Splunk Enterprise Security Reviews

Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks.

Unlike other cloud based analytics platforms, at the time of this writing Splunk Cloud is a dedicated instance per customer rather than a shared tenancy platform. While this is beneficial from an overall performance standpoint, the product lacks the seamless integrations one has come to expect from a cloud solution. This translates to a much stronger reliance on Splunk's support organization out of necessity, as the customer cannot make most changes in a self-service manner.

We have been a Splunk customer for five years.

Our Splunk Cloud deployment was a migration from an on-premise implementation of Splunk. The migration took much longer than expected due to constraints within Splunk's cloud team, but there were no technical issues with the launch.

The customer support team at Splunk is very good.

The technical support team at Splunk is highly responsive and knowledgeable.

We use a lot of sales metrics. We use machine learning models to provide sales forecasting. We create database connections and run a query on the database. The next step is to place the data into Splunk. We create indexes to get the data into the Splunk dashboard.

The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature. 

Splunk needs to be able to hold more days of data. At the moment it only holds three months of data. It needs more views and colors within the dashboard and the ability to have the flexibility to create a user-defined panel.

We have been using Splunk for a year. 

The stability of Splunk is good enough.

I think it's good, other than the ability to hold more than three months of data is lacking.

The setup of Splunk was easy.

There are six people in my team working with Splunk. I am not sure about other users, but we are a mix of data scientists, data engineers, software engineers, IT, and software engineers.

I would rate Splunk as 8 out of 10.

Testing for insider threat behavior.

It gave management confidence in current operations.

The ability to correlate results.

A few more analysis aids might help. The next release could have more intuitive help examples.

Our primary use case of this solution is as a centralized lab collection.

The search function for splunk is like a google search. You just enter and it will quickly show you the results. 

Splunk has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried many of them.

It would be best if they can incorporate all security locks with minimal incidents. 

It's a little hard to scale on-prem. 

The initial setup was easy. It took us one to two days. 

It's a little bit expensive for a small to medium enterprise.

We also looked at AlienVault.

I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors. 

Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.

It has been helping a lot of my clients with fast data mining and information propagation.

The GUI should be improved, in other words, the overall appearance.

I am not the end-user. However, my job was more relevant as a consultant.

Performance upgrades are needed when more processing power is required.

We have not had scalability issues.

Technical support is good.

The client was using an open source solution. They decided to switch to an enterprise product.

The setup can be straightforward, if use cases are well defined.

Overall, it the cost is reasonable and it is easy to upgrade.

Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.

Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.

We are using it for security information and event management (SIEM). We have started to use Splunk recently, and we are in the implementation phase as of now.

The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good.

It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect.

I have been using this solution for a couple of months.

It is absolutely stable.

It is scalable. We have approximately 25 users.

It was easy to install. Its configuration and development are the critical parts, and there are a limited number of people in the market with such a skill set. It takes some time to find people with the right skill set and get it implemented properly. It took approximately three months.

I have a team of a few Splunk consultants who are currently managing it for me. For a mid-sized organization, at least 15 persons are required to manage the entire Splunk instance.

I would recommend this solution to others. I would rate Splunk an eight out of ten.

It helps increase our productivity.

We are saving a lot of time by being in one place instead of several servers.

The most valuable features are understanding the visualization compass on the dashboard, as well as the reports on the dashboards.

I would like to have the ability to master the management of clustering.

It is easy to implement.

It is easy to use, and easy to implement.