No more typing reviews! Try our Samantha, our new voice AI agent.
PeerSpot user
Java Technical Lead at a insurance company
Real User
Apr 26, 2018
The visibility is amazing with easy dashboard creation
Pros and Cons
  • "It is easy to use in any environment."
  • "The visibility is amazing with easy dashboard creation."
  • "​Not even Splunk's support guy, who came to our firm, could help with defining proper role management.​"
  • "Make it easier to include roles and user controls, as it is horrible now."

What is our primary use case?

  • Log monitoring and alerts
  • Looking up information 
  • Dashboards for nice, fast information about various application servers.

How has it helped my organization?

  • It is easier to find problems and exceptions.
  • It is used by any factor in the firm.
  • Easy dashboards creation.
  • The visibility is amazing.  

What is most valuable?

  • Regex for fields creation is great.
  • High availability
  • Easy to use in any environment.

What needs improvement?

Make it easier to include roles and user controls, as it is horrible now.

Buyer's Guide
Splunk Enterprise Security
June 2026
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,996 professionals have used our research since 2012.

For how long have I used the solution?

More than five years.

How are customer service and support?

Not even Splunk's support guy, who came to our firm, could help with defining proper role management.

What's my experience with pricing, setup cost, and licensing?

It is a pretty high cost solution, but if your organization has the funds, it can bring many benefits.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Splunker at freelancer
Real User
Apr 25, 2018
Quickly search for almost anything across many log sources in seconds
Pros and Cons
  • "We can do things in minutes instead of days."
  • "We solve issues that we previously could not since we now have the data."
  • "We can quickly search for almost anything across many log sources in seconds."
  • "The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
  • "AngularJS/ReactJS inclusion could be made easier in GUI."

What is our primary use case?

The primary use case is to analyse and monitor big data, creating various dashboards, alerts, etc.

How has it helped my organization?

  • We can do things in minutes instead of days.
  • We solve issues that we previously could not since we now have the data.
  • We can quickly search for almost anything across many log sources in seconds.
  • Teams have the dashboards or alerts that they need.

What is most valuable?

There are too many features to list, but here are a few:

  • Schema on the fly
  • Ease of onboarding data
  • Machine learning
  • Apps or Splunkbase.
  • Great list of apps to use and build upon once you learn more about how Splunk works.
  • Ease of correlation, creating correlation searches (easy), and you can combine multiple sources with little effort.
  • Data Models Acceleration for super fast searches across tens of millions of events.
  • Common Information Model
  • Security Essentials App
  • Enterprise Security
  • Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities.
  • Log storage or compression is great and retention is not an issue.
  • Dashboards are simple to create and has input options, like time range and text.
  • Drop-downs are simple to create.
  • The integration with cloud solutions is great and keeps getting better.

What needs improvement?

The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this will become a non-issue.

Also, AngularJS/ReactJS inclusion could be made easier in GUI.

For how long have I used the solution?

One to three years.

What was our ROI?

Personnel costs are saved by not having to involve domain developers from multiple teams when tracing a problem that spans multiple platforms.

What other advice do I have?

We build many of our own apps by leveraging the logic in others.

Disclosure: My company has a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
June 2026
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,996 professionals have used our research since 2012.
PeerSpot user
Senior Network Security Engineer at Starz Entertainment
Real User
Apr 25, 2018
In the event of an incident, it has a rapid response search environment
Pros and Cons
  • "It has a rapid response search environment in the event of an incident."
  • "The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns."
  • "Splunk has enabled us to utilize many different data sources and is easy-to-use."
  • "The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."

What is our primary use case?

Although my company uses Splunk extensively, my use case is primarily the Enterprise Security add-on.

How has it helped my organization?

Splunk has enabled us to utilize many different data sources and is easy-to-use. It has a rapid response search environment in the event of an incident.

What is most valuable?

The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns.

What needs improvement?

ES is very powerful, but it requires a mature security posture at the company to take advantage of it currently. The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment.

For how long have I used the solution?

Less than one year.

Which solution did I use previously and why did I switch?

We were using a different SIEM, which was old-fashioned and very structured.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Splunk Administrator at Arizona State University
Real User
Apr 25, 2018
Provides important insights to more efficiently make decisions and take action
Pros and Cons
  • "My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
  • "Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data."
  • "While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
  • "Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."

