We are using Splunk for cybersecurity operations.
Consultant at a financial services firm with 5,001-10,000 employees
Good scalability, dashboards, and alarms, but should have a default dashboard for a firewall and better knowledge base
Pros and Cons
- "Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
- "Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."
What is our primary use case?
What is most valuable?
Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.
What needs improvement?
Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding.
To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.
For how long have I used the solution?
I have been using this solution for eight months.
Buyer's Guide
Splunk Enterprise Security
October 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
815,854 professionals have used our research since 2012.
What do I think about the stability of the solution?
In terms of operations, it is stable, but if you don't have a proper configuration and sizing, there could be many issues. It could be more efficient on the storage part. We are still in the deployment stage to be able to say that for sure.
What do I think about the scalability of the solution?
It is very scalable. Currently, we have around 50 users. We will increase its usage if more people need access.
How are customer service and support?
We have raised multiple tickets. Some of them are good, and some of them can be better. Overall, their technical support is okay.
Which solution did I use previously and why did I switch?
We didn't use any other solution.
How was the initial setup?
I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.
Which other solutions did I evaluate?
We are a partner of Splunk. So, we did not evaluate other solutions.
What other advice do I have?
I would rate Splunk a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IT & Cloud Architect at AiM Services SA
We use it for reporting and monitoring of all solutions in the company
Pros and Cons
- "We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
- "The security can be improved."
What is our primary use case?
Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is.
How has it helped my organization?
We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.
What needs improvement?
The security can be improved.
What do I think about the scalability of the solution?
It is scalable. We have five admins so far that we have in the solution. We have two as techs to develop the design on the world map of the solution, and we have the end users, so 80,000 users altogether.
How was the initial setup?
The initial setup was complex. We have two data centers in France, two in Germany, and we have 18 countries in the world. It's a big company and we have a lot of services, servers, etc. So the setup is more complex.
What other advice do I have?
I would rate this solution a perfect ten out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Buyer's Guide
Splunk Enterprise Security
October 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
815,854 professionals have used our research since 2012.
Security Operation Center Analyst at Sadad
User Behavior Analytics is key in detecting fraud and advanced persistent threats
Pros and Cons
- "Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats."
- "UBA, User Behavior Analytics, is a key feature."
- "I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence."
What is our primary use case?
Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.
How has it helped my organization?
For a long period of time we analyzed logs, traffic, something like tcpdump. Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats. It's really important for our business because I work a PSP, a payment service provider, e-payments.
What is most valuable?
UBA, User Behavior Analytics.
What needs improvement?
In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features.
What do I think about the stability of the solution?
It's stable and very safe.
What do I think about the scalability of the solution?
Splunk's scalability is good for an enterprise situation. It's scalable in all situations.
How are customer service and technical support?
For us, technical support has been good. Splunk has good documentation and it is really easy to work with Splunk and the Splunk community.
Which solution did I use previously and why did I switch?
I used ELK. It was good. It is an open-source solution, but there is some complexity in configuring it, working with it.
In choosing a vendor I use industry reviews to find feedback from the community that works with the solution.
How was the initial setup?
The initial setup was straightforward.
Which other solutions did I evaluate?
There are a lot of solutions: IBM QRadar, Splunk, LogRhythm. Splunk was good for us because of the support, the documentation, the scalability, the stability. It gives us everything that we need in our business, everything necessary for helping us do our job.
What other advice do I have?
There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best.
I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Searches logs from all devices and gives valuable information to the organisation
Pros and Cons
- "Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
- "Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."
What is our primary use case?
- Searches the logs for all network devices and server.
- Monitors clients' hardware, networking, and security operations.
- It is good for the administrator to use it when maintaining the whole IT Infrastructure.
How has it helped my organization?
Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses.
What is most valuable?
Searches logs from all devices and gives valuable information to the organisation, so it can drill down on all reports and security threats.
What needs improvement?
Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk.
Network Breach
No, we have not suffered a network breach.
Efficiency of Security Team
Yes, the solution has improved the efficiency of our security team.
For how long have I used the solution?
Trial/evaluations only.
What do I think about the stability of the solution?
No stability issues.
What do I think about the scalability of the solution?
No scalability issues.
How are customer service and technical support?
I have received a very good response from support that I have not seen in more than 10 years of my experience.
Which solution did I use previously and why did I switch?
We are using OpManager to monitor server logs.
What about the implementation team?
I implemented it myself.
What was our ROI?
It made our organization better through integration.
What's my experience with pricing, setup cost, and licensing?
Make it cheaper to help small organisations implement it easier.
Which other solutions did I evaluate?
We evaluated QRadar.
What other advice do I have?
I have been using Splunk to increase my security experience.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Systems/Applications Specialist with 201-500 employees
It could be easier to set up but it has an innovative way of collecting and presenting data
What is most valuable?
Its performance, scalability and most importantly the innovative way of collecting and presenting data.
