We use it mostly for log monitoring, and also for trying to raise alarms.
QA Lead at a financial services firm with 501-1,000 employees
It has helped with troubleshooting, making it easier
Pros and Cons
- "It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end."
- "The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging."
What is our primary use case?
How has it helped my organization?
It has helped with troubleshooting, making it easier. Now, we have one place where we can find logs and errors. There is no need to go to the actual server to search for the log file.
What is most valuable?
It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end. This is the best thing.
What needs improvement?
The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging.
Buyer's Guide
Splunk Enterprise Security
June 2026
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,118 professionals have used our research since 2012.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
I have not had any issues with it, and we have the whole banking infrastructure running on it.
What do I think about the scalability of the solution?
The scalability is okay as far as I have seen and used it. We have dozens of different environment environments using the same Splunk instruments, and it has been able to scale.
How are customer service and support?
I have not used technical support.
What other advice do I have?
Splunk's website is quite useful. You can find a lot of information on it. I would recommend to use it and try to figure out the product's features and what you can actually do with Splunk. You can do a lot of things with Splunk, but you need to know what to do first.
I have used both the AWS and on-premise versions, but in two different environment, so I am unable to compare the versions.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Chief Architect at PathMaker Group
It has a big user base, so the community is useful
Pros and Cons
- "It has a big user base, so the community is useful."
- "The product is pretty good, we are pretty satisfied with it, and it does what it does."
- "The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
What is our primary use case?
We primarily use it for SIEM.
What is most valuable?
It has a big user base, so the community is useful.
What needs improvement?
The community surrounding the product is okay, but I would like more material supplied by Splunk around some more common integration stuff. I wish there was a bigger library, because we are building stuff. Where I often feel like other people have done things before, we are reinventing the wheel. While it is not a core piece of our organization and it is not a priority, it does inform our SIEM platform. It would be nice if there was a little more cookie cutter solutioning inside of it, and that they would take a little more time to shake it out.
The first year and a half was a little wacky with its usefulness, but now it is a solid piece of our infrastructure.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
We don't have any issues with it now. We had some issues in the past, but we chalked those up to user error. We didn't know what we were doing at first.
What do I think about the scalability of the solution?
We haven't had any issues with it.
How is customer service and technical support?
I haven't heard any complaints about the technical support.
How was the initial setup?
The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us.
What's my experience with pricing, setup cost, and licensing?
It would be nice if the pricing were cheaper. However, we did purchase it.
Which other solutions did I evaluate?
We evaluated Alert Logic and Splunk. We still use both products heavily.
We have different use cases for the products. At first, Splunk was free, so we started to take more advantage of it.
What other advice do I have?
Do your homework and make sure it fits your needs.
The product is pretty good. We are pretty satisfied with it. It does what it does.
We host the product on AWS, but we did not purchase it on the AWS Marketplace.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Splunk Enterprise Security
June 2026
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,118 professionals have used our research since 2012.
Security Architect at a comms service provider with 10,001+ employees
It is a place for all our logs and everything goes in one place.
Pros and Cons
- "The stock analysts and security people use one single dashboard (one single location) to check our logs."
- "It scales better in the cloud than on-premise."
- "We would like more integrations with other cloud products, not just AWS, e.g., Azure."
- "There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
What is our primary use case?
We use it for log analysis and alerting, and our stock analysts use it.
I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.
How has it helped my organization?
It is a place for all our logs, and everything goes in one place. The stock analysts and security people use one single dashboard (one single location) to check our logs.
What is most valuable?
- Easy indexing.
- The solution is faster.
What needs improvement?
Every product needs improvement. If we can get a faster product, we will take it. There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good.
We would like more integrations with other cloud products, not just AWS, e.g., Azure.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
The stability is good. We stress it at 98 percent.
What do I think about the scalability of the solution?
The AWS scalability is pretty good. We currently have it running on three servers.
How is customer service and technical support?
Other teams have told me that the technical support is pretty good.
How was the initial setup?
For the few integrations that we have already made, these have been easy to do.
What was our ROI?
We have seen ROI.
What's my experience with pricing, setup cost, and licensing?
Splunk is not free.
What other advice do I have?
I would recommend trying different stuff based on your company's needs and log types.
We like the product.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Director at a tech services company with 10,001+ employees
It has the flexibility to do multiple analyses
Pros and Cons
- "It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
- "The product is adept at log mining."
- "Explore Splunk. The product has a lot of depth."
- "If it could be made available as a service, this would be much better than as a product."
What is our primary use case?
