Splunk Enterprise Security Reviews

We primarily use the solution for security and operations monitoring.

Gives full visibility on operational and security posture in our organization. Integrations is straightforward and effective.

The log aggregation is great.

The solution offers good data analytics.

The dashboards are very helpful.

The initial setup is simple and straightforward. 

The solution is low-maintenance.

It's a stable product.

We have found that the solution scales well. 

The TERM licensing model is still not very useful. It's not helping us. They used to have a perpetual licensing model. Now Splunk is offering annual term/subscription only. That's costly and it's more expensive and it's putting some burden on us.

Technical support needs to be more responsive. 

We would like to see more AI. Through AI, artificial intelligence, not machine learning only. We want to see more AI-enabled kinds of functionalities just to reduce dependencies on manual interventions. We do that, however, automation and artificial intelligence-based kind of automation we would really like to see.

I've been using the solution for six years. I've used it for a while at this point. 

It's not high maintenance. There are software or upgrade releases every now and then, however, in general, the product is very stable. There are no bugs or glitches. It doesn't crash or freeze. 

We have 17 people that are using the solution currently. 

It's very easy to scale the product if you need to.

We use technical support every now and then. The response times are not very good. This is the thing that I would need to see improvement on and probably in that area only. They are that good when they started handling cases, however, they take too much time to respond to customer requests.

We did not use anything else on the production scale. Our first experience was with Splunk.

The solution is straightforward and simple to set up. It's not complex at all.

We handled the process internally. We did not need the assistance of any integrators or consultants. 

Filter the noise out.

Yes all the other competitors, Splunk by far is the best.

We're a partner and a customer. 

I'm using the latest version of the solution. 

I would highly recommend the solution. It's the best product out there. It's definitely easy to set up. The use cases are multiple. It's not restrictive in terms of the efficiency of the platform. Just make sure that you have enough resources or good counsel from people who can help with the use cases. If you do the sky would be the limit. It is a good solution.

I'd rate the solution at a ten out of ten.

We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.

Splunk can quickly be deployed and it's not difficult to learn the solution. 

The solution could be more user friendly and it's difficult to know at this stage whether our requirements will be met by the solution. 

I've been using this solution for a couple of months. 

The solution is stable. 

Scalability is good with Splunk. 

The initial setup doesn't take much time especially if there's good bandwidth. In a small company deployment might take a month or two. If you have 100 devices then a technical team of three should be sufficient. They would need to be able to deal with log analysis, forensics and have general knowledge about admin systems. In time, we would expect to have thousands of users. 

I think Splunk is expensive compared to other tools at the purchase stage. It's possible that if we can keep control of the costs involved down the track, it won't be so bad.

We studied four or five tools including Logrhythm and Exabeam. We went with Splunk for now and will see how that goes.

I think this is a good solution and rate it a seven out of 10. 

I'm the CSSP manager and we are customers of Splunk. 

Splunk is good at log collection and log management.

I'm a security manager and Splunk is not a good solution for my needs and not as good as other products I've used. I really think they just overreached and are marketing the solution as something that it really isn't. It's really not an SIEM product. It's really not a monitoring solution. If Splunk wants to get into SIEM, they need to make a totally new product. They should just leave SIEM, it's not their thing, not what they do. They're good at log collection and indexing. Stick to it. There are some things with log collection and log retention capabilities that they could actually improve instead of trying to create products for all these other different areas. I don't want their next release, I would rather just kind of scale back on some of the extras, and just really focus on log collection and log retention. I'd like to have more options on how I can perform those features with their products. I'd like to see a lot more integration with other products.

I've been using this solution for three years. 

Once you set up the solution, you don't really have to worry about it. It's very stable. I like the fact that you can pretty much just patch the OS, and it doesn't really affect how Splunk runs. With a lot of products, you almost have to wait for that company to implement a new patch or version of the product before you can upgrade the server it's on, or anything like that. Or you can't upgrade, you just have to go with whatever they give you, because they're giving you an appliance or something. I like the fact that Splunk allows you to integrate and still run as Splunk and still be compliant with most vulnerabilities out there without affecting functionality.

