Try our new research platform with insights from 80,000+ expert users
reviewer1404306 - PeerSpot reviewer
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Real User
Plenty of features, stable, but is expensive
Pros and Cons
  • "The solution has plenty of features that are good."
  • "Deployment is not difficult but the lock sources and configurations can take time."

What is our primary use case?

We have multiple use cases, almost 200 plus use cases. An example, travel activities where you log in.

What is most valuable?

The solution has plenty of features that are good.

For how long have I used the solution?

I have been using the solution for two years.

What do I think about the stability of the solution?

It is a stable solution. 

Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.

What do I think about the scalability of the solution?

In my experience, it has been scalable. We have five users using the solution in our company.

How was the initial setup?

The installation is straightforward.

What about the implementation team?

Deployment is not difficult but the lock sources and configurations can take time. We have a team of 15 technicians that do the deployments.

What's my experience with pricing, setup cost, and licensing?

The solution is a little expensive.

What other advice do I have?

I would recommend this solution.

I rate Splunk a six out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1415322 - PeerSpot reviewer
Senior Consultant at sectecs
Consultant
Powerful programming language and search capability, but it is expensive and the vendor is inflexible
Pros and Cons
  • "What I really like is that even if you have already collected the data, you can extract fields and can build searches."
  • "I would like to see more SIEM functionality and a better ticket tool."

What is our primary use case?

My reason for implementing it was just to learn more about the product. I wanted to learn about the Splunk programming language, how to pipe searches, add logs, verify the logs, create fields, extract data into fields, build dashboards, and to get hands-on experience with the product.

What is most valuable?

The Splunk programming language allows you to pipe searches into another searches.

What I really like is that even if you have already collected the data, you can extract data and  add fields which improves building searches. This is not the case with Elasticsearch, where this needs to be done upfront.

What needs improvement?

I really dislike how Splunk sales and partner manager behaves. I have faced several sales model and partnership changes. Also, the last time I wanted to by a license ro built a SIEM solution, they had removed the ability to purchase a splunk subscription or license from their website. In the past, there was a web page calculator it was possible to by online, but now it instructs to contact sales.

The free version is limited to 500 megabytes and there is no alerting. Due to the missing feature on the Splunk webpage, I have ask Splunk Sales to purchase a license like 1Gyte a day or a license for max 2500 Euro/year to use it as a test or development instance for myself. Asking Splunk for a quote willing to pay for Splunk license to learn and to get used to the product, Splunk didn't get it managed to offer my a license neither arranging the partnership paperwork I have ask for. Sales people from Splunk where calling, each time after I left my details on ther trial download page. I explained my experience and concerns about Splunk in the past. All excuses received and promises that someone will contact me to solve the issues faced in the past, was leading in excactly nothing. Well Done Splunk.

Inflexible and expensive and I do not have much faith in the people working there because if someone is asking for a test environment and is willing to spend up to €2,500 a year, I can't understand why they are unable to provide a license. This could be a lost opportunity because they are not able to onboard a potential new partner.

They definitely need to boost their sales and partner program because it changes to often, where they are dropping partners and it is difficult to get in contact with somebody. This is something that needs to be improved.

I would like to see more SIEM functionality and embedded moduled such a ticket tool to make a end to end SIEM.

For how long have I used the solution?

I have been using Splunk for a few weeks.

What do I think about the scalability of the solution?

As I was using a test environment, I can't comment on scalability. It was just myself and a colleague who was using it as a test instance.

How are customer service and technical support?

I have not been in contact with technical support.

Which solution did I use previously and why did I switch?

I have worked a little bit with Elasticsearch. I also have an instance of SIEMonster running, and I'm trying to get used to it. I found that Splunk provided a good benefit compared to Elasticsearch.

With Elasticsearch, if you have already inserted the data then it's gone because you need to do the pre-filtering. Once you've inserted or ingested the raw data, using Logstash, for example, you are no longer able to build the fields such as IP address, hostname, username, and the other fields that you want to export. This unsorted, raw data that you have is really a drawback for Elasticsearch and some other products. This is something from Splunk that I consider to be a heavy feature, where you can just insert data and ingest it later on.