- Log mining
- Log analysis
How has it helped my organization?
It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are.
What is most valuable?
- The product is adept at log mining.
- It has the flexibility to do multiple analyses.
- It works across heterogeneous environments in different ways.
What needs improvement?
I have not tested the hybrid model yet. I don't know whether all its integrations and interfaces will work between the cloud and on-premise model. I also don't know if across multiple clouds all the products will perform properly.
If it could be made available as a service, this would be much better than as a product.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is stable under production environments.
What do I think about the scalability of the solution?
The scalability is decent. We have implemented it in our production environment, and it scales.
What was our ROI?
We have seen ROI and improvements as we have continued to use the product, but they are more reactive. We want to be proactive on an enterprise-wide scale.
Which other solutions did I evaluate?
We considered Oracle Enterprise Manager, but Splunk is way more powerful. Splunk is product-agnostic, as it can move across different platforms and products.
What other advice do I have?
Explore Splunk. The product has a lot of depth.
It works with multiple products which are scheduling systems to ERPs to legacy, and it works perfectly fine.
I use the on-premise version. I have not had the opportunity to explore the AWS on Splunk version yet.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Engineering Manager at Cengage Learning
It is stable and scalable. It is also easy to configure.
Pros and Cons
- "The client site login is pretty extensible and probably cost-effective."
- "It is very stable. We have not had any problems."
- "Splunk may be more costly upfront, but in the long run, it saves on time and man-hours."
- "I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
What is our primary use case?
We use it for logging, essentially for auditing and troubleshooting errors in production and finding out what happened.
I have used the product personally for five years and at my current company for a year and a half.
How has it helped my organization?
I haven't had any problems with it so far.
What is most valuable?
There are a lot of plugins to integrate this. The client site login is pretty extensible and probably cost-effective. Plus, it is easy to configure.
What needs improvement?
I would like some additional AI capabilities to provide additional information about things going wrong and things going well.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
It is very stable. We have not had any problems.
We had to upgrade when it was on-premise, but then we went to cloud version, which is very good.
What do I think about the scalability of the solution?
It is pretty scalability, even though we have a lot of logs. It runs well.
What's my experience with pricing, setup cost, and licensing?
I assume that the pricing is reasonable, because if it was too costly, there are other alternatives. However, with some of the other solutions, you have to spend time on them and manage them yourself. It might also take you three times to get it right. So, Splunk may be more costly upfront, but in the long run, it saves on time and man-hours.
Which other solutions did I evaluate?
I would consider ELK Kibana a competitor for this solution. If you have time, and you want to do it yourself, you can save a little money going with Kibana. However, Splunk is pretty good and I would recommend an enterprise to switch to Splunk.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Enterprise Architect and Business with 5,001-10,000 employees
It is easy to use, and easy to implement.
Pros and Cons
- "This solution helps us increase our productivity."
- "It is easy to use, and easy to implement."
- "We are saving a lot of time by being in one place instead of several servers."
- "I would like to see ability to master management. In terms of clustering, how it manages clustering needs improvement."
What is our primary use case?
It helps increase our productivity.
How has it helped my organization?
We are saving a lot of time by being in one place instead of several servers.
What is most valuable?
The most valuable features are understanding the visualization compass on the dashboard, as well as the reports on the dashboards.
What needs improvement?
I would like to have the ability to master the management of clustering.
For how long have I used the solution?
One to three years.
How was the initial setup?
It is easy to implement.
What other advice do I have?
It is easy to use, and easy to implement.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Project Manager at a comms service provider with 10,001+ employees
This solution has an ability to do a quick search and immediately stop an incident from happening.
Pros and Cons
- "It has virtual visualization, and other products do not."
- "The way this solution has improved our organization is by its ability to do a quick search and immediately stop an incident from happening."
- "We had an instance when Splunk failed and it took us a couple of days to recover."
What is our primary use case?
My primary use case for Splunk is for log file visualization and monitoring alert management.
How has it helped my organization?
The way this solution has improved our organization is by its ability to do a quick search and immediately stop an incident from happening.
What is most valuable?
The auto-notification abilities are a huge benefit for us.
What needs improvement?
After a crash, the product takes a while to recover.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
Sometimes we have had instances when it will not run for a couple of days. There is room for improvement here.
What was our ROI?
There are lots of use cases and features that make Splunk a good choice for us.
What's my experience with pricing, setup cost, and licensing?
I have no opinion on the pricing of the product.
Which other solutions did I evaluate?
