Splunk Infrastructure Monitoring Reviews

We are monitoring our servers and their health. We are monitoring their functionality and supporting the Kubernetes platform.

Our team supports multiple different projects. They all have their own clusters and ways of operating, but we just use one Splunk Infrastructure Monitoring system.

Splunk Infrastructure Monitoring has helped improve our organization’s business resilience.

I have primarily used it to go back into the past and understand why something happened. It provides enough information to do research and figure things out.

One thing I recently ran into was that the logs on the server most often get Gzipped after they have been rotated. We found that we were not monitoring some of the things, so we had to go back and pull them in. Right now, it pulls one at a time, untars it, or unzips it, so I cannot look at the entire history. There can be an improvement in that area.

I have been using Splunk Infrastructure Monitoring for four years.

It is stable.

About a year ago, we added another 600 servers and scaled up. We are getting more in the next year or later this year. It works smoothly.

They are good. I have a ticket open now. I told them to go ahead and close it because we thought it was a hardware issue, but they said that they would keep the case open till the hardware replacement to see if the issue goes away. That was pretty nice.

All of our hardware is HPE-based. We rely mostly on OneView, but it does not give us the service aggregation and other things that Splunk Infrastructure Monitoring is giving us.

One of the gentlemen on other teams came to ours. He is very knowledgeable about Splunk, so he helped with the implementation.

All of our servers are RHEL-based.

A different organization group within our organization had Splunk, and they liked it, so we just went with Splunk.

I would rate Splunk Infrastructure Monitoring a ten out of ten.

Right now it improves the gap between our on-prem data centers and our cloud environment. We've been using Splunk on-prem for eight or nine years now and it's been useful seeing existing tools that we've used like Splunk integrate into cloud environments and bridge that gap. We use the integration the most.

It has reduced our mean time to resolve. It's been easy to aggregate logs and infrastructure data in one place, making it easier to find a single point as opposed to jumping around tools. It's ten to fifteen percent better. It makes aggregating data and logs faster for our cloud purposes.

There's a feature that allows you to connect to AWS infrastructure that we've been using. Its integration with the cloud is what we're looking forward to the most.

It is very easy to monitor multiple cloud environments. It's like a single pane of glass for us. We can use it to monitor our on-prem and both of our cloud environments as opposed to having different tools for each environment. It makes it all come together in one tool.

It's fairly important that it has end-to-end visibility into our native environment. We host a lot of other programs in our program. We host an infrastructure platform. It's good to have the integration that we can pass on to our customers to show them that there are tools they can use to better their program while we're using them to better ours. So it's been pretty beneficial.

Splunk's ability to predict, identify, and solve problems in real-time is good. I was very happy with the keynote. A lot of the use of machine learning is cool. We're excited to get our hands on that once it makes its way to Enterprise.

We still use Splunk Enterprise licensing. A lot of the newer features go into Splunk Cloud before Enterprise. We're not looking to switch our licensing over, so we're falling behind on the newer features. I know Splunk has plans to move their cloud features into Enterprise at some point. The only improvement we would like is to have more features put into Enterprise that focus on the cloud. Some people come from an on-prem environment and slowly move to cloud and would have to make a full jump into the Splunk Cloud licensing to get any of the cool Cloud features.

The program that I'm on has been using Splunk Infrastructure Monitoring for around three years now. We started off mainly on-prem for data centers and we've slowly migrated into AWS and Azure for cloud footprint.

The company has been using Splunk since we were a lot smaller. We were using Splunk for data logs, aggregation, and things like that.

It's very stable. We've never had issues with that. Anytime we do have stability issues, it's something that we can work on to fix. It's not an inherent flaw with the product.

Scalability is excellent. That's what Splunk is designed for, big data aggregation. It's been very easy and seamless to scale up over the years.

I've only had a couple of Splunk support cases, and they've been very, very prompt in responding, especially compared to some of the other big enterprise tools we use.

Positive

We have seen ROI. It's made onboarding better and it's easier for engineers in our project because there's a single pane to view all of these different environments.

