We use it for security operations and management.
Sr. Security Engineer at a university with 1,001-5,000 employees
In additon to search and analytic capabilities, Splunk has under-the-cover capabilities for timestamp data.
Splunk is a pretty powerful piece of software. There is the obvious search and analytic capabilities it has but there is some robustness under the covers as well. One of those under-the-cover capabilities is detecting and understanding timestamp data. Its the sort of thing that as users of the software we simply accept and generally speaking don't spend a whole lot of time thinking about.
From an admin perspective as you start to put some effort into understanding your deployment and making sure things are working correctly one of the items to look at is the DateParserVerbose logs. Why you ask? I've recently had to deal with some timstamp issues. These internal logs generally document problems related to timestamp extraction and can tell you if, for example, there are logs being dropped for a variety of timestamp related reasons.
Dropped events are certainly worthy of some of your time! What about logs that aren't being dropped but for one reason or another Splunk is assigning a timestamp that isn't correct?
Continue reading this post on my blog here.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Enterprise Client Executive at a tech services company with 11-50 employees
Good user community, good support, and very powerful
Pros and Cons
- "The Splunk user community and forum are most valuable."
- "Its interface could be improved."
What is our primary use case?
What is most valuable?
The Splunk user community and forum are most valuable.
What needs improvement?
Its interface could be improved.
For how long have I used the solution?
We have been a reseller for three years.
What do I think about the stability of the solution?
It is stable. It is very powerful.
How are customer service and support?
Their support is good.
How was the initial setup?
Its initial setup is complex. You're going to need deployment services from somebody who is an expert in the product. You would need at least two users.
What other advice do I have?
It is hard to integrate because it can do so many things. A lot of people think it is a set-it-and-forget-it solution, but it is a full-time job for somebody. I would advise others to plan and prepare for ongoing management. It requires a dedicated person for management.
Compared to other SIEMs, it is a 10 out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
Network Operations Center Engineer at a tech company with 51-200 employees
A stable and scalable solution which is easy to install and use and has good tech support
Pros and Cons
- "I am satisfied with the support."
- "The price of the solution could be cheaper."
What is our primary use case?
We use the solution for monitoring systems. We also use it with servers and CG routers from the data center, as well as for collecting the ADL from all networks which are located in our regions of the country.
What is most valuable?
I like that the solution is easy to use and stable.
What needs improvement?
The price of the solution could be cheaper.
For how long have I used the solution?
I am currently working with Splunk and have a year's experience doing so.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
Support is at a level one department and I am responsible for managing both IT support and node engineers.
I am satisfied with the support.
How was the initial setup?
The solution is easy to install.
It took half a day.
What about the implementation team?
We were able to handle the installation on our own.
There are 40 people responsible for the deployment and maintenance of the solution, four of whom are engineers. There is a computer DE who is responsible for the engineering and a candidate for graduation in 2022.
What's my experience with pricing, setup cost, and licensing?
The solution could be more cost-effective, as we charge our customers the cheapest price.
The subscription is monthly.
What other advice do I have?
The solution is cloud-based.
There are more than a thousand users making use of the solution in our organization, who are connected with us in over 530 different areas.
I recommend the solution and plan to continue using it.
I rate Splunk as a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senior Cloud Operations Analyst at a tech vendor with 1,001-5,000 employees
Makes us much faster finding and addressing issues
Pros and Cons
- "We are much faster finding and addressing issues with Splunk."
- "I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
What is our primary use case?
Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.
How has it helped my organization?
We are much faster finding and addressing issues with Splunk. We reduce the MTR and get more done.
What is most valuable?
So many of Splunk's features are invaluable to us:
- Machine and business data retention
- Solid HA and distribution
- Adaptability to custom data
- Search, Search, Search.
What needs improvement?
I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
No stability issues.
What do I think about the scalability of the solution?
No scalability issues.
How is customer service and technical support?
The support team is very competent.
How was the initial setup?
The initial setup is very straightforward.
What about the implementation team?
We implemented in-house
What was our ROI?
Our ROI is high.
Which other solutions did I evaluate?
We evaluated LogRhythm.
What other advice do I have?
I love this product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Foundation Technology Specialist at a insurance company with 1,001-5,000 employees
Provides the ability to diagnose problems in production and non-production.
Pros and Cons
- "The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
- "It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
How has it helped my organization?
MTTR is drastically reduced, because the developers and other IT support staff have instant access to log events.
People costs are saved by not having to involve the domain developers from multiple teams, when tracing a problem that spans multiple platforms.
Security is improved by not having to give as many people access to log on to the servers.
What is most valuable?
The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature.
What needs improvement?
Official training, even CBT, is expensive so not many people are able to get certified. This leads/causes the users to make use of the most basic functionality only.
It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded. Splunk has moved towards not applying hard caps in data ingestion, and this will help us in the future.
However, I’d like an easier way to flag certain source log files as non-critical and have Splunk automatically disable those event sources when the license capacity exceeds an arbitrary value.
What do I think about the stability of the solution?
There were no stability issues.
What do I think about the scalability of the solution?
There were no scalability issues.
How are customer service and technical support?
Customer Service:
I haven't had the need to log any critical issues. Most of my support tickets have been revolved around configuration questions. I'm very happy with the way Splunk's support staff respond - they're pretty helpful. I think I've only had one situation where the response was acceptable, but not stellar.