How was the initial setup?

really fast and easy to install a test instance.

What's my experience with pricing, setup cost, and licensing?

The pricing model is expensive and could lead into a budget nightmare based on the amount of data.

A better pricing plan would be an improvement.

Which other solutions did I evaluate?

I have done some research on LogRhythm, IBM QRadar, and ArcSight, but I don't have any hands-on experience yet.

I did a comparison for a customer two weeks ago and the outcome of my comparison was SIEMonster, effortable price model, even though it's a niche player, it's quite powerful. I also provided Splunk as a recommendation because it is a market leader, really powerful, and really good to use. I also recommended LogRhythm; it is also expensive but it's also really powerful, and the feedback of customers is really good.

With respect to Splunk, I would recommend it but when a customer is budget-driven then Splunk is not the solution. Money shouldn't be the question.

What other advice do I have?

This is a solution that I could recommend for somebody who wants a really powerful product. It is not an end to end orchestrated SIEM yet.

This is a product that I would generally recommend, although I would not do so if the customer is really budget-driven.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
it_user870792 - PeerSpot reviewer
Senior Security Engineer
Vendor
Significantly helped with aggregation and correlation of critical logs
Pros and Cons
  • "Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
  • "DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."

What is our primary use case?

  • IT Ops
  • Security
  • Compliance

Many IT groups and non-IT groups use the product to gain insights into their environments.

How has it helped my organization?

Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient.

What is most valuable?

Search and Dashboarding: Allows us to quickly search for an error and plot the results on a chart.

What needs improvement?

DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down. 

For how long have I used the solution?

Three to five years.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner with Splunk.
PeerSpot user
PeerSpot user
Data Scientist Intern at Splunxter, Inc.
Real User
Can ingest any data and display it in a way that anyone can understand
Pros and Cons
  • "The ability to ingest any data and display it in a way that anyone can understand."
  • "It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."

What is our primary use case?

I work with Splunk, as a contractor, so I use it in many different areas. Most often it is used to get performance insights on applications or servers. Recently, I have used it in more of an endpoint security mindset. 

How has it helped my organization?

My whole organization is built around Splunk. We provide Splunk PS to many different companies. If Splunk did not have such a good presence, we could not exist.

What is most valuable?

The best features would have to be the ability to ingest any data and display it in a way that anyone can understand.

What needs improvement?

It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user859770 - PeerSpot reviewer
consultant at a non-profit with 1,001-5,000 employees
User
Easily tracks problems and their status
Pros and Cons
  • "I like the ease with which dashboards can be created."
  • "Splunk has give us the capability to easily track problems and their status."
  • "The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it."

What is our primary use case?

We use Splunk for both monitoring and SIEM. Our security operations group uses Splunk to track user accounts which may have been compromised as well as follow those accounts through the organization.

How has it helped my organization?

Splunk has give us the capability to easily track problems and their status. Our security operations team has been able to use it to track where people login and what they do on those machines.

What is most valuable?

Personally, I like the capability of removing sensitive data before it goes into Splunk. I also like the ease with which dashboards can be created.

What needs improvement?

I like Splunk. The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user138168 - PeerSpot reviewer
Senior Software Engineer at a retailer with 10,001+ employees
Real User
Support can retrieve salient logging data from massive distributed systems in seconds but deployment is not easy.

I've been using Splunk for over 3 years now. The most valuable feature for me is alerting. Using Splunk, production support teams can retrieve salient logging data from massive distributed systems in seconds.

I'd say that some the key/value pair parsing can be a little off and has room for improvement. The deployment is not easy and I've only encountered issues with stability and scalability when on under-provisioned equipment. The initial setup was complex - need to identify source types in advance, and a large deployment with multiple indexers can be tricky. We initially implemented in-house, and then through Splunk themselves to upgrade and improve.

