We use Splunk for analyzing data.
President at a non-profit with self employed
Expensive, but easy data gathering and reliable
Pros and Cons
- "The solution allows easy gathering and ingestion of the data."
- "The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
What is our primary use case?
What is most valuable?
The solution allows easy gathering and ingestion of the data.
What needs improvement?
The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed.
For how long have I used the solution?
I have been using Splunk within the past 12 months.
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,795 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution has been stable.
What do I think about the scalability of the solution?
Our customers are mostly enterprise-sized companies using this solution.
How are customer service and support?
Splunk has many partners that provide customer support that can be used.
How was the initial setup?
The initial setup is not easy. Customers have to learn the Splunk language and it is hard to operate it by themselves. They will need Splunk engineers to assist in their projects.
What about the implementation team?
You will need a Splunk implementation specialist for the deployment.
What's my experience with pricing, setup cost, and licensing?
My customers have found the price of the solution to be high.
What other advice do I have?
I rate Splunk a five out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer:
BS Systems Engineer at a tech services company with 501-1,000 employees
Makes use of all logs and takes proactive actions
Pros and Cons
- "Integrity with many vendors: This simplifies the implementation and integration with different devices"
- "Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
What is our primary use case?
We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.
How has it helped my organization?
It helps the IT staff to monitor the full structure. It also makes use of all logs and takes proactive actions.
What is most valuable?
Integrity with many vendors: This simplifies the implementation and integration with different devices.
What needs improvement?
Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it.
For how long have I used the solution?
One to three years.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a partner with Splunk.
Buyer's Guide
Splunk Enterprise Security
November 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,795 professionals have used our research since 2012.
SVP, Technical Operations at a tech vendor with 201-500 employees
Splunk has great interoperability with other applications through their SplunkBase app store.
What is most valuable?
Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks.
What needs improvement?
Unlike other cloud based analytics platforms, at the time of this writing Splunk Cloud is a dedicated instance per customer rather than a shared tenancy platform. While this is beneficial from an overall performance standpoint, the product lacks the seamless integrations one has come to expect from a cloud solution. This translates to a much stronger reliance on Splunk's support organization out of necessity, as the customer cannot make most changes in a self-service manner.
For how long have I used the solution?
We have been a Splunk customer for five years.
What was my experience with deployment of the solution?
Our Splunk Cloud deployment was a migration from an on-premise implementation of Splunk. The migration took much longer than expected due to constraints within Splunk's cloud team, but there were no technical issues with the launch.
How is customer service and technical support?
Customer Service:
The customer support team at Splunk is very good.
Technical Support:The technical support team at Splunk is highly responsive and knowledgeable.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Consultant at a computer software company with 11-50 employees
Customizable and has average installation difficulty
Pros and Cons
- "I have found the installation can be of medium difficulty to very complex depending on the use case."
- "There is improvement needed when importing from some types of data sources."
What needs improvement?
There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.
For how long have I used the solution?
I have been using this solution for approximately three years.
Which solution did I use previously and why did I switch?
I have previously used Curator and it was much easier to use than this solution.
How was the initial setup?
I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.
What other advice do I have?
When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data.
I rate Splunk an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Engineer at a integrator with 11-50 employees
Has the ability to add the functionality you want but it is expensive
Pros and Cons
- "The initial setup is really straightforward. It's one of the easiest installations."
- "They should make data onboarding easier."
What is our primary use case?
Our primary use case is for monitoring and cybersecurity.
What needs improvement?
The clusters are hard. It has too many moving parts.
They should make data onboarding easier.
For how long have I used the solution?
One to three years.
What do I think about the scalability of the solution?
Its ability to scale nicely is one of Splunk's strengths. You just horizontally add another machine and you get your scalability.
How are customer service and technical support?
Which solution did I use previously and why did I switch?
Our clients switch from Nagios or other monitoring solutions because the other solutions were not as flexible as Splunk. With Splunk, you can do things very programmatically. With a help of a developer and included SDK you can add needed functionality.
How was the initial setup?
The initial setup is really straightforward. It's one of the easiest installations.
This product doesn't have any kind of dependencies, it just worked from one package. Install it and boom, you have a working solution.
What about the implementation team?
What's my experience with pricing, setup cost, and licensing?
Splunk is on expensive side.
There are some premium add-ons like Splunk Enterprise Security or ITSI which makes it more expensive.
What other advice do I have?
I would advise to get Splunk professional services from Splunk.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Cyber Analyst with 501-1,000 employees
It has the ability to correlate results
What is our primary use case?
Testing for insider threat behavior.
How has it helped my organization?
It gave management confidence in current operations.
What is most valuable?
The ability to correlate results.
What needs improvement?
A few more analysis aids might help. The next release could have more intuitive help examples.
For how long have I used the solution?
One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Products Manager at a tech services company with 5,001-10,000 employees
Valuable features include rapid search, data mining, and information propagation. The GUI should be improved.
What is most valuable?
Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.
How has it helped my organization?
It has been helping a lot of my clients with fast data mining and information propagation.
What needs improvement?
The GUI should be improved, in other words, the overall appearance.
For how long have I used the solution?
I am not the end-user. However, my job was more relevant as a consultant.
What do I think about the stability of the solution?
Performance upgrades are needed when more processing power is required.
What do I think about the scalability of the solution?
We have not had scalability issues.
How are customer service and technical support?
Technical support is good.
Which solution did I use previously and why did I switch?
The client was using an open source solution. They decided to switch to an enterprise product.
How was the initial setup?
The setup can be straightforward, if use cases are well defined.
What's my experience with pricing, setup cost, and licensing?
Overall, it the cost is reasonable and it is easy to upgrade.
Which other solutions did I evaluate?
Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.
What other advice do I have?
Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a distributor.
Fast and easy to use, but could be faster
Pros and Cons
- "The solution is very fast and succinct."
- "I feel the solution to be too slow."
What is most valuable?
The solution is very fast and succinct.
What needs improvement?
When it comes to out of the box use cases, I feel the solution to be too slow.
For how long have I used the solution?
I have not been working with Splunk for long.
How was the initial setup?
The initial setup was simple.
It took an hour.
Which other solutions did I evaluate?
Curator is more scalable than certain other solutions.
What other advice do I have?
We are partners of Splunk and provide the solution to customers.
I feel Splunk is easy to utilize.
My company has an app. on which the solution is deployed on-premises on a single server.
There is another team in my company that works with Splunk products.
I rate Splunk as a seven-point-five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Cortex XSIAM
Securonix Next-Gen SIEM
USM Anywhere
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack
- What is a better choice, Splunk or Azure Sentinel?