Log collection and search.
Sr. Manager Information Security at Tapal Tea (Private) Limited
The search and query feature is very fast but due to the log size limit, we did not get the full benefit
What is our primary use case?
How has it helped my organization?
The search and query feature is very fast but due to the log size limit (in trial version), we did not get the full benefit.
What is most valuable?
Selecting the relevant events and records.
What needs improvement?
Due to the size limit, we could not see the full product.
Buyer's Guide
Splunk Enterprise Security
March 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
For how long have I used the solution?
Trial/evaluations only.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Lead at Wipro Technologies
Capability to expand functionality through custom code for data inputs, commands, visualization, alerts, and machine learning
Pros and Cons
- "We can ingest and correlate data from virtually any type of system."
- "Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
- "Missing capability for audio/video and image processing."
- "While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin."
What is our primary use case?
We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.
How has it helped my organization?
Since Splunk is a platform for data, we can ingest and correlate data from virtually any type of system.
It has a fast turnaround time for setting up monitoring/alerting and forecasting of trends as per our customers' requirements.
What is most valuable?
The following are top three features that I find quite valuable:
- Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning.
- Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level.
- Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app.
What needs improvement?
- Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations.
- While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin.
- Missing capability for audio/video and image processing.
For how long have I used the solution?
More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Splunk Enterprise Security
March 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
Performance Consultant at a tech services company with 10,001+ employees
Some of the valuable features include data representation options and the analytics and querying of the indices.
Pros and Cons
- "The data representation options in the dashboards are excellent."
- "The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
What is most valuable?
The analytics and querying the indices is super easy.
The data representation options in the dashboards are excellent.
Multiple datasource/filetypes are supported and each can be customized in a few clicks.
What needs improvement?
Security administration and user access control is pretty basic. This can be improved.
The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc.
If this is improved, with a mapping against LDAP roles, it would be excellent.
What do I think about the stability of the solution?
We had no stability issues.
What do I think about the scalability of the solution?
We had no scalability issues.
How are customer service and technical support?
Technical support and the online community are some of the best for any product.
Which solution did I use previously and why did I switch?
We did not have a previous solution.
How was the initial setup?
The setup was quite easy and there is lot of technical documentation for handholding you through the process.
What's my experience with pricing, setup cost, and licensing?
Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market.
Which other solutions did I evaluate?
We looked at IBM SmartCloud Analytics and Log Analytics.
What other advice do I have?
Please watch out for the licensing agreement. There are a lot of IP specific clauses that Splunk has included in their license agreement. Per my understanding, any plugin available in the community cannot be used OOB, due to licensing restrictions. (This might be specific to our organization.)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Business Analyst at a retailer with 10,001+ employees
Provides real-time and scheduled searches with alternate functionalities.
What is most valuable?
- Flexibility when creating dashboards
- Automated cron searches
- Real-time and scheduled searches with alternate functionalities
- User-base integration with LDAP
How has it helped my organization?
It alerted many situations before other monitoring systems identified that there is a critical issue.
What needs improvement?
VMware and security device integration looks a bit complex.
For how long have I used the solution?
I have used Splunk for almost three years.
What do I think about the stability of the solution?
As of now, we have had no issues with stability. It is running like a charm.
What do I think about the scalability of the solution?
From a nodes perspective, there have been no scalability issues.
How are customer service and technical support?
I can say that support is good.
Which solution did I use previously and why did I switch?
We never used other solutions.
How was the initial setup?
We used the Splunk Cluster setup. It was a bit complex to set up, but management-wise and stability-wise, it was awesome.
What's my experience with pricing, setup cost, and licensing?
License costs fall under the NDA, but Splunk license costs are public, I believe.
Which other solutions did I evaluate?
We evaluated Logstash and others, but Splunk plays a pivotal role.
What other advice do I have?
I would strongly recommend this product, as it would be very beneficial for service operations and management.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO with 51-200 employees
Pros and Cons of Splunk, Sumo Logic, LogStash and Others
Splunk, Sumo Logic, LogStash, GrayLog, Loggly, PaperTrails – did I miss someone? I’m pretty sure I did. Logs are like fossil fuels – we’ve been wanting to get rid of them for the past 20 years, but we’re not quite there yet. Well, if that’s the case I want a BMW!
To deal with the growth of log data a host of log management & analysis tools have been built over the last few years to help developers and operations make sense of the growing data. I thought it’d be interesting to look at our options and what are each tools’ selling point, from a developer’s standpoint.
Splunk
As the biggest tool in this space, I decided to put Splunk in a category of its own. That’s not to say it’s the best tool for what you need, but more to give credit to a product who essentially created a new category.
Pros
Splunk is probably the most feature rich solution in the space. It’s got hundreds of apps (I counted 537) to make sense of almost every format of log data, from security to business analytics to infrastructure monitoring. Splunk’s search and charting tools are feature rich to the point that there’s probably no set of data you can’t get to through its UI or APIs.
Cons
Splunk has two major cons. The first, that is more subjective, is that it’s an on-premise solution which means that setup costs in terms of money and complexity are high. To deploy in a high-scale environment you will need to install and configure a dedicated cluster. As a developer, it’s usually something you can’t or don’t want to do as your first choice.
Splunk’s second con is that it’s expensive. To support a real-world application you’re looking at tens of thousands of dollars, which most likely means you’ll need sign offs from high-ups in your organization, and the process is going to be slow. If you’ve got a new app and you want something fast that you can quickly spin up and ramp as things progress – keep reading.
Read the rest of this post here.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO at a tech services company with 11-50 employees
Simple to install, with good monitoring, and correlation capabilities
Pros and Cons
- "The scalability is good."
- "In the next releases, I would like to see more pricing flexibility."
What is our primary use case?