Technical Support:
The technical support is good. I'm sometimes surprised when the support engineer doesn't immediately know the answer to my questions (as I feel they must be fairly common queries). But, this can probably be excused because of the breath of features Splunk Enterprise has.
Which solution did I use previously and why did I switch?
We were not using any other solution previously.
I evaluated ELK Stack but at the time, Splunk offered more flexibility, better support and was easier for us to implement.
How was the initial setup?
Initial setup was fairly straightforward, but we used an experienced implementation partner and ensured that our team was intimately involved in the installation/configuration process on a technical level.
What about the implementation team?
We used a combintation of in-house (ie. myself) and an experienced Splunk partner.
What's my experience with pricing, setup cost, and licensing?
The product has a lot of value, and I feel that we’re getting the value that we’re paying for.
Splunk Enterprise becomes extremely expensive after the 20GB/month license, but if you take care of what you log, i.e., by not logging excessive application events, then that license will get you a long way.
Which other solutions did I evaluate?
We looked at ELK Stack.
What other advice do I have?
Use an experienced Splunk architect to design your infrastructure configuration.
Ensure that your tech leads are intimately involved and understand exactly how the product fits together.
Manage your Splunk configuration in a repository (Git).
Educate the end users as quickly as possible to use the tool effectively.
Change practices and encourage staff to use Splunk instead of old ways of getting the data they need. Prevent, or limit, direct access to the servers or server log files if you can.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Director at a consultancy with 11-50 employees
It allows us to store raw data and use it repeatedly for different domains.
How has it helped my organization?
We are using it for operational intelligence. We are using Splunk as a data lake for machine data. We gather all our machine data from the IT infrastructure and monitor its health.
What is most valuable?
Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront.
Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data.
What needs improvement?
Visualizations can improve. There are some performance and stability issues with the visualization layer.
What do I think about the stability of the solution?
There were stability issues, but only with the visualization layer.
What do I think about the scalability of the solution?
There were no scalability issues.
How are customer service and technical support?
The technical support is quite good.
Which solution did I use previously and why did I switch?
Previously, we worked with different vendors and solutions.
How was the initial setup?
The setup was very straightforward.
What's my experience with pricing, setup cost, and licensing?
The price is pretty high for our region.
Which other solutions did I evaluate?
We did a SIEM solutions review with this and other systems for one of our customers.
What other advice do I have?
This is the right choice if you are looking for a platform that can combine all machine-generated data and use it for various use cases from different domains.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Alireza GhahroodConsultant & Instructor -Cyber Security,GovernanceRIskCompliance (CISO as a Services) at Independent
Top 10Real User
Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront.
Java Technical Lead at a insurance company
The visibility is amazing with easy dashboard creation
Pros and Cons
- "It is easy to use in any environment."
- "The visibility is amazing with easy dashboard creation."
- "Not even Splunk's support guy, who came to our firm, could help with defining proper role management."
- "Make it easier to include roles and user controls, as it is horrible now."
What is our primary use case?
- Log monitoring and alerts
- Looking up information
- Dashboards for nice, fast information about various application servers.
How has it helped my organization?
- It is easier to find problems and exceptions.
- It is used by any factor in the firm.
- Easy dashboards creation.
- The visibility is amazing.
What is most valuable?
- Regex for fields creation is great.
- High availability
- Easy to use in any environment.
What needs improvement?
Make it easier to include roles and user controls, as it is horrible now.
For how long have I used the solution?
More than five years.
How is customer service and technical support?
Not even Splunk's support guy, who came to our firm, could help with defining proper role management.
What's my experience with pricing, setup cost, and licensing?
It is a pretty high cost solution, but if your organization has the funds, it can bring many benefits.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Infrastructure Architect at a tech company with 201-500 employees
Does event matching between several appliances and correlates data from different sources.
What is most valuable?
- Event matching between several appliances
- Correlating data from different sources
- Report viewer
How has it helped my organization?
It helps us to detect viruses and security events from our network.
What needs improvement?
It needs documentation, and "how-to-do" information. It's complicated to build reports and views.
For how long have I used the solution?
I have used Splunk for about two years.
What do I think about the stability of the solution?
There were no stability issues. It was running on a VM over Hyper-V.
What do I think about the scalability of the solution?
There were no scalability issues. It was running on a VM over Hyper-V.
How are customer service and technical support?
I used support a little bit for some templates for formatting data from Cisco and Fortinet logs. They were very fast with their response. I didn't have any support contract, but only entry level support.
Which solution did I use previously and why did I switch?
This was our first try for log analysis.
How was the initial setup?
The setup was easy.
What's my experience with pricing, setup cost, and licensing?
There is nothing to say. At that time, it was for GBs of data received.
Which other solutions did I evaluate?
We did not look at alternatives. It was a consulting provider recommendation. It was a rapid implementation to accomplish legal requirements. After we used it for a while, we decided to keep it.
What other advice do I have?
Check for the plugin to format data of already completed templates for the appliance to which you want to keep logs and events.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Cortex XSIAM
Securonix Next-Gen SIEM
USM Anywhere
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack
- What is a better choice, Splunk or Azure Sentinel?
i am agree with splunk user who are saying splunk faster then other product.