Splunk User Behavior Analytics Reviews

The solution has two main uses. The primary use is for log management and storage. The secondary use is related to solution log coordination and selection.

Splunk is a very powerful platform. It's a machine data platform, and it can provide several models that use the same appliance and on the same platform, including some business platforms. I do believe when it comes to functionality and ease of use, Splunk is one of the market leaders in this area.

When it comes to quality, I believe Splunk is the easiest platform on the market. It has a lot of subscripts, and a lot of licenses, which can provide the customer with all the requirements they need.

The solution has some predefined use cases that we count on. It's a customizable platform as well, which can be easily customizable based on the customer requirements and the environment itself. 

It provides ease of use. It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirements. It can help the customer to design or to actually plan their own roadmap. And it can be rolled out in several phases.

The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes.

I would like to see a better tracking intelligence module with lower costs fully integrated with a user behavior analytics module. It would empower this module with the keys and real-time updates in terms of security.

It's stable. I used to deal with other vendors in the UBA such as HP ArcSight, which is a bit more sophisticated and complicated in terms of configuration and in terms of monitoring. Splunk is much easier and very straightforward in terms of configuration and monitoring and customization as well.

There is a question as to how to scale up, especially in the log management area. Customers have their own predefined retention period, which means storing the logs for a long time. It's usually a minimum of six months or in some cases, up to one year. So the scalability has a little bit a limitation or restriction in storage components.

I'm not an end-user, so I'm not supposed to open any end-user cases. However, the team that receives requests from customers and end-users themselves feels comfortable with the level of support they get. They're being provided with answers from a strong technical support team. So I do believe that it's going good. I haven't heard anything about them suffering from any problem of latency or shortage of resources, or a lack of knowledge and so on. I think technical support is fine.

I used to deal with several solutions, like HP or Micro Focus ArcSight, IBM Curator, and LogRhythm.

The solution is relatively expensive. There are costs above the standard licensing as well.

Pricing varies according to the customer's needs and set up. Pricing depends on the licensing model and if the normal log management licensing model or the security plus license. It also depends on the licensing model and the platform required by the customer. It can further depend on if the customer owns a Splunk hardware platform, or if they can host these licenses and subscriptions on their own platform. It can vary depending on the OPEX model and CAPEX model as well. There are a lot of variables that encompass the total cost of the solution.

I believe that Splunk is about 50% more expensive than other solutions.

I'm a system integrator, which provides the solution to end-users and customers.

We handle the on-premises deployment model.

I would recommend the solution because of the ease of use, the simple administration, the good level of support, the predefined use cases, and the predefined user behavior analytics.

I would rate the solution seven out of ten.

The primary use case for this solution is to collect data from multiple different sources to be able to use it to proactively prevent damages.

We have 81000 desktops and we could take logs off those machines and see patterns, and from those patterns, we've been able to reduce the outages going forward proactively.

The most valuable feature is being able to take data and put it into other systems so that we could see the output and see where we need to apply our focus.

I'm not that close to the actual hands-on usage to suggest improvements. One thing I would say is that they should continue to expand it on more devices. I would say continue to broaden the horizon where there are limitations now.

It's been very stable so far in its core. The company's been great.

It's very scalable. We have it on servers, around 19000 servers, 81000 desktops. We have it on a lot of security devices, so it's been very scalable.

The support's been good from what I've heard. If it weren't, it would've been escalated to me.

We have logs everywhere and trying to look at those logs on an individual basis is quite cumbersome, so taking a tool like this that brings all the logs together for us to dissect and analyze is something that we knew would provide great value.

The initial setup was straightforward. All that was required was a fundamental understanding of what needed to be installed, the virtual control, the backend database, and how you generate the reports. I would think from those aspects it was pretty straightforward.

We implemented through a combination of a reseller and integrator. I'd say for deployment, probably more so through the integrator, and the experience was positive. One company would be DSS. 

I have seen ROI but they're soft call savings, so hard call savings are hard to pinpoint. There's nothing that I could comment on that would be hard savings. Everything's been soft.

Vendors on our shortlist included IBM and DSS.

If I had to rate Splunk from one through ten, one being the worst and ten being the best, 
I would give it a nine. There's always room for opportunity, but I think it's been working pretty good. 

I rate it a nine because I think that the ease of use with the product, like the installation and the support that we receive. From what I hear everything goes well. There's nothing that stands out. We haven't had any vulnerabilities or compliance issues with the product, and we do with others, so those are the reasons why I'd rate it a nine.

Anyone else looking for a product that can consolidate logs this product does what it says it will do.

We have an application running for our e-commerce site, and we use Splunk primarily to detect anomalous behavior like false orders and other bot-related threats. Splunk helps us analyze and eliminate threats using machine learning. 

Splunk is more user-friendly than some competing solutions we tried. 

We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time.

I have been using Splunk for a month. 

Splunk hasn't gone down since we started using it. 

We previously had a solution that we developed in-house but recently started to use Splunk. Our in-house solution was unstable and had frequent issues, so we wanted something from a reliable vendor. We were already using other Splunk products, so we were familiar with the company.

Splunk was quite easy to set up compared to similar products we've used.  to we are using few other things like this. For example, it was easier to deploy than New Relic. We finished the setup in two or three hours. 

I rate Splunk User Behavior Analytics seven out of 10. There is still some room for Splunk to incorporate new capabilities and automate workflows. It's a solid solution for protecting against external threats like bots and unauthorized access. If you've experienced cybersecurity issues in the recent past, Splunk could help you develop a predictive approach based on user behavior. 

