Typically, we use the solution for critical infrastructure companies.
Senior Cyber Security Expert at a security firm with 11-50 employees
Great performance, easy to set up, and offers good speed
Pros and Cons
- "The level of robustness on offer is very good."
- "The complexity could be worked on so that it's even easier and faster."
What is our primary use case?
What is most valuable?
The speed is a very valuable aspect of the solution.
The way Splunk handles low data and low-rate costs are great.
The level of robustness on offer is very good.
The initial setup is very straightforward.
We have found that the solution offers good integrations with other products.
Overall, the solution works very well.
What needs improvement?
The complexity could be worked on so that it's even easier and faster. However, I understand that, if some complexity was removed, there might be slightly more limitations.
Occasionally there are data sizing and data-related issues that need to be overcome.
For how long have I used the solution?
I've been using the solution for a couple of years.
Buyer's Guide
Splunk Enterprise Security
March 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
What do I think about the stability of the solution?
The performance is very good. It's something that customers are always looking for. The product offers good stability. There are no bugs or glitches and it doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
We have about five to ten partners that use Splunk.
Which solution did I use previously and why did I switch?
I'm a fan of QRadar. I use them as well.
How was the initial setup?
The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issues with the process. The deployment process doesn't take too long. You can manage it with fewer people and smaller teams. This is especially true if it isn't the critical infrastructure that you are working with.
For deployment and maintenance, you only need two to three people. That can include one manager and two professionals. Since Splunk is easier to handle, more people can join in on the client-side.
What's my experience with pricing, setup cost, and licensing?
We also use QRadar, and we make more money with QRadar than with Splunk as we can make bigger projects happen. However, we find that with Splunk, while we don't make as much money on each project, we can do more of them.
What other advice do I have?
I'd rate the solution at an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Founder at a marketing services firm with 11-50 employees
Easy to deploy and relatively simple learning curve; could be more user friendly
Pros and Cons
- "Easy to deploy and simple to use."
- "Could be more user friendly."
What is our primary use case?
We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.
What is most valuable?
Splunk can quickly be deployed and it's not difficult to learn the solution.
What needs improvement?
The solution could be more user friendly and it's difficult to know at this stage whether our requirements will be met by the solution.
For how long have I used the solution?
I've been using this solution for a couple of months.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
Scalability is good with Splunk.
How was the initial setup?
The initial setup doesn't take much time especially if there's good bandwidth. In a small company deployment might take a month or two. If you have 100 devices then a technical team of three should be sufficient. They would need to be able to deal with log analysis, forensics and have general knowledge about admin systems. In time, we would expect to have thousands of users.
What's my experience with pricing, setup cost, and licensing?
I think Splunk is expensive compared to other tools at the purchase stage. It's possible that if we can keep control of the costs involved down the track, it won't be so bad.
Which other solutions did I evaluate?
We studied four or five tools including Logrhythm and Exabeam. We went with Splunk for now and will see how that goes.
What other advice do I have?
I think this is a good solution and rate it a seven out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Splunk Enterprise Security
March 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Consultant at a financial services firm with 5,001-10,000 employees
Good scalability, dashboards, and alarms, but should have a default dashboard for a firewall and better knowledge base
Pros and Cons
- "Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
- "Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."
What is our primary use case?
We are using Splunk for cybersecurity operations.
What is most valuable?
Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.
What needs improvement?
Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding.
To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.
For how long have I used the solution?
I have been using this solution for eight months.
What do I think about the stability of the solution?
In terms of operations, it is stable, but if you don't have a proper configuration and sizing, there could be many issues. It could be more efficient on the storage part. We are still in the deployment stage to be able to say that for sure.
What do I think about the scalability of the solution?
It is very scalable. Currently, we have around 50 users. We will increase its usage if more people need access.
How are customer service and technical support?
We have raised multiple tickets. Some of them are good, and some of them can be better. Overall, their technical support is okay.
Which solution did I use previously and why did I switch?
We didn't use any other solution.
How was the initial setup?
I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.
Which other solutions did I evaluate?
We are a partner of Splunk. So, we did not evaluate other solutions.
What other advice do I have?
I would rate Splunk a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Security Operation Center Analyst at Sadad
User Behavior Analytics is key in detecting fraud and advanced persistent threats
Pros and Cons
- "Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats."
- "UBA, User Behavior Analytics, is a key feature."
- "I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence."
What is our primary use case?
Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.
How has it helped my organization?
For a long period of time we analyzed logs, traffic, something like tcpdump. Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats. It's really important for our business because I work a PSP, a payment service provider, e-payments.
What is most valuable?
UBA, User Behavior Analytics.
What needs improvement?
In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features.
What do I think about the stability of the solution?
It's stable and very safe.
What do I think about the scalability of the solution?
Splunk's scalability is good for an enterprise situation. It's scalable in all situations.
How are customer service and technical support?
For us, technical support has been good. Splunk has good documentation and it is really easy to work with Splunk and the Splunk community.
Which solution did I use previously and why did I switch?
I used ELK. It was good. It is an open-source solution, but there is some complexity in configuring it, working with it.
In choosing a vendor I use industry reviews to find feedback from the community that works with the solution.
How was the initial setup?
The initial setup was straightforward.
Which other solutions did I evaluate?
There are a lot of solutions: IBM QRadar, Splunk, LogRhythm. Splunk was good for us because of the support, the documentation, the scalability, the stability. It gives us everything that we need in our business, everything necessary for helping us do our job.
What other advice do I have?
There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best.
I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Searches logs from all devices and gives valuable information to the organisation
Pros and Cons
- "Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
- "Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."
What is our primary use case?
- Searches the logs for all network devices and server.