We have seen time to value. It makes it a lot easier to train new people and get them spun up. We had our cloud environment for a couple of years before we started integrating with Splunk. It was a pretty quick improvement within a couple of months, noticing how beneficial it was to have a single pane of glass in all of our different environments.

I understand Splunk wants people to move towards Cloud licensing for a lot of the newer features, especially for multi-cloud. It would be nice to see those in Enterprise. I understand why they do it but that is my main concern. 

I would rate Splunk Infrastructure Monitoring a seven out of ten. There's more we can do with it. We just haven't explored it. 

Splunk Infrastructure Monitoring reduces our mean time to resolve. We are more proactive than reactive. I would be very confident to say that there is about a 25% reduction in time. We get things way quicker than when we were just doing it reactively.

It has the ability to identify and solve problems in real time. It saves time.

There is no one feature that stands out more than others. We use a little bit of everything. When we started using it, we did not exactly know it. It was new and fresh, so we just started gathering everything. We did not end up doing anything different. All of the features that we are using have had an effect on the monitoring that we are doing. Everything is very effective.

We never had any issues when it comes to the type of use cases we are using it for. We did not need more advancement on it, but I know that, in general, everything can be updated. There are tiny little tweaks that can be made regardless of whether it looks better or has a different flow to it than it does right now, but it works pretty well for what we use it for.

I have been using Splunk Infrastructure Monitoring for two to three years.

It is stable.

It is scalable. As we continue to grow and expand, the stability and the scalability are there.

They have been very helpful whenever we have had any issues. Only one or two times they did not know. That does happen. We are all humans, but that is the best that you can get.

Positive

I got onto the team when we started using it, so I am not sure what we were using before.

I would rate Splunk Infrastructure Monitoring a ten out of ten.

We mostly work with developers. They run some pipelines, and they use Splunk as a platform to identify the errors, instead of themselves debugging the logs and understanding what the issue is. This is one side of the business. On the other side of the business, we use the Splunk database for frozen buckets where we archive the data.

We can easily integrate it with other tools for monitoring our entire IT data infrastructure. I also handle AppDynamics. We have integrated Splunk and AppDynamics. With one click, we can understand what the actual issue is. It brings down the time to resolve. We have had some good experiences.

It improves our operational efficiency every day. In my previous company, we had integrated it with ServiceNow. For defined alerting conditions, it could directly open up a ticket for the right team. We did not have to look into a thousand cases to understand a problem.

In terms of integrations, most of the plugins are already available. If a plugin is not available, even then it is pretty easy to integrate. There are multiple ways to integrate. You can use the REST API and just forward the data. It can be easily integrated.

It makes it easy to have end-to-end visibility in the cloud environment. There are multiple types of devices in an environment. You might have AWS, Microsoft Azure, or something else. It operates beautifully. It is easy to integrate. This is the best part.

I am in the banking industry. It helps to keep track of how well our application is performing when somebody tries to do a transaction. There are multiple pieces to it, and we keep track of everything. We have our own business dashboard that the top-tier leaders can look into. All the visibility is there because of it.

I find the monitoring console very helpful. With one click, I can see how we are performing, and at the same time, I can see what data is flowing.

The clustering part of indexes can be more refined.

They can cut down a bit at the monetary level for the long-time customers. We recently had a scenario where we were in discussions to see if there was any flexibility from Splunk's side.

I have been using this solution for the past two years. I have also used it in my previous company.

It is pretty scalable. I would rate it a nine out of ten for scalability.

I have worked with Kibana and Logstash, but they are not comparable to this solution.

It is expensive.

Overall, I would rate it an eight out of ten.

We have our application development and we monitor our websites. I create alerts and dashboards to help us notify if we have any infrastructure issues.

We get our data in and then I create some SQL queries to find out where our averages are and do some predictive analysis. When we deviate from the normal, that is where I like to set up alerts and dashboards. I have alerts that trigger and link to dashboards to see the trend over time or what happened last hour. There is also alerting to the phones.