We considered Datadog and Zabbix. In comparison to those options, Splunk has virtual visualization. Furthermore, it can be a host on our environment. Typically, we cannot deploy SaaS on our environment, but with Splunk, we can.
What other advice do I have?
When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed. But, the instance was resolved.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
It gives us the liberty to do more in terms of use cases.
Pros and Cons
- "It gives us the liberty to do more in terms of use cases."
- "Manually, it used to take us a whole day to do strong monitoring, now it takes a maximum of two hours because of this product."
- "The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
What is our primary use case?
I work in the HIPAA industry. I work at a healthcare company in Puerto Rico. HIPAA requires us to go over security risks. Our use case right now is to be compliant.
In our hierarchy, we have 1000 servers and 16,000 endpoints. We also have 100 entry points and 3000 VPN connections. It's huge.
How has it helped my organization?
Manually, it used to take us a whole day to do strong monitoring. Now, it takes a maximum of two hours because of this product.
It creates a single pane of glass. Plus, it gives us the liberty to do more in terms of use cases, especially since HIPAA wants use cases. We must monitor them. Therefore, we can also add our own correlations for all our use cases.
What is most valuable?
The dashboard centralizes the daily routine. We used to do this by hand. Now, we go through daily checklists, using the dashboard and setting up the alarms. It helps us to cut down the time on this routine.
I am a cybersecurity director. I manage five different business lines. Every morning, we used to have to go to different tools to get our daily routines done. With Splunk, centralized as it is, we can see everything in one place. We use it not only for monitoring events, but in case we need to do a group call. We can see what's going on, viewing all of the offenses and security events which are happening in our infrastructure.
What needs improvement?
The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall.
For how long have I used the solution?
One to three years.
How was the initial setup?
It was pretty straightforward. I even did a couple of logs myself.
What about the implementation team?
We implement through a vendor.
Which other solutions did I evaluate?
We were using QRadar as a POC. We were using for real at our cloud but also it was a POC for us because we were watching the product. But, QRadar needs a lot of fine tuning.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Principal Consultant at a computer software company with 51-200 employees
Positive features include replication capabilities, software development kits, and its architecture
Pros and Cons
- "Positive features include replication capabilities, software development kits, and the architecture."
- "The solution could use a different licensing model."
- "An improved user interface along with multi-tenancy support would be beneficial."
What is our primary use case?
- Cybersecurity defense
- Web app monitoring
- VMware monitoring
How has it helped my organization?
- Troubleshooting
- Cyber defense
What is most valuable?
- Drill down
- Apps
- REST API
- Software development kits
- Architecture
- Replication capabilities
What needs improvement?
- Multi-tenancy support
- Improved user interface
- Non-proprietary search language
- Different licensing model
For how long have I used the solution?
One to three years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
DevOps Engineer at BigPanda
A full monitoring and alerting solution for operations and application analysis
Pros and Cons
- "It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
- "We used it to create a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity."
- "It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."
What is our primary use case?
We use Splunk for a few different use cases:
- We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards.
- We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams.
- We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.
How has it helped my organization?
It has improved our organization in many ways:
- Having Splunk as part of one of our software products was our choice for giving our customers a great user experience.
- It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems.
What is most valuable?
- The easy automatic field parsing of logs.
- Data model acceleration
- The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink.
What needs improvement?
It needs to improve the way to install third-party apps and enable installation without logging into splunk.com.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
Not at all.
What do I think about the scalability of the solution?
Not really.
How is customer service and technical support?
Their support is pretty good, but not amazing. Although we have our own in-house Splunk expert who worked for Splunk themselves for a few years, we do not really need external support that much. We basically use them for licensing stuff.
The forums are pretty thorough, so technically we have not had much need for support.
How was the initial setup?
The initial setup is easy. Although, we currently use just a single server and not multi-server clustered instances.
For our Linux instance setup, an upgrade is very easy. It is all managed by about three simple Bash scripts.
What's my experience with pricing, setup cost, and licensing?
It is possible to use a developer's license, which is up to 10GB per day of volume traffic, which is usually enough for most use cases.
Which other solutions did I evaluate?
We evaluated ELK Stack and QlikView.
What other advice do I have?
We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.
Disclosure: My company has a business relationship with this vendor other than being a customer. We are a Splunk Partner.
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2026
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
IBM Security QRadar
Splunk AppDynamics
Microsoft Sentinel
Elastic Security
IBM Turbonomic
Palantir Foundry
WhatsUp Gold
Elastic Observability
LogRhythm SIEM
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack















