Try our new research platform with insights from 80,000+ expert users
it_user762567 - PeerSpot reviewer
Director of Information Security with 201-500 employees
Real User
Extremely scalable but they need to make purpose-built modules more robust
Pros and Cons
  • "It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
  • "The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication."

What is our primary use case?

  • SIEM
  • Security information 
  • Event management

What needs improvement?

The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication.

What they need to do more than anything else is, they need to take a serious look at purpose-built modules like the SIEM and put a lot more effort into making them more robust. If they did that I think they would have a better chance on the market. The base tool was great, and if the organization that they're looking to sell into requires a good, solid logging solution then they would have a very good sales statement to make because you could get the logging solution you need that could give you the SIEM at the same time.

What do I think about the scalability of the solution?

It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solution would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make.

Which solution did I use previously and why did I switch?

  • AlienVault
  • LogRhthym
  • ArcSight
  • QRadar

I've used a whole bunch of different solutions. For a SIEM based solution, they are more purpose-built for that function. Where Splunk is purpose-built for a general logging and data capture solution so you'd be able to capture a lot of different information.

Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.

How was the initial setup?

Anything that's not out of the box requires codding. Even up until recently when they finally released their SIEM or their security add-on. Before then there was not security stuff at all. I would actually have to go in and code that within the system to able to do the necessary searches to pull that information. Where a lot of the other tools, they already have those preconfigured which means I don't have to go and recreate the wheel. Now, we finally figured that out to a certain degree, and started putting the new tool in a place that gives you some SIEM functionality.

What other advice do I have?

As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Technical Lead at Wipro Technologies
Real User
Capability to expand functionality through custom code for data inputs, commands, visualization, alerts, and machine learning
Pros and Cons
  • "We can ingest and correlate data from virtually any type of system."
  • "Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
  • "Missing capability for audio/video and image processing."
  • "While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin."

What is our primary use case?

We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.

How has it helped my organization?

Since Splunk is a platform for data, we can ingest and correlate data from virtually any type of system.

It has a fast turnaround time for setting up monitoring/alerting and forecasting of trends as per our customers' requirements.

What is most valuable?

The following are top three features that I find quite valuable:

  1. Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning.
  2. Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level.
  3. Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app.

What needs improvement?

  • Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations.
  • While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin.
  • Missing capability for audio/video and image processing.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
it_user717477 - PeerSpot reviewer
Account Manager at a tech services company with 10,001+ employees
Real User
Proactively monitor threats and reduces threat footprint, though professional support is too expensive
Pros and Cons
  • "Deployment server for deploying changes in one go."
  • "Professional support is great, but too expensive."

How has it helped my organization?

It was used for security event management on landscape hosted over AWS.

It helped the organisation to proactively monitor threats and reduce its threat footprint.

What is most valuable?

Deployment server for deploying changes in one go.

What do I think about the stability of the solution?

It is quite stable.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Professional support is great, but too expensive. Otherwise content published over website is good.

Which solution did I use previously and why did I switch?

Not applicable.

What's my experience with pricing, setup cost, and licensing?

Do proper estimation on log ingestion per day as that will impact pricing and licensing.

Which other solutions did I evaluate?

It was the customer's choice.

What other advice do I have?

It provides a great range of plugins and one can really take great advantage of utilising inbuilt dashboards to derive the desired monitoring.

Our company consults for different customers and are in a good position to recommend the best solution to our clients.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Presales IT at a tech services company with 201-500 employees
MSP
Good product that satisfies our customers
Pros and Cons
  • "The product is good, it satisfies our customers."
  • "The prices are complicated as we operate in a small third-world country."

What is our primary use case?

Our company is an IT service provider. We are resellers of Splunk. One of our clients that we monitor is a laboratory that uses this solution.

Splunk is a change management solution. We use the solution as a log collector, and to analyze and provide alerts from the IT instructor.

What is most valuable?

The product is good, it satisfies our customers.

What needs improvement?

The price of Splunk is too high for our market.

For how long have I used the solution?

Our company has been a reseller of Splunk for less than six months.

What do I think about the stability of the solution?

Splunk is stable.

What do I think about the scalability of the solution?

This is a scalable solution.

How are customer service and support?

We have had no concerns with customer service.

How was the initial setup?

The initial setup of Splunk is somewhat difficult because it was our first time implementing the solution. It was a similar situation to implementing other CM tools like FortiSIEM.

What about the implementation team?

Splunk required two engineers to implement, and we will add another one to maintain the solution.

What's my experience with pricing, setup cost, and licensing?

The prices are complicated as we operate in a small third-world country.

Which other solutions did I evaluate?

We give support for VMware and other technologies. We purchased Splunk because our customers were asking for our services to take control of the implementation from another company.

What other advice do I have?

If you are considering Splunk and you like what you are seeing; my advice would be to go for it.