Four technicians in our company work within the active directory to look for compartmental behaviors associated with users and conduct analytics like clustering, grouping, and searching. 

The solution is fast, flexible, and easy to use. 

I would like improved downward integration with other tools such as McAfee and other GCP solutions. 

I have been using the solution for four years. 

The solution is stable. 

The solution is scalable. 

Technical support is very good and answers my questions. 

The initial setup is easy. 

The solution works very well with large data sets. 

I rate the solution a ten out of ten. 

We do technical training and so we do training on the platform. We deploy it on our lab machines for students.

We're building some Splunk dashboards with it and it's useful.

We're currently monitoring students' log in, log out and verifying how they can collect the information. It's a good system for a learning environment. 

We're not specifically using it, we're doing training on it.

The solution appears to be stable, although we haven't used it heavily.

You can use the demo version in order to try the solution for free.

I'm not aware of any lacking features. 

I've been using the solution for six years. 

We don't generate enough data to know whether it's reliable or not.

That said, with the small usage that we do utilize, it's pretty stable.

I've never dealt with technical support. I cannot rate their services or speak to how helpful or responsive they are.

We did not previously use a different solution before choosing Splunk. 

The initial setup is pretty straightforward. It's a couple of scripts you run. It's pretty easy.

We simply use the free demo version of the product. We do not pay any licensing fees at this time. 

We're just end-users. We don't have a business relationship with Splunk.

I'm not sure what version of the solution we are on currently. I believe it's about a year and a half or so old.

This product is the easiest way to check if the work's correct.

It works well. It does what we need it to. I'd rate it a ten out of ten.

We use the solution to feed telemetry data from the network into the collective for display-only. We haven't yet come to a point where we have decided on the process of the status for subsequent operational automation. 

The automation is very good.

The product is at the forefront of auto-remediation networking. It's great.

The pricing of the solution is very reasonable.

Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes.  

I've been using the solution for one year at this point.

The solution, from what I have witnessed, is stable. There aren't bugs or glitches. It doesn't crash or freeze. A company can rely on its performance.

The scalability is pretty good. A company that wants to expand it out shouldn't have an issue doing so.

There's a handful of people on it at my organization. We have maybe ten users on it in total. They are mostly admins and engineers. We do have plans to continue to use the solution.

Technical support has been adequate. We aren't blown away by amazing service, however, they do help if we need them to. I personally haven't had any direct contact with them.

We didn't previously use a different product. We're rather new to automation and Splunk in general.

The solution doesn't have a complex setup. It's rather straightforward. 

If you are talking of simply spinning off a container, it's very easy.

The complexity should be on the workflow. It's also the most time-consiuming process. For example, how do you handle this incident? It has to be very careful to ensure you don't have false positives that could mistakenly trigger actions. That can to be the most costly mistake. Other than that, a lot of products you can acquire from open source.

There were a few of us that were tained specifically for the implementation. There were a number of us to speed up the process in order to get automation happening quickly for hte company. 

The solution isn't overly expensive. It's quite affordable. It's not the priciest option on the market. I'm not sure of the exact cost as its not an aspect of the solution I directly deal with.

We're simply customers. We don't have a business relationship with Splunk.

We're using the latest version of the solution. I'm not sure of the exact version number.

I'd recommend the solution to other companies.

On a scale from one to ten, I'd rate it at a seven. If the cost was more reasonable, I might rate it a bit higher. It's not too expensive, but it could always be better.

Our main use of this solution is threat intelligence and we are very satisfied with it, as it is exactly what we need in our situation. 

In the future I would like to see simplified statistics and analytical threats, as well as a more user-friendly interface for dashboards.

I think the solution is very stable.

The solution is definitely scalable, because we currently have 1000 users in our company and we plan to increase.

I am really satisfied with their technical support. The technicians are very professional.

The licensing costs is around 10,000 dollars.

I will rate this product a seven out of ten, and I would definitely recommend it to others.

Threat hunting is our primary use case.

It hasn't really improved the way our organization functions. It has been neutral.

We have, however, seen a decrease in the mean time to detect threats, by about 15 to 20 percent. We can do more hunting so we can find stuff quicker, but we had other tools that could also do that. It's not bad. It's fine.

The most valuable feature is the ability to search through a large amount of data.

The feature set isn't too bad as is. My biggest complaint is the way they do pricing.

It is fairly stable.

It's scalable.

I don't like their support.

Our previous solution was a really limited version of what Splunk is. Splunk is the number-one leader in this area, so we went with it. It works. But it's the pricing model which is the problem. And you really don't understand upfront how bad the pricing model is until you get stuck with it.

The initial setup was complex. There were a lot of moving pieces. It took a lot to get it going.

We did not use an integrator or consultant.

There's a reason everyone is using other tools to reduce the cost of using Splunk. The ROI is not great, that's why. But once you already have all your data in it, if you have so much already invested in the infrastructure, it's hard to leave it, so you do other stuff to reduce the cost.

Pricing is the problem with Splunk. You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly. You can plan for 2x and it will be 3x. You only find out in the long run.

I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't.

The company is still using it, but they're adding other pieces in to reduce the cost of Splunk. They're spending money to buy another product to pre-process so then they can save money on it.

We've been improving and the maturity's pretty great. This is just one small piece in the overall platform. And the overall platform, from a cybersecurity maturity perspective, is doing well. If you look at it from that perspective, it's had a positive impact, it has not been a drag.

The product itself is a seven out of ten. It's somewhat efficient, if you have the right staff and if everything's working properly. You have to have at least one person do care and feeding at the backend to make sure the infrastructure's working.