Splunk User Behavior Analytics Reviews

Splunk has features that no other solutions have. We work in organizations that have a big volume of data. Our primary use case of this solution is for indexing. The best solution that we found that could fit our needs was Splunk.

The most valuable features are the indexing and powerful search features. 

The correlation engine should have persistent and definable rules. Splunk should have more features and options in regards to correlating in real-time. It should have the ability to set more permanent rules.  

Correlation capabilities in ArcSight are better than in Splunk. 

The stability is good. It's reliable and can be used in enterprise environments. 

It is a scalable solution and can support many users. The scalability is another powerful feature of this solution.

We have around ten users using this solution in our company. We also provide this solution to our subsidiary companies so there are more than twenty users.

We are in Iran and are under U.S. sanctions so we can only use online forums for support. We can't use their technical support. 

The initial setup was easy. 

We did the implementation in-house. 

Our licensing costs are on a yearly basis. 

We researched many solutions before choosing Splunk like LogRhythm, ELK, and FortiSIEM.

After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product. 

In Egypt, we have phones that provide wide internet services to the customer and the customer wants to know what the customer satisfaction and service was. Then, they post on their Facebook or Twitter page to measure the customer satisfaction and after one or two days they start to take the comments and they enter these comments to Splunk and the UBA starts to make correlations and analytics on this data. Finally, the managers or the decision maker get the results, which is wonderful, and the customer is satisfied. These results help to improve customer satisfaction.

Splunk can improve the UBA. There are occasional bugs, but they're not so much of an issue.

We can definitely improve the features, but it depends on the customer's needs. We need to modify or create new dashboards that increase the customer's satisfaction and customer's needs. It depends upon the customer. Not all of the pre-defined dashboards are suitable to the customers or the customer needs on the pre-defined dashboard so we can create dashboards that meet the customer needs.

The scalability of UBA is very useful and helpful but in our country, there is no such need. The customers need UBA as latent data storage. They don't know the efficiency and the usefulness of the app but I think in the near future it will have a better use.

The last time we needed tech support help it was in order to restore some data from frozen parts. They clarified that the data was restored and the bug didn't affect restoring the data.

I hope we can increase the free license to be more than five gig a day. This would help people who want to introduce a POC or a demo license for the solution.

It is a helpful tool, especially for customers who deal with the service industry.

We have been using it for performing analytics for the logs. 

We resell it to our customers. We are also using the tool so that we can build more use cases for our clients. We basically look into understanding how it is performing analytics with Office 365 and how it is correlating those things. 

For us, it has been working great as of now.

We enjoy the overall usability. You just look at the dashboard and you have all the data that you need at a glance. That is probably the best part, I would say. It's easy enough to understand that anyone can pick it up.

My understanding is that the setup is easy.

The solution is stable. 

It's easily scalable. 

UBA is a separate tool and it should be a part of the Splunk base itself so that we can download it. It should be easier to use just like the normal Splunk in that we should be able to put in queries or add custom things. 

We'd like the ability to do custom searches. 

I've been using the solution for the last three months. 

It's a stable, reliable product with good performance. There aren't bugs or glitches. It doesn't crash or freeze. 

It is a scalable product. It can expand with ease. 

I've never dealt with technical support. 

We use all different types of solutions from Splunk, whether it is the SIEM, or ITSI, or even Splunk Enterprise. It's all Splunk. That it's.

We have not used SignalFx. We have been looking into it, however.

From what I have heard, the setup is easy, although I did not set it up myself.

I'm not sure of the exact licensing fees. 

I'm not sure which version of the solution we're using. 

We have been using Splunk for a while, and we were looking for some solutions that incorporate a lot of ML and AI to get insights into the activities that are going on in the user's end devices. We feel that UBA was a much better solution than other options. There are different products, however, we went with Splunk as we have been using other Splunk tools for a while now.

I'd recommend the product to others. 

I would rate the solution eight out of ten due to the lack of custom search and the fact it is sort of disconnected from the complete Splunk environment.

We are performing a couple of integrations with other products.

We are using the latest version that is available.

Right now we are working with them as partners, so is more of an integration play. I am not personally using it internally. There is another team that is using it as a consumer. For me, it's more of a technical integration.

The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them.

I would love to see more integration with other solutions and the ability to perform some actions straightaway from the dashboard.

It is stable.

It could be easier to scale the solution if you are using it on-premise, not in the cloud.

There is a lot of potential in the product. We have seen the product grow over time. There is potential to grow a bit more and become more proactive than it is right now.

First assess the use cases. Then, assess the scale and complexity of the use cases that you are trying to solve before implementing the solution. Do not try to find a solution which fits the use case after the implementation.