Splunk Enterprise Security Reviews

Log collection and search.

The search and query feature is very fast but due to the log size limit (in trial version), we did not get the full benefit.

Selecting the relevant events and records.

Due to the size limit, we could not see the full product.

We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.

Since Splunk is a platform for data, we can ingest and correlate data from virtually any type of system.

It has a fast turnaround time for setting up monitoring/alerting and forecasting of trends as per our customers' requirements.

The following are top three features that I find quite valuable:

1. Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning.
2. Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level.
3. Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app.

• Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations.
• While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin.
• Missing capability for audio/video and image processing.

The analytics and querying the indices is super easy.

The data representation options in the dashboards are excellent.

Multiple datasource/filetypes are supported and each can be customized in a few clicks.

Security administration and user access control is pretty basic. This can be improved.

The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc.

If this is improved, with a mapping against LDAP roles, it would be excellent.

We had no stability issues.

We had no scalability issues.

Technical support and the online community are some of the best for any product.

We did not have a previous solution.

The setup was quite easy and there is lot of technical documentation for handholding you through the process.

Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market.

We looked at IBM SmartCloud Analytics and Log Analytics.

Please watch out for the licensing agreement. There are a lot of IP specific clauses that Splunk has included in their license agreement. Per my understanding, any plugin available in the community cannot be used OOB, due to licensing restrictions. (This might be specific to our organization.)

• Flexibility when creating dashboards
• Automated cron searches
• Real-time and scheduled searches with alternate functionalities
• User-base integration with LDAP

It alerted many situations before other monitoring systems identified that there is a critical issue.

VMware and security device integration looks a bit complex.

I have used Splunk for almost three years.

As of now, we have had no issues with stability. It is running like a charm.

From a nodes perspective, there have been no scalability issues.

I can say that support is good.

We never used other solutions.

We used the Splunk Cluster setup. It was a bit complex to set up, but management-wise and stability-wise, it was awesome.

License costs fall under the NDA, but Splunk license costs are public, I believe.

We evaluated Logstash and others, but Splunk plays a pivotal role.

I would strongly recommend this product, as it would be very beneficial for service operations and management.

We are resellers. We provide solutions to our clients.

Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development.

We are concentrating on assisting in the development of a security monitor as well as analysis.

If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.

In my opinion, it is too expensive for our projects.

It is very competitive for small and medium businesses. Perhaps some should be set aside for developing markets. To begin with, similar to the current market, there may be some special conditions for large transactions.

In the next releases, I would like to see more pricing flexibility. It's a subscription-based service, and they don't sell professional licenses.

In some cases, particularly with large projects, we are not competitive in terms of pricing when compared to IBM QRadar and other solutions; even if we offer the maximum discount available, our prices remain uncompetitive.

We have been selling Splunk for approximately five years.

The scalability is good. It can be added on-demand in increments of one gigabyte or ten gigabytes. It's a per-gigabyte license, and you can add whatever you need at the time.

Our projects are sized per our current IT infrastructure.

Splunk is used by 10 of our customers.

Our team provides technical support.

I have not communicated with technical support.

We no longer resell Checkmarks. 

We were unable to assist in establishing their business on-premises because It could have been too expensive for our clientele.

Installing Splunk is not difficult, but it can be complicated in some cases.

The issue is the integration with the customer's system, as well as the configuration of the rules for correlation, log collecting, and analysis.

It has good documentation and guides, but the main works should be focused on customer needs and customer resources for monitoring.

It can take three months to complete the installation.

We have a team of three certified engineers who will deploy and maintain this solution.

The licensing fees and pricing models could be reduced.

It's a yearly subscription.

They don't sell professionally because it's a subscription service. As a result, it is only a subscription service that is dependent on the customer's IT infrastructure.

We do not sell Compliance Control Limited solutions because our focus is on auditing and independent security assessments. We put an end to our selling program with Checkmarks.

I would recommend this solution to others. Splunk is appropriate for small to medium-sized projects, and it should be calculated for large projects.

It's one of the best CM solutions on the market for monitoring, and correlation, as well as IT monitoring security.

I would rate Splunk an eight out of ten.

We are a solution provider and Splunk is one of the products that we distribute.

The primary use case is for SIEM and we have approximately 35 customers.

The fact that Splunk is a platform and not just a SIEM solution is a key benefit.

Our customers like that they can use Splunk to optimize their security.

The Splunk licensing model should be more flexible.

The support that is included with the standard licensing fee is very bad.

We have been working with Splunk since 2017.

Stability-wise, it's perfect. We haven't had any problem with Splunk. It's good software.

One of the key benefits and differences with this software is that the customer can scale up as much as they need to. Our largest Splunk customer is using between three and four petabytes of data per day.

If you don't pay extra for technical support then it is very bad. If you pay extra for it, then the technical support is normal.

I am familiar with other products and Splunk can handle much more data than IBM QRadar or any other competing product.

Direct competitors are more flexible when it comes to licensing.

We have not had any problems installing Splunk.

For a standard case, it takes between one and two weeks to install correctly and deploy. This is for situations where the client has less than 50 gigabytes of data per day.

Problems during the implementation are typically due to something on the customer's side. For example, if the client does not have somebody that is responsible for the deployment, helping to speed up the various procedures, then this is a key problem for us.

It takes two people to deploy and maintain.

Splunk is not a cheap solution and the license is billed annually. The licensing model should be improved and the price should be lower, in general.

You can purchase additional technical support, which is much better than the support that is included.

I would rate this solution an eight out of ten.