’s not to say it’s the best tool for what you need, but more to give credit to a product who essentially created a new category.

Pros

Splunk is probably the most feature rich solution in the space. It’s got hundreds of apps (I counted 537) to make sense of almost every format of log data, from security to business analytics to infrastructure monitoring. Splunk’s search and charting tools are feature rich to the point that there’s probably no set of data you can’t get to through its UI or APIs.

Cons

Splunk has two major cons. The first, that is more subjective, is that it’s an on-premise solution which means that setup costs in terms of money and complexity are high. To deploy in a high-scale environment you will need to install and configure a dedicated cluster. As a developer, it’s usually something you can’t or don’t want to do as your first choice.

Splunk’s second con is that it’s expensive. To support a real-world application you’re looking at tens of thousands of dollars, which most likely means you’ll need sign offs from high-ups in your organization, and the process is going to be slow. If you’ve got a new app and you want something fast that you can quickly spin up and ramp as things progress – keep reading.

Read the rest of this post here.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user159375 - PeerSpot reviewer
it_user159375Principal Program Manager at a consumer goods company with 1,001-5,000 employees
Real User

I don't want to oversimplify things but I am a 0 and 1 guy. Either you Splunk or you don't Splunk. Yes, Splunk has it's cost. Then again, if you try to go with a cheaper solution, OpenSource solution, or totally home grown, I can almost guarantee that the true cost will be much higher than Splunk. Think of it as meeting half-way. Splunk does half the work, and you need to do the other half, including the committing finances. A good trick is to leverage the free version or trial version for real-life solutions. Once you provide a solution to someone that they can't live without, then you got them hooked. Create a hunger first, then you got them hooked in (the people who will approve the cost).

See all 3 comments
Splunk BDM in UA at a manufacturing company with 51-200 employees
Real User
Optimizes network security, straightforward to deploy, and can handle a large volume of data
Pros and Cons
  • "The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
  • "The support that is included with the standard licensing fee is very bad."

What is our primary use case?

We are a solution provider and Splunk is one of the products that we distribute.

The primary use case is for SIEM and we have approximately 35 customers.

What is most valuable?

The fact that Splunk is a platform and not just a SIEM solution is a key benefit.

Our customers like that they can use Splunk to optimize their security.

What needs improvement?

The Splunk licensing model should be more flexible.

The support that is included with the standard licensing fee is very bad.

For how long have I used the solution?

We have been working with Splunk since 2017.

What do I think about the stability of the solution?

Stability-wise, it's perfect. We haven't had any problem with Splunk. It's good software.

What do I think about the scalability of the solution?

One of the key benefits and differences with this software is that the customer can scale up as much as they need to. Our largest Splunk customer is using between three and four petabytes of data per day.

How are customer service and support?

If you don't pay extra for technical support then it is very bad. If you pay extra for it, then the technical support is normal.

Which solution did I use previously and why did I switch?

I am familiar with other products and Splunk can handle much more data than IBM QRadar or any other competing product.

Direct competitors are more flexible when it comes to licensing.

How was the initial setup?

We have not had any problems installing Splunk.

For a standard case, it takes between one and two weeks to install correctly and deploy. This is for situations where the client has less than 50 gigabytes of data per day.

Problems during the implementation are typically due to something on the customer's side. For example, if the client does not have somebody that is responsible for the deployment, helping to speed up the various procedures, then this is a key problem for us.

What about the implementation team?

It takes two people to deploy and maintain.

What's my experience with pricing, setup cost, and licensing?

Splunk is not a cheap solution and the license is billed annually. The licensing model should be improved and the price should be lower, in general.

You can purchase additional technical support, which is much better than the support that is included.

What other advice do I have?

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Managing Director at Hayyan Horizons
Real User
Low-maintenance and stable with very useful dashboards
Pros and Cons
  • "The log aggregation is great."
  • "Technical support needs to be more responsive."

What is our primary use case?

We primarily use the solution for security and operations monitoring.

How has it helped my organization?

Gives full visibility on operational and security posture in our organization. Integrations is straightforward and effective.

What is most valuable?

The log aggregation is great.

The solution offers good data analytics.

The dashboards are very helpful.

The initial setup is simple and straightforward. 

The solution is low-maintenance.

It's a stable product.

We have found that the solution scales well. 

What needs improvement?

The TERM licensing model is still not very useful. It's not helping us. They used to have a perpetual licensing model. Now Splunk is offering annual term/subscription only. That's costly and it's more expensive and it's putting some burden on us.

Technical support needs to be more responsive. 

We would like to see more AI. Through AI, artificial intelligence, not machine learning only. We want to see more AI-enabled kinds of functionalities just to reduce dependencies on manual interventions. We do that, however, automation and artificial intelligence-based kind of automation we would really like to see.

For how long have I used the solution?

I've been using the solution for six years. I've used it for a while at this point. 

What do I think about the stability of the solution?

It's not high maintenance. There are software or upgrade releases every now and then, however, in general, the product is very stable. There are no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

We have 17 people that are using the solution currently. 

It's very easy to scale the product if you need to.

How are customer service and technical support?

We use technical support every now and then. The response times are not very good. This is the thing that I would need to see improvement on and probably in that area only. They are that good when they started handling cases, however, they take too much time to respond to customer requests.

Which solution did I use previously and why did I switch?

We did not use anything else on the production scale. Our first experience was with Splunk.

How was the initial setup?

The solution is straightforward and simple to set up. It's not complex at all.

What about the implementation team?

We handled the process internally. We did not need the assistance of any integrators or consultants. 

What's my experience with pricing, setup cost, and licensing?

Filter the noise out.

Which other solutions did I evaluate?

Yes all the other competitors, Splunk by far is the best.

What other advice do I have?

We're a partner and a customer. 

I'm using the latest version of the solution. 

I would highly recommend the solution. It's the best product out there. It's definitely easy to set up. The use cases are multiple. It's not restrictive in terms of the efficiency of the platform. Just make sure that you have enough resources or good counsel from people who can help with the use cases. If you do the sky would be the limit. It is a good solution.

I'd rate the solution at a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1630161 - PeerSpot reviewer
Founder at a marketing services firm with 11-50 employees
Real User
Easy to deploy and relatively simple learning curve; could be more user friendly
Pros and Cons
  • "Easy to deploy and simple to use."
  • "Could be more user friendly."

What is our primary use case?

We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.

What is most valuable?

Splunk can quickly be deployed and it's not difficult to learn the solution. 

What needs improvement?

The solution could be more user friendly and it's difficult to know at this stage whether our requirements will be met by the solution. 

For how long have I used the solution?

I've been using this solution for a couple of months. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

Scalability is good with Splunk. 

How was the initial setup?

The initial setup doesn't take much time especially if there's good bandwidth. In a small company deployment might take a month or two. If you have 100 devices then a technical team of three should be sufficient. They would need to be able to deal with log analysis, forensics and have general knowledge about admin systems. In time, we would expect to have thousands of users. 

What's my experience with pricing, setup cost, and licensing?

I think Splunk is expensive compared to other tools at the purchase stage. It's possible that if we can keep control of the costs involved down the track, it won't be so bad.

Which other solutions did I evaluate?

We studied four or five tools including Logrhythm and Exabeam. We went with Splunk for now and will see how that goes.

What other advice do I have?

I think this is a good solution and rate it a seven out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.