I believe Splunk Infrastructure Monitoring has improved our organization because, over time, it has always been pinpointing the source of the problem. We have pretty quick responses knowing that we have a problem, and we can drill in pretty quickly to find out where the problem might be occurring. Is it a specific server or is it happening to multiple systems across the board? It is easy to visualize that.

Monitoring multiple cloud environments is pretty easy because it just aggregates from different places, and when we have an outage, we can say, "Oh! Amazon West is having a problem."

Splunk Infrastructure Monitoring provides end-to-end visibility into our cloud-native environment. I am not directly involved with the cloud portion of it, but for our developers, end-to-end observability is important because we have multiple platforms and systems.

Splunk Infrastructure Monitoring has reduced our mean time to resolve. I cannot put a number on that, but compared to years ago, we now do a pretty good job of infrastructure monitoring. We can better monitor a bunch of different aspects of our business.

Splunk Infrastructure Monitoring has improved our organization's business resilience. We do not want to be down, and we do not want people to be not able to pay their bills online.

It is a great resource for us because we have so many different data sources and to be able to aggregate that and put it through a concise dashboard or an alert really helps.

We have both on-prem and cloud, and the challenge is getting all our log data aggregated or streams aggregated so that it is real-time. We do a pretty good job of that, but our organization is not using it as a security platform when it can do a great job of that. We have other tools that we use, but we should leverage this more in our organization because we have already got the tools and the software.

I have been using Splunk Infrastructure Monitoring since 2019.

It is very stable. Especially since we went to the cloud, it just makes it easier for us.

We have not had any issues there.

Their technical support has been very good. I have not had to use it a whole lot because we have pretty good and experienced staff. We use consultants, and in general, we have been lucky. We work with our representative, and we have hired a couple of contractors. 

We have used different solutions in the past. I used CA Wily. New Relic was another tool we had used for a time. 

We had several different tools that we were using for APM monitoring and website monitoring. Over time, we migrated more to the Splunk platform because it helps to aggregate the data. Having to configure all the agents was painful, and Splunk made that a lot easier.

It was pretty easy. We had to set up all of our collectors. Getting our feeds was critical. 

We have an on-prem setup, so we have a lot of forwarders. We are also on the cloud. We have a data center locally, and we have one in Texas. We also have a third one that I like to call the cloud, so we have three different environments that we move between, and it is nice that when we have a problem, we can tell exactly where it is.

John Ansett's company helped us with our initial deployment. They did an excellent job.

We have seen an ROI. It is hard to put a price on downtime, but our primary business is travel, insurance, as well as automotive. We are a diverse organization, but our bread and butter is insurance. If there is downtime, people cannot pay their insurance bills online, or they cannot look up the policy and that type of information. Being down is not good for our customers.

We have seen a time to value. I use a lot of dashboards for monitoring, and I have trained other teams in our organization on how to use the tool. It is starting to have a lot of legs now, and we got a lot of different diverse departments using the tool. We are getting a lot of experienced staff to use the tool and make their own desktops.

It is difficult to put a price on how fast you can find a problem and resolve the problem. We have got web services and servers, and sometimes, pinpointing where the problem is took the longest time. Having ITSI observability and Splunk dashboarding together has helped a lot with that.

I am not in that circle, but we are currently licensing based on our queries. That is working out for us. Previously, it was by volume of data, and now, we can store as much data as we want. 

I would rate Splunk Infrastructure Monitoring a ten out of ten because that is primarily what I use every day. I love the product. 

We use Splunk Infrastructure Monitoring to get an overview of what's happening in our customers' infrastructure. We're monitoring our servers, network, IoT devices, etc. We're a service provider, so the solution is installed in one place. 

Splunk Infrastructure Monitoring has enabled us to be more proactive. We can identify and respond to an issue before there is a failure. It has helped us significantly. For example, if somebody is attacking us we can detect that there is an increase in traffic and investigate to see if it's legitimate. We can block them or take other actions before it becomes a problem. 

