Splunk Enterprise Security Reviews

My primary use case for Splunk is for log file visualization and monitoring alert management.

The way this solution has improved our organization is by its ability to do a quick search and immediately stop an incident from happening.

The auto-notification abilities are a huge benefit for us.

After a crash, the product takes a while to recover.

Sometimes we have had instances when it will not run for a couple of days. There is room for improvement here.

There are lots of use cases and features that make Splunk a good choice for us.

I have no opinion on the pricing of the product. 

We considered Datadog and Zabbix. In comparison to those options, Splunk has virtual visualization. Furthermore, it can be a host on our environment. Typically, we cannot deploy SaaS on our environment, but with Splunk, we can. 

When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed.  But, the instance was resolved.

Our primary use case of this solution is as a centralized lab collection.

The search function for splunk is like a google search. You just enter and it will quickly show you the results. 

Splunk has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried many of them.

It would be best if they can incorporate all security locks with minimal incidents. 

It's a little hard to scale on-prem. 

The initial setup was easy. It took us one to two days. 

It's a little bit expensive for a small to medium enterprise.

We also looked at AlienVault.

I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors. 

We use a lot of sales metrics. We use machine learning models to provide sales forecasting. We create database connections and run a query on the database. The next step is to place the data into Splunk. We create indexes to get the data into the Splunk dashboard.

The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature. 

Splunk needs to be able to hold more days of data. At the moment it only holds three months of data. It needs more views and colors within the dashboard and the ability to have the flexibility to create a user-defined panel.

We have been using Splunk for a year. 

The stability of Splunk is good enough.

I think it's good, other than the ability to hold more than three months of data is lacking.

The setup of Splunk was easy.

There are six people in my team working with Splunk. I am not sure about other users, but we are a mix of data scientists, data engineers, software engineers, IT, and software engineers.

I would rate Splunk as 8 out of 10.

• Log monitoring and alerts
• Looking up information 
• Dashboards for nice, fast information about various application servers.

• It is easier to find problems and exceptions.
• It is used by any factor in the firm.
• Easy dashboards creation.
• The visibility is amazing.  

• Regex for fields creation is great.
• High availability
• Easy to use in any environment.

Make it easier to include roles and user controls, as it is horrible now.

Not even Splunk's support guy, who came to our firm, could help with defining proper role management.

It is a pretty high cost solution, but if your organization has the funds, it can bring many benefits.

It helps increase our productivity.

We are saving a lot of time by being in one place instead of several servers.

The most valuable features are understanding the visualization compass on the dashboard, as well as the reports on the dashboards.

I would like to have the ability to master the management of clustering.

It is easy to implement.

It is easy to use, and easy to implement.