The primary use case of this product is for infrastructure monitoring, and involving machine learning with IT-related scenarios.
The most valuable features are the agility, being able to ingest many data sources with no limitation on capacity.
It's flexible in terms of capacity and different sources, which is very good. You can build reports, alerts, and dashboards very quickly.
It offers comprehensive visibility and integration with the applications in the Splunk base, where you can find more than 2000 applications and most of them are free.
It allows you to integrate with the leading vendor's software and hardware. Through these applications, you can extend the capabilities of the platforms.
You can get the pre-built dashboards and connectivity to many deeper elements with the product. For example, for Palo Alto firewalls, VMware, and all of the main vendors, it is easy to extend this on your own.
The Splunk community will add knowledge as the documentation is very comprehensive, and has a Q&A site.
You can store the entire data and keep it saved from different sources. The schema is only defined as soon as you ask the question and you do the search.
On the IT side, machine learning has the ability to analyze patterns in the data and predict events according to the trends. It can detect anomalies and display them on dashboards with the ability to drill up, or down to the specific elements or a specific event.
Splunk stores the data collectively, meaning that the same data can be used by different departments in the organization. It avoids the silo structure that is very common, unfortunately. Many organizations including big enterprises generate large amounts of data and the ability to collect it centrally with all of the different parts of the organization, with different access to the same data is very helpful.
The problem becomes the price, as Splunk is an expensive product. In some regards, it's not a large issue because when you compare apples to apples and not look only into the price tag, but, look at the infrastructure, the platform, office time, and the people that you need to operate the other products, you will see that it's not necessarily an expensive product. It may even be cheaper than the others when looking at the bigger picture.
I have been using this solution for four months.
This solution is scalable and it's up and running very quickly.
With technical support, there is a strict SLA that is published. It's public and except for one case, which was very nonstandard and not according to best practice, usually, it's very good.
I came from a different background. I was not selling any other product before Splunk.
It's very intuitive. The language is rich.
The return on investment is very quick. As soon as your implementation is complete, adding new data sources is fast. It's intuitive and if you know how to use it, you can get value within days.
I would prefer that the price be reduced, as it would be easier to implement it and to sell it.
Splunk is an organization that identifies the needs in the market.
They see that it would take time to develop in-house, so they look into other companies that are doing the best at the stream and they simply purchase it and embed it into Splunk. Some examples are Phantom and the SignalFx.
If you want to make the best out of this product, you need to learn it. You will need dedicated personnel because there is a lot that can be done with it. In fact, there are practically no limits. You just have to have a good imagination and the sky's the limit. You can do whatever you want.
The language is very rich. It allows you very deep analytics and it's very fast. The ability to present the insights is very quick and it's adaptable and extendible.
In the last few years, the need to analyze data is increasing. There are many organizations that use 30 to 50 different tools. My advice would be to get to know the philosophy of Splunk. It is a centralized data platform that can digest any kind of data.
It can be extended to whatever size they need and they can eliminate the need for usage of all other tools.
A problem is that sometimes their decision may not be made based on logic. If for example, the customer purchased a different solution a few years back and from that moment on, even with the product limitations and was a very good product at the time, it lacks a lot of functionality today. The organization already invested thousands of man-hours in this product, which is consuming a lot of resources within the organization. It's not a logical decision, it's an emotional decision.
What I learned in business administration when I was in university was "Forget Splunk costs, this is the main rule when you are doing your assignments." Splunk is Splunk.
It is very easy to work with startups with new organizations. A startup company is one thing but when you have already invested in many other solutions you need to rethink your strategy and the way you work with the data, the value of the data, and where you think that your data can take you.
Many are not aware of the solutions that are available to them.
I am not aware of any specific areas in which the product lacks. Splunk is not only a great product but also, as a company it really supports its users with the customer support program and all of the documentation they have available, all of the conventions that are arranged, meet the experts, case studies, use cases, and the YouTube channel. If others were exposed to these concepts they would think it was the right decision to go with this product.
I would rate this solution a seven out of ten.