Splunk Infrastructure Monitoring gives us complete visibility without the need for storage. We can visualize our infrastructure. Where is the traffic going? Are there any attacks? What are our vulnerabilities?

Splunk could be better integrated with configuration manager solutions so we can automatically resolve issues without human interference. 

We have used Splunk Infrastructure Monitoring since 2015.

Splunk Infrastructure Monitoring is stable. 

Splunk is scalable. It's easy to add more devices as needed. 

I rate Splunk support an eight out of ten. 

Positive

Before Splunk, we used multiple vendors, including Cisco, SolarWinds NPM, and WhatsUp Gold. 

The deployment process isn't complicated. We installed Splunk on a VM and started it. We have a team to deploy and monitor it.

Splunk is worth the investment. When an incident happens, you need reports immediately, and Splunk is the best monitoring solution for this. 

Splunk is expensive, but it's the best solution for the job. 

I rate Splunk Infrastructure Monitoring a nine out of ten. Splunk is a responsive piece of software. It's user-friendly and easy to get the data you need. I advise people to take the time to learn how to create reports and analytics.  

We have used Splunk to give us insight into the NetFlow of the traffic running through our network. We connect different networks but we only use on-prem. We are in the middle of a spider web, providing these services to different networks. We are trying to gain visibility into the traffic that traverses our network internally.

We are interested in the traffic volume because the services we are looking at are endpoint-encrypted, meaning encrypted traffic between a service provider and a client in another network. So we are not able to look into the media stream.

The networks we are connecting have their own security boundaries and their own security levels, and we don't mess with that. We are just trying to let them talk together. 

We have been using Splunk for monitoring who is logging in and how and when.

It has given us visibility into what is going on in the network, such as how much traffic is running to and from the services, but we are not using Splunk in a straightforward way. When we are looking into reports on how much data has been used, we need to look into another system and enrich it with data from Splunk.

Splunk has drawn our attention to how the network is running. If there are alarms on things that are not functioning, it gives us early warning on problems that could arise.

In terms of operational performance, the efficiency, Splunk has helped us improve. We could have found other tools that would have given us the same efficiency, but this was the tool that we chose. From that perspective, it has been of value to us.

It would have helped us reduce our mean time to detect but I can only guess at how much; perhaps by 25 percent. And we would see a similar reduction for mean time to resolve.

It's a bit difficult to use. It takes some time to get into it and to get it to do what you would like it to do. It is not straightforward to use it. Once you have the dashboards for collecting and analyzing transactions configured, they are okay, but it takes some time to do it. Configuration could be easier.

We have been using Splunk for about eight years.

We have not looked at Splunk as a means of being able to scale, but we have not been hindered by using Splunk. Our goal has not been growth, but maintaining stable and secure networking, and this is what we have achieved. But with or without Splunk, we would have achieved that anyway.

We really haven't had any technical issues where we involved Splunk's support.

We did not have a previous solution like Splunk, other than in-house-developed tools. We got acquainted with Splunk as part of the tender for our network infrastructure, and from that perspective, it has been okay.

Splunk has been fairly expensive, but it has been predictable. You are not punished if you are looking into much more data if you are, for example, under attack. Other tools could be more expensive to use if they charge per incident or the amount of data you are looking into. With other solutions, you could be punished if you need to index more data because of an attack, such as a DDoS attack, and you need to do some forensics on the data.

Why shift to something you don't know when you are, perhaps, happy enough with the tool that you already have? Think about whether you could develop that tool into something that would give you the visibility you would like to have, instead of using Splunk. Are you looking into incidents, traffic flows, indexing per day, or is the issue that you're looking for an alternative with a better price? Think about why you are considering shifting from a tool that you already know.

My customers used the solution for application performance in uptime and networking.

Splunk Infrastructure Monitoring has helped our customer's organization by making troubleshooting easier. The solution helped them have a centralized place where they could dig in across multiple other tools and consolidate all the information in one place.

Splunk Infrastructure Monitoring provided our customers with visibility into their overall infrastructure. They could quickly start identifying where the problems were coming from. If something was going sideways, they could more easily target the specific pathways.