We are resellers. We provide solutions to our clients.
Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development.
We are concentrating on assisting in the development of a security monitor as well as analysis.
If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.
What needs improvement?
In my opinion, it is too expensive for our projects.
It is very competitive for small and medium businesses. Perhaps some should be set aside for developing markets. To begin with, similar to the current market, there may be some special conditions for large transactions.
In the next releases, I would like to see more pricing flexibility. It's a subscription-based service, and they don't sell professional licenses.
In some cases, particularly with large projects, we are not competitive in terms of pricing when compared to IBM QRadar and other solutions; even if we offer the maximum discount available, our prices remain uncompetitive.
For how long have I used the solution?
We have been selling Splunk for approximately five years.
What do I think about the scalability of the solution?
The scalability is good. It can be added on-demand in increments of one gigabyte or ten gigabytes. It's a per-gigabyte license, and you can add whatever you need at the time.
Our projects are sized per our current IT infrastructure.
Splunk is used by 10 of our customers.
How are customer service and support?
Our team provides technical support.
I have not communicated with technical support.
Which solution did I use previously and why did I switch?
We no longer resell Checkmarks.
We were unable to assist in establishing their business on-premises because It could have been too expensive for our clientele.
How was the initial setup?
Installing Splunk is not difficult, but it can be complicated in some cases.
The issue is the integration with the customer's system, as well as the configuration of the rules for correlation, log collecting, and analysis.
It has good documentation and guides, but the main works should be focused on customer needs and customer resources for monitoring.
It can take three months to complete the installation.
We have a team of three certified engineers who will deploy and maintain this solution.
What's my experience with pricing, setup cost, and licensing?
The licensing fees and pricing models could be reduced.
It's a yearly subscription.
They don't sell professionally because it's a subscription service. As a result, it is only a subscription service that is dependent on the customer's IT infrastructure.
What other advice do I have?
We do not sell Compliance Control Limited solutions because our focus is on auditing and independent security assessments. We put an end to our selling program with Checkmarks.
I would recommend this solution to others. Splunk is appropriate for small to medium-sized projects, and it should be calculated for large projects.
It's one of the best CM solutions on the market for monitoring, and correlation, as well as IT monitoring security.
I would rate Splunk an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Senior Software Engineer at a retailer with 10,001+ employees
Support can retrieve salient logging data from massive distributed systems in seconds but deployment is not easy.
I've been using Splunk for over 3 years now. The most valuable feature for me is alerting. Using Splunk, production support teams can retrieve salient logging data from massive distributed systems in seconds.
I'd say that some the key/value pair parsing can be a little off and has room for improvement. The deployment is not easy and I've only encountered issues with stability and scalability when on under-provisioned equipment. The initial setup was complex - need to identify source types in advance, and a large deployment with multiple indexers can be tricky. We initially implemented in-house, and then through Splunk themselves to upgrade and improve.
Before implementing Splunk we used an in-house system, but Splunk offered far more to us. Also, their customer service is good and their technical supper is excellent. Our ROI was big!
I'd advise others who are looking into implementing Splunk to get a true Splunk expert - either spunk themselves or a vendor, to do the installation.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Splunk BDM in UA at a manufacturing company with 51-200 employees
Optimizes network security, straightforward to deploy, and can handle a large volume of data
Pros and Cons
- "The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
- "The support that is included with the standard licensing fee is very bad."
What is our primary use case?
We are a solution provider and Splunk is one of the products that we distribute.
The primary use case is for SIEM and we have approximately 35 customers.
What is most valuable?
The fact that Splunk is a platform and not just a SIEM solution is a key benefit.
Our customers like that they can use Splunk to optimize their security.
What needs improvement?
The Splunk licensing model should be more flexible.
The support that is included with the standard licensing fee is very bad.
For how long have I used the solution?
We have been working with Splunk since 2017.
What do I think about the stability of the solution?
Stability-wise, it's perfect. We haven't had any problem with Splunk. It's good software.
What do I think about the scalability of the solution?
One of the key benefits and differences with this software is that the customer can scale up as much as they need to. Our largest Splunk customer is using between three and four petabytes of data per day.
How are customer service and support?
If you don't pay extra for technical support then it is very bad. If you pay extra for it, then the technical support is normal.
Which solution did I use previously and why did I switch?
I am familiar with other products and Splunk can handle much more data than IBM QRadar or any other competing product.
Direct competitors are more flexible when it comes to licensing.
How was the initial setup?
We have not had any problems installing Splunk.
For a standard case, it takes between one and two weeks to install correctly and deploy. This is for situations where the client has less than 50 gigabytes of data per day.
Problems during the implementation are typically due to something on the customer's side. For example, if the client does not have somebody that is responsible for the deployment, helping to speed up the various procedures, then this is a key problem for us.
What about the implementation team?
It takes two people to deploy and maintain.
What's my experience with pricing, setup cost, and licensing?
Splunk is not a cheap solution and the license is billed annually. The licensing model should be improved and the price should be lower, in general.
You can purchase additional technical support, which is much better than the support that is included.
What other advice do I have?
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:

Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Cortex XSIAM
Fortinet FortiSIEM
Sumo Logic Security
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
ManageEngine Log360
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack
I don't want to oversimplify things but I am a 0 and 1 guy. Either you Splunk or you don't Splunk. Yes, Splunk has it's cost. Then again, if you try to go with a cheaper solution, OpenSource solution, or totally home grown, I can almost guarantee that the true cost will be much higher than Splunk. Think of it as meeting half-way. Splunk does half the work, and you need to do the other half, including the committing finances. A good trick is to leverage the free version or trial version for real-life solutions. Once you provide a solution to someone that they can't live without, then you got them hooked. Create a hunger first, then you got them hooked in (the people who will approve the cost).