Fast search! Imagine a scenario with an application environment where a couple of modules are based at a different servers. There is a system issue and a check needs to be completed in a timely manner. Traditionally engineers would have to login to the servers, navigate to different folders and load the log files to check for errors. Splunk can give this at a glance for all of the systems at once! Furthermore a “trap” of known errors could be saved and a real time alert setup to send an email in a meaningful way with relevant details (e.g. priority, affected systems) and instructions what needs to be done next.
How has it helped my organization?
Helpful for systems support, monitoring of the operations and deliveries, analysing trends and performance. Great for making sense of the application log’s events for business needs - e.g. requests per day, completed tasks per user, exceptions, KPI etc.
What needs improvement?
It can be easier to setup and adding new sources which Splunk are improving with every new version.
For how long have I used the solution?
I have used it for two years.
What was my experience with deployment of the solution?
No issues encountered.
What do I think about the stability of the solution?
It's running great given the information it processes.
What do I think about the scalability of the solution?
Really scalable solution. Could be split into soft/hard forwarders if needed and even completed in an HA setup.
How are customer service and technical support?
Customer Service:
Splunk have dedicated staff trying to change the world for the better.
Technical Support:Splunk have introduced their own certification path which guarantees that the technical support will have the needed expertise.
Which solution did I use previously and why did I switch?
I am familiar that there are other solutions out there but I haven't used them. Started with Splunk.
How was the initial setup?
The initial setup requires some good analysis - what would be collected, from where, how to group the incoming data in virtual folders and indexes so it make sense and ease/scope the search later on. Apart from that the initial application setup is straightforward.
What about the implementation team?
Implemented in house with the support of the vendor with high level of expertise.
What was our ROI?
I'm not sure about the money but in saved time and a new kind of visibility for the system/business process this product has been revolutionary in the working environment. The demand for deeper integration and more details hasn't stopped since the initial implementation and we have moved on from just technical and business reports, KPI reports from other systems and we keep building new alerts, dashboards and reports as per new requirements.
What's my experience with pricing, setup cost, and licensing?
Not sure about the cost but I have heard it can get pretty costly for an Enterprise grade scale as the environment I work in. For home it is free up to 500Mb a day. Day-to-day cost for the product itself is costing just system resources, however the development work that needs to be completed for new requests and keeping the old one up-to-date can raise the budget according to the expertise needed.
What other advice do I have?
Go for it and be brave. Experiment, add, remove, modify. Keep what is not working until it is working how you want and then delete the rest. Make a library of useful search queries and a diagram of systems and related files included in the indexes. Do not allow access for everyone to run DB queries as per the other forms of DB access. Install 3rd party modules and play with them. Collect system events for the OS and relate it to application performance. Trap the errors you have identified, create alerts and follow name convention for email subject (e.g. priority, type, system, description).
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO with 51-200 employees
Pros and Cons of Splunk, Sumo Logic, LogStash and Others
Splunk, Sumo Logic, LogStash, GrayLog, Loggly, PaperTrails – did I miss someone? I’m pretty sure I did. Logs are like fossil fuels – we’ve been wanting to get rid of them for the past 20 years, but we’re not quite there yet. Well, if that’s the case I want a BMW!
To deal with the growth of log data a host of log management & analysis tools have been built over the last few years to help developers and operations make sense of the growing data. I thought it’d be interesting to look at our options and what are each tools’ selling point, from a developer’s standpoint.
Splunk
As the biggest tool in this space, I decided to put Splunk in a category of its own. That’s not to say it’s the best tool for what you need, but more to give credit to a product who essentially created a new category.
Pros
Splunk is probably the most feature rich solution in the space. It’s got hundreds of apps (I counted 537) to make sense of almost every format of log data, from security to business analytics to infrastructure monitoring. Splunk’s search and charting tools are feature rich to the point that there’s probably no set of data you can’t get to through its UI or APIs.
Cons
Splunk has two major cons. The first, that is more subjective, is that it’s an on-premise solution which means that setup costs in terms of money and complexity are high. To deploy in a high-scale environment you will need to install and configure a dedicated cluster. As a developer, it’s usually something you can’t or don’t want to do as your first choice.
Splunk’s second con is that it’s expensive. To support a real-world application you’re looking at tens of thousands of dollars, which most likely means you’ll need sign offs from high-ups in your organization, and the process is going to be slow. If you’ve got a new app and you want something fast that you can quickly spin up and ramp as things progress – keep reading.
Read the rest of this post here.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user159375Principal Program Manager at a consumer goods company with 1,001-5,000 employees
Real User
I don't want to oversimplify things but I am a 0 and 1 guy. Either you Splunk or you don't Splunk. Yes, Splunk has it's cost. Then again, if you try to go with a cheaper solution, OpenSource solution, or totally home grown, I can almost guarantee that the true cost will be much higher than Splunk. Think of it as meeting half-way. Splunk does half the work, and you need to do the other half, including the committing finances. A good trick is to leverage the free version or trial version for real-life solutions. Once you provide a solution to someone that they can't live without, then you got them hooked. Create a hunger first, then you got them hooked in (the people who will approve the cost).