One of our customers was on-premises. The other was a hybrid with on-premises and private cloud.

I was on a team helping them build a brand new tool, which was instantaneous. Another team got it a while ago, and they weren't sure what to do with it. So, we came in and helped them over a six-week engagement. We pivoted them from not feeling like they were getting all that much value to getting good value. It was more of a learning curve situation.

Splunk's unified platform has helped our customers consolidate networking, security, and IT observability tools. I was on the team of a company that was helping build a brand-new monitoring solution. They had probably a dozen separate stand-alone silo tools that could not talk to each other.

Instead of logging on to 12 different places to check each tool individually, Splunk Infrastructure Monitoring helped consolidate everything into a single location for viewing. We didn't get them to the point where they were ready to fully decommission the other systems.

They were going to decommission 12 systems on the six-month game plan. By now, they would have realized the cost savings. It would have been a multimillion-dollar savings for them.

Our customer, with 12 separate systems, was all on-premises. Part of our other customer's footprint was in AWS. It was incredibly easy for our customers to monitor multiple cloud environments using Splunk Infrastructure Monitoring. It was a combination of cloud and on-premises for our customer.

The solution provided them with a single pane of glass where they didn't have to log into multiple places and see everything in a single location. You can develop dashboards that give you cross-platform visibility, which is a huge win.

A wide variety of logging makes log onboarding difficult. Over the years, Splunk has done various things to make it easier, so I want to give them props for that. However, the reality is that every vendor has its own logging format. Some vendors have multiple log formats because they change their own products over time.

They have different log formats for different products in their own suites, and no industry standard makes it chaotic. Splunk is probably the best product out there in terms of how they handle it, but it's not perfect yet. They need to keep pushing that cutting edge and trying to improve it. I have no idea how they could do that because they're trying to wrangle chaos, and it's hard.

I have been using Splunk Infrastructure Monitoring for two years.

I think Splunk Infrastructure Monitoring is a solid product from an infrastructure perspective. I haven't seen any bugs in the tool. Like many things with Splunk, everybody knows there will be patches when there's a core upgrade. However, that's more with Splunk Core and not specifically the Splunk Infrastructure Monitoring part.

The solution's scalability is wonderful. I've worked with customers as small as 25 gigs a day, which is tiny, all the way up to close to a petabyte a day. You have to make sure you scale the tool intelligently, but it's more of a budgetary constraint than a technical one. The solution handles the big ones beautifully if you have the budget to have the needed hardware.

Splunk's technical support has significantly improved in the last year. The support went through a rough patch about a year and a half ago. I had to coerce customers to use it because it was really bad there for a while. Splunk's support has vastly improved recently, and I hope it continues to improve.

Those people who changed the attitude, mindset, and processes need all the accolades because it's so much better than it was. Unfortunately, that does mean that it was really bad at one point.

Splunk's technical support still has some room for improvement in certain areas. Mostly, you can tell the more junior people who just read off of a script and really don't know where to go. I always introduce myself as a consultant to let the support person know that I have already done the basic introductory troubleshooting, and they can skip the first ten pages in their script.

Some frontline people in Splunks' support team are wonderful and clearly have more experience. However, it is still obvious that they occasionally bring in somebody brand new who's a little lost.

I rate the technical support seven and a half to eight out of ten.

Positive

I've worked with Core Splunk as a consultant for seven years and was a customer for seven years before that. So I've seen it all: the good, the bad, the ugly, and everything in between. Usually, the actual building of Splunk is super easy because I've done it so many times. Every customer's environment is unique in terms of how to get the data.

It's more about navigating the local customer's politics and archaic technical debts. Somebody thought that a certain architecture was a good idea ten years ago, but today, that doesn't make any sense whatsoever. Wrangling customer chaos is hard, but the Splunk piece is usually easy.

There's always room for improvement, but Splunk Infrastructure Monitoring is a solid product overall. It definitely helps customers who have a lot of legacy systems that don't work well together.

Overall, I rate the solution an eight out of ten.