- Monitors clients' hardware, networking, and security operations.
- It is good for the administrator to use it when maintaining the whole IT Infrastructure.
How has it helped my organization?
Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses.
What is most valuable?
Searches logs from all devices and gives valuable information to the organisation, so it can drill down on all reports and security threats.
What needs improvement?
Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk.
Network Breach
No, we have not suffered a network breach.
Efficiency of Security Team
Yes, the solution has improved the efficiency of our security team.
For how long have I used the solution?
Trial/evaluations only.
What do I think about the stability of the solution?
No stability issues.
What do I think about the scalability of the solution?
No scalability issues.
How are customer service and technical support?
I have received a very good response from support that I have not seen in more than 10 years of my experience.
Which solution did I use previously and why did I switch?
We are using OpManager to monitor server logs.
What about the implementation team?
I implemented it myself.
What was our ROI?
It made our organization better through integration.
What's my experience with pricing, setup cost, and licensing?
Make it cheaper to help small organisations implement it easier.
Which other solutions did I evaluate?
We evaluated QRadar.
What other advice do I have?
I have been using Splunk to increase my security experience.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Specialist Master, Cyber Risk at a tech vendor with 10,001+ employees
My clients have visibility into systems and activities that they never had before.
Pros and Cons
- "Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
- "The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
How has it helped my organization?
Some of my clients had rudimentary home-grown security solutions that Splunk ES has completely replaced.
In these cases, the improvement was dramatic; they had visibility into systems and activities that they never had before.
In the case of clients who already had a SIEM solution, the change was more incremental. However, in my opinion, the Splunk ES solution is superior because it is so flexible. It can consolidate data from almost anything.
What is most valuable?
Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them.
What needs improvement?
The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating.
What do I think about the stability of the solution?
There were no stability issues. It is one of the most stable systems that I have worked with.
What do I think about the scalability of the solution?
As of now, no scalability issues were experienced. Splunk is highly scalable, so don’t anticipate that. However, scaling can get very expensive with their pricing model.
How are customer service and technical support?
Technical support is excellent! It is of top notch level. The customer support folks really know their stuff, the turnaround is fast.
Which solution did I use previously and why did I switch?
Previously, we were using HPE ArcSight.
How was the initial setup?
That’s a hard one. The initial setup is easy but making it actually work is complex. However, the complexity is something that just comes with all top SIEM tools. Very few companies have exactly the same data and issues, so a great deal of data onboarding and normalization are always required.
Which other solutions did I evaluate?
We evaluated HPE ArcSight.
What other advice do I have?
Plan your implementation carefully. Be sure you have someone to implement it, someone who knows what he is doing. Splunk’s inherent flexibility is a great thing, but it also provides an opportunity to really mess things up.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are an alliance partner.
Cyber Security Consultant at a tech services company with 10,001+ employees
Responsive, and available, technical support, that is easy to install
Pros and Cons
- "It's better than IBM, in my opinion, because it's an independent entity."
- ". Having a trial version or more training on Splunk would be helpful."
What is our primary use case?
I use Splunk for testing purposes. It is used for school research and to learn how to use Splunk.
Splunk is mainly used for collecting logs and dashboards.
What is most valuable?
Splunk provides a free version so you can test it before purchasing. It's better than IBM, in my opinion, because it's an independent entity. IBM, for example, if you want to use EDR, and other features, you must use the features of other companies, such as ServiceNow and Jira.
I am still exploring the features provided in Splunk. As I have not used it for a long time, I don't have a clear vision of it.
What needs improvement?
As a student, I'd like to see more labs and things for students to test in order to learn.
Having a trial version or more training on Splunk would be helpful.
There is a free version, but it is insufficient for training and learning because it is a little bit difficult to work with, especially if you are a beginner. It's difficult to improve when you're just starting out with logs and SOC. As a result, we require a longer free version.
For how long have I used the solution?
Splunk is not used in my company. During my internship, I am being taught how to use it at school.
I have been using Splunk for one month.
What do I think about the stability of the solution?
I did not have any issues with the stability of Splunk. It was quite stable.
How are customer service and support?
There was technical assistance available. When you require assistance, they provide it, they will respond.
Which solution did I use previously and why did I switch?
We integrate Jira with QRadar which is helpful.
How was the initial setup?
The initial setup was simple because there is available support and tutorials.
What about the implementation team?
I completed the installation with the help of some friends, in the IT department.
What's my experience with pricing, setup cost, and licensing?
I'm only using the free version for the time being.
The cost is reasonable.
Splunk's costing is a little more difficult. The pricing method is complicated, and the way that costing is calculated in Splunk is a little more difficult.
When compared to QRadar, QRadar, it's simple to pay.
Which other solutions did I evaluate?
I did some research for a school project. I needed to compare it to Splunk and a few other tools. As a result, I'm not particularly interested in purchasing them.
What other advice do I have?
I would rate Splunk an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager, Analytics & Insights at a consultancy with 10,001+ employees
Effective machine learning, reliable, and responsive support
Pros and Cons
- "Splunk has machine learning which is a valuable feature."
- "The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
What is our primary use case?
We are using Splunk for querying data from different sources.
What is most valuable?
Splunk has machine learning which is a valuable feature.
What needs improvement?
The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use.
For how long have I used the solution?
I have used Splunk within the past 12 months.
What do I think about the stability of the solution?
Splunk is a stable solution.
How are customer service and support?
We have contacted the support and most of the reasons we have contact support has been project-related. For example, we want the APAs to work in a certain way or for certain fixes.
What other advice do I have?
I have been using Splunk for approximately
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Cortex XSIAM
Fortinet FortiSIEM
Sumo Logic Security
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack
splunk is google for all logs in organisation.