Splunk BDM in UA at a manufacturing company with 51-200 employees
Optimizes network security, straightforward to deploy, and can handle a large volume of data
Pros and Cons
- "The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
- "The support that is included with the standard licensing fee is very bad."
What is our primary use case?
We are a solution provider and Splunk is one of the products that we distribute.
The primary use case is for SIEM and we have approximately 35 customers.
What is most valuable?
The fact that Splunk is a platform and not just a SIEM solution is a key benefit.
Our customers like that they can use Splunk to optimize their security.
What needs improvement?
The Splunk licensing model should be more flexible.
The support that is included with the standard licensing fee is very bad.
For how long have I used the solution?
We have been working with Splunk since 2017.
What do I think about the stability of the solution?
Stability-wise, it's perfect. We haven't had any problem with Splunk. It's good software.
What do I think about the scalability of the solution?
One of the key benefits and differences with this software is that the customer can scale up as much as they need to. Our largest Splunk customer is using between three and four petabytes of data per day.
How are customer service and support?
If you don't pay extra for technical support then it is very bad. If you pay extra for it, then the technical support is normal.
Which solution did I use previously and why did I switch?
I am familiar with other products and Splunk can handle much more data than IBM QRadar or any other competing product.
Direct competitors are more flexible when it comes to licensing.
How was the initial setup?
We have not had any problems installing Splunk.
For a standard case, it takes between one and two weeks to install correctly and deploy. This is for situations where the client has less than 50 gigabytes of data per day.
Problems during the implementation are typically due to something on the customer's side. For example, if the client does not have somebody that is responsible for the deployment, helping to speed up the various procedures, then this is a key problem for us.
What about the implementation team?
It takes two people to deploy and maintain.
What's my experience with pricing, setup cost, and licensing?
Splunk is not a cheap solution and the license is billed annually. The licensing model should be improved and the price should be lower, in general.
You can purchase additional technical support, which is much better than the support that is included.
What other advice do I have?
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
CEO at a tech services company with 11-50 employees
Simple to install, with good monitoring, and correlation capabilities
Pros and Cons
- "The scalability is good."
- "In the next releases, I would like to see more pricing flexibility."
What is our primary use case?
We are resellers. We provide solutions to our clients.
Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development.
We are concentrating on assisting in the development of a security monitor as well as analysis.
If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.
What needs improvement?
In my opinion, it is too expensive for our projects.
It is very competitive for small and medium businesses. Perhaps some should be set aside for developing markets. To begin with, similar to the current market, there may be some special conditions for large transactions.
In the next releases, I would like to see more pricing flexibility. It's a subscription-based service, and they don't sell professional licenses.
In some cases, particularly with large projects, we are not competitive in terms of pricing when compared to IBM QRadar and other solutions; even if we offer the maximum discount available, our prices remain uncompetitive.
For how long have I used the solution?
We have been selling Splunk for approximately five years.
What do I think about the scalability of the solution?
The scalability is good. It can be added on-demand in increments of one gigabyte or ten gigabytes. It's a per-gigabyte license, and you can add whatever you need at the time.
Our projects are sized per our current IT infrastructure.
Splunk is used by 10 of our customers.
How are customer service and support?
Our team provides technical support.
I have not communicated with technical support.
Which solution did I use previously and why did I switch?
We no longer resell Checkmarks.
We were unable to assist in establishing their business on-premises because It could have been too expensive for our clientele.
How was the initial setup?
Installing Splunk is not difficult, but it can be complicated in some cases.
The issue is the integration with the customer's system, as well as the configuration of the rules for correlation, log collecting, and analysis.
It has good documentation and guides, but the main works should be focused on customer needs and customer resources for monitoring.
It can take three months to complete the installation.
We have a team of three certified engineers who will deploy and maintain this solution.
What's my experience with pricing, setup cost, and licensing?
The licensing fees and pricing models could be reduced.
It's a yearly subscription.
They don't sell professionally because it's a subscription service. As a result, it is only a subscription service that is dependent on the customer's IT infrastructure.
What other advice do I have?
We do not sell Compliance Control Limited solutions because our focus is on auditing and independent security assessments. We put an end to our selling program with Checkmarks.
I would recommend this solution to others. Splunk is appropriate for small to medium-sized projects, and it should be calculated for large projects.
It's one of the best CM solutions on the market for monitoring, and correlation, as well as IT monitoring security.
I would rate Splunk an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Power BI
Microsoft Sentinel
SentinelOne Singularity Complete
Microsoft Defender XDR
Azure Monitor
IBM Security QRadar
Elastic Security
AppDynamics
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack
- What is a better choice, Splunk or Azure Sentinel?
splunk is google for all logs in organisation.