Before implementing Splunk we used an in-house system, but Splunk offered far more to us. Also, their customer service is good and their technical supper is excellent. Our ROI was big!

I'd advise others who are looking into implementing Splunk to get a true Splunk expert - either spunk themselves or a vendor, to do the installation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Engineer at NetScout Systems
Real User
Top 20
Highly stable, built-in workflows, and good support
Pros and Cons
  • "The most valuable feature of Splunk is the management and built-in workflows."
  • "The analytics of Splunk could be improved."

What is our primary use case?

There are many use cases for Splunk, we commonly use it for log management and analytics.

What is most valuable?

The most valuable feature of Splunk is the management and built-in workflows.

What needs improvement?

The analytics of Splunk could be improved.

For how long have I used the solution?

I have been using Splunk for approximately four years.

What do I think about the stability of the solution?

Splunk is a highly stable solution.

What do I think about the scalability of the solution?

I have found Splunk to be scalable.

We have 15 members of our organization that use this solution.

How are customer service and support?

We used to support a few times and our experience was good. 

I would rate the support from Splunk a four out of five.

Which solution did I use previously and why did I switch?

I have previously used RSA and I prefer Splunk.

How was the initial setup?

The implementation of slunk is not straightforward. It is of a moderate difficulty level.

What about the implementation team?

We used an integrator to do the implementation.

What's my experience with pricing, setup cost, and licensing?

There is an annual license required to use this solution.

Which other solutions did I evaluate?

I have evaluated other solutions, such as IBM QRadar.

What other advice do I have?

This solution has good technology.

I rate Splunk an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Solutions Consultant at a tech services company with 1,001-5,000 employees
Real User
Easy to use, provides a lot of analytics, and allows you to do pretty much whatever you want
Pros and Cons
  • "It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want."
  • "If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."

What is most valuable?

It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.

It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.

What needs improvement?

If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide.

For how long have I used the solution?

I have been using this solution for about three to four months.

What do I think about the scalability of the solution?

I'm not sure. I do not really throw a lot of data in it, but it has been authenticated very nicely. It manages indexes and all of these things very nicely. I have not been privy to any production systems where you have millions of lines of log coming in every second. It works very well for the data that I have. It should be able to handle a lot of data. That's the whole purpose of it, and that's why Splunk has become so popular. It is an enterprise monitoring tool, and a lot of customers have Splunk in their ecosystem.

How are customer service and technical support?

They have pretty much good documentation and good training. Their documentation is a lot better than Qlik Sense.

Which solution did I use previously and why did I switch?

Splunk is an enterprise monitoring tool. Qlik Sense can do a little bit of log monitoring, but it is mostly used for dashboard reporting, whereas Splunk is more around monitoring and figuring out threats and all such things. They are different, but both deal with the data and allow you to create operation reports. 

Power BI is another tool that a lot of our customers use, but Splunk is quite often requested. It is also a lot more popular than Qlik Sense. We have a fair number of Qlik Sense customers.  

We usually sell Blue Prism to business users who are more concerned with the reporting aspect, which is why they would like to have easy tools like Qlik Sense in their ecosystem, but on the infrastructure side, it would be Splunk for enterprise monitoring.

How was the initial setup?

Simple environments are easier to install. Because there is a lot of data log monitoring, once you have a production system, there is some amount of work in setting it up, especially making it SSL Secure and exposing it on the internet. There are multiple components behind it, so you need to ensure that all these things are set up correctly. These kinds of things are not required on a cloud platform because you are just uploading data. You really don't have much access to the backend.

Splunk also has a cloud version, which I haven't looked at, but I have used Qlik Sense's cloud platforms. With on-premises, you are in control of pretty much how you set up all the data that you are sending out. A lot of our customers have the issue that if it is a cloud platform, they cannot really send out the data to any of these cloud platforms. So, there are data residence and other issues.

What's my experience with pricing, setup cost, and licensing?

It is economical than other solutions.

What other advice do I have?

I would definitely recommend Splunk. It is quite a decent tool, and it is there in a lot of enterprises.

I would rate Splunk an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.