The solution is extremely scalable. We probably have about five or six users, so all our system administrators use it, they're the ones that implement it. Right now, just the CIO, the CTO, and there's a ISSM who has access. There are plans to add more people once we fully implement the Enterprise Security solution. We have admins responsible for maintenance.

The initial setup is kind of complex but I think it's an issue we have and not connected to the solution. We're still deploying. The company didn't have an implementation strategy, they're kind of just flying by the seat of their pants which wasn't a great plan. We're doing it ourselves, we didn't use an integrator. 

We have a 100 gig annual license. I'm not sure of the cost. Their licensing is based on the amount of data you collect. There is an additional cost for Enterprise Security. If there are any other kind of applications, the APIs that we created that we want to add, there are costs for most of those as well. Their pricing structure really could use a revamp. They really need to review and look at that and see if there's a better way that they can do it. Elasticsearch is a little cheaper and a better product in my view. 

It's important to prepare. You can't just get a solution and start to implement it. A big part of that needs to be preparation, and in IT, we're not great at that. I would go with Elastic, a similar product but better. The licensing is a little different but it gives you a little more freedom to do things. It's really flexible with what you can do and versatile in how you can use it. Splunk is still top when it comes to log collection. If you wanted anything more than that, you should probably look into using several different products. There isn't really one product that you're going to find that's going to give you that coverage and I just like the versatility of using several different products. There are some other things you can use that actually do a better job at the correlation part. 

I would rate this solution a seven out of 10. 

Log collection and search.

The search and query feature is very fast but due to the log size limit (in trial version), we did not get the full benefit.

Selecting the relevant events and records.

Due to the size limit, we could not see the full product.

We use it mostly for log monitoring, and also for trying to raise alarms.

It has helped with troubleshooting, making it easier. Now, we have one place where we can find logs and errors. There is no need to go to the actual server to search for the log file. 

It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end. This is the best thing.

The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging.

I have not had any issues with it, and we have the whole banking infrastructure running on it.

The scalability is okay as far as I have seen and used it. We have dozens of different environment environments using the same Splunk instruments, and it has been able to scale.

I have not used technical support.

Splunk's website is quite useful. You can find a lot of information on it. I would recommend to use it and try to figure out the product's features and what you can actually do with Splunk. You can do a lot of things with Splunk, but you need to know what to do first.

I have used both the AWS and on-premise versions, but in two different environment, so I am unable to compare the versions.

Although my company uses Splunk extensively, my use case is primarily the Enterprise Security add-on.

Splunk has enabled us to utilize many different data sources and is easy-to-use. It has a rapid response search environment in the event of an incident.

The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns.

ES is very powerful, but it requires a mature security posture at the company to take advantage of it currently. The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment.

We were using a different SIEM, which was old-fashioned and very structured.

• Flexibility when creating dashboards
• Automated cron searches
• Real-time and scheduled searches with alternate functionalities
• User-base integration with LDAP

It alerted many situations before other monitoring systems identified that there is a critical issue.

VMware and security device integration looks a bit complex.

I have used Splunk for almost three years.

As of now, we have had no issues with stability. It is running like a charm.

From a nodes perspective, there have been no scalability issues.

I can say that support is good.

We never used other solutions.

We used the Splunk Cluster setup. It was a bit complex to set up, but management-wise and stability-wise, it was awesome.

License costs fall under the NDA, but Splunk license costs are public, I believe.

We evaluated Logstash and others, but Splunk plays a pivotal role.

I would strongly recommend this product, as it would be very beneficial for service operations and management.

My primary use case is for log management. It's mostly deployed on-premises, but it can be cloud-based as well. 

The most valuable features are how stable and easy to use Splunk is. 

This solution could be improved by better pricing in general and by easier installation. 

I have been a partner of Splunk for three years. 

This solution is stable. 

Technical support is customer-friendly. 

The initial installation is not straightforward. It needs two or three days, depending on the size of the company. But it can be done with one senior engineer. 

I implemented through an in-house team. 

Splunk has a subscription and a perpetual license. 

This product could use better pricing. 

I would rate Splunk a nine out of ten. I recommend this product to others who are considering implementing it.