I would rate Splunk an 8 out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
reviewer684213 - PeerSpot reviewer
Telecom Tech at a university with 501-1,000 employees
Real User
Easy to configure with user-friendly alerts and good search functionality
Pros and Cons
  • "We can easily configure things as required in relation to our use cases."
  • "From the commercial point of view, they have to bring down their costs."

What is most valuable?

We enjoy the whole solution. It is meeting our requirements, especially the SIM solution. 

The alerts are very user-friendly.

We can easily configure things as required in relation to our use cases.

The search functionality is good. It works like Google. 

Onboarding is quite easy.

The scalability is good.

Product-wise, the performance is good. 

What needs improvement?

From the commercial point of view, they have to bring down their costs. It's a bit pricey right now. The license is quite expensive. 

Much like the SOAR platform, which has security, orchestration, and automation response, all of that should be part of the SIM solution itself. Currently, it is actually separated.  We understand that we have to integrate a SIM with a SOAR platform, however, if they could combine these two products together, that would be ideal. It would make things easy to implement and make more automation possible to avoid false-positive alerts.

For how long have I used the solution?

We've been using the solution for the last four years. It's been a while. 

What do I think about the stability of the solution?

The performance is good. It's stable. There are no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

The scalability of the solution is very good. If a company needs to expand, it can do so. It's easy.

What's my experience with pricing, setup cost, and licensing?

The solution can be expensive. It's not cheap.

What other advice do I have?

We are customers and end-users. 

I'd rate the solution at a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1126641 - PeerSpot reviewer
Product Manager, CyberSecurity at a tech services company with 201-500 employees
Reseller
Has good security features but needs a better pricing model
Pros and Cons
  • "The initial setup isn't overly complex."
  • "Splunk can be an expensive solution. Technical support could be improved as well."

What is most valuable?

Because I'm security focused, I prefer the security features such as Splunk Phantom and Splunk Enterprise Security.

What needs improvement?

We need to get a Splunk Cloud instance inside South Africa's borders. At this stage, we are pushing Splunk Cloud, but it is not yet within South Africa's borders. So we've got data sovereignty issues, especially with government organizations.

Technical support could be improved as well.

Splunk can be an expensive solution. I think that they need to change their pricing model. At present, it is based on the number of gigabytes that you ingest into the Splunk system. Their competitors are now starting with a pricing model where you pay per device talking back. If Splunk could have a similar alternative, it would then allow people to choose the data model they want such as set data or a set number of devices.

For how long have I used the solution?

I have been using Splunk for three years.

How are customer service and technical support?

The technical support here in South Africa hasn't been great, but I understand why as we make up less than 3% of Splunk's total revenue in the world.

How was the initial setup?

The initial setup isn't overly complex, but it's not easy either.

What's my experience with pricing, setup cost, and licensing?

The pricing model is based on the number of gigabytes that you ingest into the Splunk system. So it can be an expensive solution.

What other advice do I have?

Plan your requirements properly from the beginning so that you can get the most value in a shorter space of time.

On a scale from one to ten, I would rate Splunk at six.

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
Técnico Judiciário at a government with 1,001-5,000 employees
Real User
Has the ability to log more logs than similar solutions and is more efficient than its competitors
Pros and Cons
  • "It can log more logs than other solutions. It's a good way to troubleshoot problems."
  • "Cybersecurity and infrastructure monitoring have room for improvement."

What is our primary use case?

We use it to do SIEM. 

How has it helped my organization?

It can log more logs than other solutions. It's a good way to troubleshoot problems.

What is most valuable?

Splunk is a good solution to collect more events than other solutions. It's a good solution, for me, for this reason.

What needs improvement?

Cybersecurity and infrastructure monitoring have room for improvement. 

For how long have I used the solution?

Less than one year.

How was the initial setup?

On a scale from one to ten I would rate the initial setup a seven for its complexity. 

Which other solutions did I evaluate?

We also looked at AlienVault.

What other advice do I have?

I would rate it an eight out of ten. 

Splunk is more efficient than other solutions but it's also more expensive. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer905577 - PeerSpot reviewer
Principal Consultant at a computer software company with 51-200 employees
User
Positive features include replication capabilities, software development kits, and its architecture
Pros and Cons
  • "Positive features include replication capabilities, software development kits, and the architecture."
  • "The solution could use a different licensing model."
  • "An improved user interface along with multi-tenancy support would be beneficial."

What is our primary use case?

  • Cybersecurity defense
  • Web app monitoring
  • VMware monitoring

How has it helped my organization?

  • Troubleshooting
  • Cyber defense

What is most valuable?

  • Drill down
  • Apps
  • REST API
  • Software development kits
  • Architecture
  • Replication capabilities

What needs improvement?

  • Multi-tenancy support
  • Improved user interface
  • Non-proprietary search language
  • Different licensing model

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.