What is our primary use case?

We use Splunk primarily to provide our security and ops groups with important insights to more efficiently make decisions and take action.

How has it helped my organization?

My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports.

What is most valuable?

Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data. They can make connections that we could not have foreseen. They dig deeper when they are searching.

What needs improvement?

Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run.

While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged.

For how long have I used the solution?

One to three years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Senior Consultant at Securian Financial Group
Real User
Apr 25, 2018
Low barrier to start searching with the ability to normalize data on the fly
Pros and Cons
  • "Low barrier to start searching with the ability to normalize data on the fly."
  • "I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
  • "With Splunk, what was once almost impossible, is now unbelievably fast."
  • "The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
  • "Most of my interaction is with the user community, which is how Splunk wants it. When I need help, that community is very hit or miss."

What is our primary use case?

Security analysis to identify issues and for use in incident handling. Correlating logs across over 1000 servers with different operating systems and applications logs to provide security insights. 

How has it helped my organization?

Before we analyzed required manual correlation of individual log files, and this was almost impossible to do. With Splunk, what was once almost impossible, is now unbelievably fast.

What is most valuable?

Low barrier to start searching with the ability to normalize data on the fly.  

I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs.

What needs improvement?

I would like to see Splunk improve its posture as a production operations tool.  This means that searches, alerts, dashboards, and additional configurations that I use should have a production migration process. Therefore, I can know if my important detects have been tampered with and I can restore them if they have.

I would also like it to be easier to understand what I can influence from the UI versus the command line. Splunk is making great strides to all configuration being possible from the UI, but it can still be confusing for a non-system administrator to track down an issue only to find that it requires command line access to fully interpret.

Efficiency of Security Team

It has absolutely improved the efficiency of my security team.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No stability concerns.

What do I think about the scalability of the solution?

We did encounter scalability issues. As we scaled out in search heads, we found that some of our activity could only be found on the search heads that it was originally done on. For example, the history of search runs are stored locally, so I needed to logon to each search head to try and find it.

How are customer service and technical support?

Most of my interaction is with the user community, which is how Splunk wants it.  When I need help, that community is very hit or miss.

Which solution did I use previously and why did I switch?

I previously used LogRhythm. I found this tool particularly difficult to use. It was more rigid in its normalization of data.

How was the initial setup?

The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files.

Which other solutions did I evaluate?

We evaluated our existing tool, LogRhythm.

What other advice do I have?

Growth in data ingested will be much larger that you anticipated. If you need to prove this first, consider using an ELK Stack Logstash type of solution before using Splunk.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Incident Manager at CyberCore Technologies
Real User
Apr 25, 2018
Powerful, flexible query language can morph difficult to understand log formats into usable data
Pros and Cons
  • "The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
  • "Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
  • "The ability to manipulate data in Splunk is unparalleled."
  • "There is a definite learning curve to starting out."

What is our primary use case?

We started using Splunk to serve as a SIEM. In addition to correlating security information, we have begun to use it as a developer and customer advocate by analyzing user behaviors and system response times. 

How has it helped my organization?

Log files which were previously either not reviewed or reviewed incompletely are now being used in operations daily. Security and operational events are discovered and resolved with greater efficiency than we have ever before. The way Splunk allows for data to be correlated together has given our organization a more complete picture of our system security status and how users organically move through our applications. This information has allowed us to focus development efforts which will directly benefit our customers the most. 

What is most valuable?

The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data. 

Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined.

What needs improvement?

There is a definite learning curve to starting out. However, there is quite a bit of documentation out there to help you get started. 

For how long have I used the solution?

Less than one year.

How are customer service and technical support?

The community (Splunk Answers/Slack Channel/User Groups) can help get you started. 

Which solution did I use previously and why did I switch?

We previously used ArcSight, but found Splunk to be more cloud capable.  

What's my experience with pricing, setup cost, and licensing?

Truly evaluate the data you want to ingest and go slow. Pulling in data that can provide no use to your mission only wastes data against your license.  

Which other solutions did I evaluate?

Other options were evaluated, such as ELK, but Splunk was identified to be more feature rich out-of-the-box.

What other advice do I have?

Pick it up and jump into the community!  It can help get you started a lot faster.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Principal Engineer at Publix Super Markets
Real User
Apr 25, 2018
A more secure, robust environment, which keeps out harmful software
Pros and Cons
  • "Visualizations are the best way to understand deviation techniques from the norm."
  • "We have a more secure, robust environment, which keeps the harmful software out of the zone required."
  • "More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."

