Splunk Enterprise Security Reviews

We use the solution for monitoring systems. We also use it with servers and CG routers from the data center, as well as for collecting the ADL from all networks which are located in our regions of the country.

I like that the solution is easy to use and stable. 

The price of the solution could be cheaper. 

I am currently working with Splunk and have a year's experience doing so. 

The solution is stable. 

The solution is scalable. 

Support is at a level one department and I am responsible for managing both IT support and node engineers. 

I am satisfied with the support. 

The solution is easy to install. 

It took half a day. 

We were able to handle the installation on our own. 

There are 40 people responsible for the deployment and maintenance of the solution, four of whom are engineers. There is a computer DE who is responsible for the engineering and a candidate for graduation in 2022.

The solution could be more cost-effective, as we charge our customers the cheapest price. 

The subscription is monthly. 

The solution is cloud-based. 

There are more than a thousand users making use of the solution in our organization, who are connected with us in over 530 different areas. 

I recommend the solution and plan to continue using it. 

I rate Splunk as a seven out of ten. 

Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.

We are much faster finding and addressing issues with Splunk. We reduce the MTR and get more done.

So many of Splunk's features are invaluable to us:  

• Machine and business data retention
• Solid HA and distribution
• Adaptability to custom data
• Search, Search, Search.

I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications.

No stability issues.

No scalability issues.

The support team is very competent.

The initial setup is very straightforward.

We implemented in-house

Our ROI is high.

We evaluated LogRhythm.

I love this product.

MTTR is drastically reduced, because the developers and other IT support staff have instant access to log events.

People costs are saved by not having to involve the domain developers from multiple teams, when tracing a problem that spans multiple platforms.

Security is improved by not having to give as many people access to log on to the servers.

The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature.

Official training, even CBT, is expensive so not many people are able to get certified. This leads/causes the users to make use of the most basic functionality only.

It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded. Splunk has moved towards not applying hard caps in data ingestion, and this will help us in the future.

However, I’d like an easier way to flag certain source log files as non-critical and have Splunk automatically disable those event sources when the license capacity exceeds an arbitrary value.

There were no stability issues.

There were no scalability issues.

Customer Service:

I haven't had the need to log any critical issues. Most of my support tickets have been revolved around configuration questions. I'm very happy with the way Splunk's support staff respond - they're pretty helpful. I think I've only had one situation where the response was acceptable, but not stellar.

Technical Support:

The technical support is good. I'm sometimes surprised when the support engineer doesn't immediately know the answer to my questions (as I feel they must be fairly common queries). But, this can probably be excused because of the breath of features Splunk Enterprise has.

We were not using any other solution previously.

I evaluated ELK Stack but at the time, Splunk offered more flexibility, better support and was easier for us to implement.

Initial setup was fairly straightforward, but we used an experienced implementation partner and ensured that our team was intimately involved in the installation/configuration process on a technical level.

We used a combintation of in-house (ie. myself) and an experienced Splunk partner.

The product has a lot of value, and I feel that we’re getting the value that we’re paying for.

Splunk Enterprise becomes extremely expensive after the 20GB/month license, but if you take care of what you log, i.e., by not logging excessive application events, then that license will get you a long way.

We looked at ELK Stack.

Use an experienced Splunk architect to design your infrastructure configuration.

Ensure that your tech leads are intimately involved and understand exactly how the product fits together.

Manage your Splunk configuration in a repository (Git).

Educate the end users as quickly as possible to use the tool effectively.

Change practices and encourage staff to use Splunk instead of old ways of getting the data they need. Prevent, or limit, direct access to the servers or server log files if you can.

We are using it for operational intelligence. We are using Splunk as a data lake for machine data. We gather all our machine data from the IT infrastructure and monitor its health.

Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront.

Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data.

Visualizations can improve. There are some performance and stability issues with the visualization layer.

There were stability issues, but only with the visualization layer.

There were no scalability issues.

The technical support is quite good.

Previously, we worked with different vendors and solutions.

The setup was very straightforward.

The price is pretty high for our region.

We did a SIEM solutions review with this and other systems for one of our customers.

This is the right choice if you are looking for a platform that can combine all machine-generated data and use it for various use cases from different domains.

The solution is very fast and succinct. 

When it comes to out of the box use cases, I feel the solution to be too slow. 

I have not been working with Splunk for long. 

The initial setup was simple. 

It took an hour. 

Curator is more scalable than certain other solutions. 

We are partners of Splunk and provide the solution to customers. 

I feel Splunk is easy to utilize. 

My company has an app. on which the solution is deployed on-premises on a single server. 

There is another team in my company that works with Splunk products. 

I rate Splunk as a seven-point-five out of ten. 

• Event matching between several appliances
• Correlating data from different sources
• Report viewer

It helps us to detect viruses and security events from our network.

It needs documentation, and "how-to-do" information. It's complicated to build reports and views.

I have used Splunk for about two years.

There were no stability issues. It was running on a VM over Hyper-V.

There were no scalability issues. It was running on a VM over Hyper-V.

I used support a little bit for some templates for formatting data from Cisco and Fortinet logs. They were very fast with their response. I didn't have any support contract, but only entry level support.

This was our first try for log analysis.

The setup was easy.

There is nothing to say. At that time, it was for GBs of data received.

We did not look at alternatives. It was a consulting provider recommendation. It was a rapid implementation to accomplish legal requirements. After we used it for a while, we decided to keep it.

Check for the plugin to format data of already completed templates for the appliance to which you want to keep logs and events.

We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.  

It helps the IT staff to monitor the full structure. It also makes use of all logs and takes proactive actions.

Integrity with many vendors: This simplifies the implementation and integration with different devices. 

Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it.

It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.

It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.

If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide.

I have been using this solution for about three to four months.

I'm not sure. I do not really throw a lot of data in it, but it has been authenticated very nicely. It manages indexes and all of these things very nicely. I have not been privy to any production systems where you have millions of lines of log coming in every second. It works very well for the data that I have. It should be able to handle a lot of data. That's the whole purpose of it, and that's why Splunk has become so popular. It is an enterprise monitoring tool, and a lot of customers have Splunk in their ecosystem.

They have pretty much good documentation and good training. Their documentation is a lot better than Qlik Sense.

Splunk is an enterprise monitoring tool. Qlik Sense can do a little bit of log monitoring, but it is mostly used for dashboard reporting, whereas Splunk is more around monitoring and figuring out threats and all such things. They are different, but both deal with the data and allow you to create operation reports. 

Power BI is another tool that a lot of our customers use, but Splunk is quite often requested. It is also a lot more popular than Qlik Sense. We have a fair number of Qlik Sense customers.  

We usually sell Blue Prism to business users who are more concerned with the reporting aspect, which is why they would like to have easy tools like Qlik Sense in their ecosystem, but on the infrastructure side, it would be Splunk for enterprise monitoring.

Simple environments are easier to install. Because there is a lot of data log monitoring, once you have a production system, there is some amount of work in setting it up, especially making it SSL Secure and exposing it on the internet. There are multiple components behind it, so you need to ensure that all these things are set up correctly. These kinds of things are not required on a cloud platform because you are just uploading data. You really don't have much access to the backend.

Splunk also has a cloud version, which I haven't looked at, but I have used Qlik Sense's cloud platforms. With on-premises, you are in control of pretty much how you set up all the data that you are sending out. A lot of our customers have the issue that if it is a cloud platform, they cannot really send out the data to any of these cloud platforms. So, there are data residence and other issues.

It is economical than other solutions.

I would definitely recommend Splunk. It is quite a decent tool, and it is there in a lot of enterprises.

I would rate Splunk an eight out of ten.