What is our primary use case?

Security and incident management, which is helpful when organizing the data from different systems and running analysis on all the data together.

How has it helped my organization?

We have a more secure, robust environment, which keeps the harmful software out of the zone required.

What is most valuable?

The most valuable features are:

  • Risk analysis
  • Machine Learning Toolkit
  • dbConnect
  • Cisco products
  • eStreamer
  • SIEM

Visualizations are the best way to understand deviation techniques from the norm.

What needs improvement?

More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results.

For how long have I used the solution?

Three to five years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Business Intelligence Developer at Arizona State University
Real User
Apr 25, 2018
Search language is easy to understand and teach to new users
Pros and Cons
  • "Support is quick and competent."
  • "Search language is easy to understand and teach to new users."
  • "Splunk has enabled us to detect, even predict potential security issues, before they become severe."
  • "Certain sections of the developer documentation could use some updating and clarification."
  • "Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."

What is our primary use case?

  • Monitoring IT and other processes for a large university.
  • Leveraging alerts and dashboards to detect and predict security breaches and other events.

How has it helped my organization?

Splunk has enabled us to detect, even predict potential security issues, before they become severe. It has enabled our operations and development teams to more efficiently monitor and troubleshoot their systems.

What is most valuable?

The search language is easy to understand and teach to new users. The SDK is comprehensive and has incredible levels of integration with the platform and data. 

What needs improvement?

  • Certain sections of the developer documentation could use some updating and clarification.
  • Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling. 
  • Some terminology is vague and confusing (examples: deployer versus deployment server or search head versus search peer).

For how long have I used the solution?

Three to five years.

How is customer service and technical support?

Support is quick and competent.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Senior Cloud Operations Analyst at a tech vendor with 1,001-5,000 employees
Vendor
Apr 24, 2018
Makes us much faster finding and addressing issues
Pros and Cons
  • "We are much faster finding and addressing issues with Splunk."
  • "Splunk is our monitoring and investigating Swiss Army knife for key applications and systems."
  • "I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."

What is our primary use case?

Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.

How has it helped my organization?

We are much faster finding and addressing issues with Splunk. We reduce the MTR and get more done.

What is most valuable?

So many of Splunk's features are invaluable to us:  

  • Machine and business data retention
  • Solid HA and distribution
  • Adaptability to custom data
  • Search, Search, Search.

What needs improvement?

I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How is customer service and technical support?

The support team is very competent.

How was the initial setup?

The initial setup is very straightforward.

What about the implementation team?

We implemented in-house

What was our ROI?

Our ROI is high.

Which other solutions did I evaluate?

We evaluated LogRhythm.

What other advice do I have?

I love this product.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Systems Analyst Staff - SW Eng Compute Analytics Lead at Qualcomm
Real User
Apr 24, 2018
Allows for transparency into IT metrics for insightful business analytics
Pros and Cons
  • "It allows for transparency into IT metrics for insightful business analytics."
  • "It has the ability to correlate data, analyze and review it."
  • "It brings together all sorts of data and has the ability to correlate data, analyze and review it, making weekly ops reviews and monthly executive management reporting much easier by saving hours of collecting data, with report automation being a life saver."
  • "It needs more formatting control without having to be an admin."
  • "Free-floating panels in the dashboards are like a glass table. It needs more formatting control without having to be an admin."

What is our primary use case?

IT service analytics: 

  • Server machine data
  • Monitoring data
  • Alerting data
  • ITSI KPIs
  • Real-time reporting
  • Month-over-month reporting.

How has it helped my organization?

It allows for transparency into IT metrics for insightful business analytics.

What is most valuable?

It brings together all sorts of data. It has the ability to correlate data, analyze and review it. This makes weekly ops reviews and monthly executive management reporting much easier by saving hours of collecting data. Report automation has been a life saver.

What needs improvement?

  • Free-floating panels in the dashboards are like a glass table. 
  • It needs more formatting control without having to be an admin.

For how long have I used the solution?

Three to five years.

Which solution did I use previously and why did I switch?

Previously, only the service owner could see the data and he might have gone to several places to obtain it. Now, it is all in one place and easy to access. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.