I rate Splunk Enterprise Security nine out of 10. If you want to use Splunk, you can try the free version, which goes up to half a gig. You can feed a log from the Active Directory. If you take that information directly from Active Directory, it will be hard to read. Splunk provides a good dashboard. Splunk is an excellent choice for an organization that needs a fully scalable and highly customizable solution. We can customize the dashboard to combine all the device logs. Unfortunately, others still need to learn how to do that. It depends on an organization's needs and resources because it's not cheap. It's on the higher end of pricing, which can be a significant factor for small organizations with budget constraints. It's more appropriate for the enterprise level and companies with over 500 employees.
Director - Application Services, DevOps(Application Support, Build/Deployment), Environment Support at a financial services firm with 10,001+ employees
Real User
Top 20
2024-07-01T17:17:00Z
Jul 1, 2024
I would rate Splunk Enterprise Security eight out of ten. Splunk Enterprise Security is easy to maintain and doesn't require much time due to its full automation. Splunk is a good solution if you haven't automated your log management, as manual log reviews are no longer efficient or practical.
The solution helps us see what's actually happening in our environment. Some things we might not expect at times, and others we do expect. The tool helps us respond based on what we see from our logs. I've seen and thoroughly liked some AI, automation, and single-pane-of-glass updates coming to the solution. It is very important to our organization that Splunk Enterprise Security provides end-to-end visibility into our environment. You can't respond to what you can't see was ingested. So, the visibility provided by the tool into our logs and alerting environment is critical. From an ingestion point of view, the solution alerts you to what you'd tell it to. It's pretty agnostic log-wise. Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data. It has helped reduce our alert volume. You're getting the same alerts. You can see what's noise, what's actionable, and what's not as actionable. Splunk Enterprise Security provides us with the relevant context to help guide our investigations. We see what's coming into the environment, including specific logs that we wouldn't expect as much. All of that gets filtered into alert data, potentially operational data, and sometimes even billing data, so we can adjust and move forward with that in the environment. Splunk Enterprise Security helped reduce your mean time to resolve by somewhere between 20% to 35%. Splunk Enterprise Security has helped improve our organization's business resilience for some ingestion purposes. The unified platform helps consolidate networking, security, and IT observability tools. Splunk is pretty log-agnostic. All of your logs, tools, and sometimes even dashboards can get ingested into one specific tool. That way, you have a single platform where you can view all those logs and respond based on that data. Overall, I rate the solution a nine out of ten.
Cyber security analyst at a manufacturing company with 10,001+ employees
Real User
Top 20
2024-06-13T17:26:00Z
Jun 13, 2024
Splunk Enterprise Security is really strong, capable, and great at what it does. There are obvious areas of improvement, but it looks like Splunk has already identified them and is working on road maps to enhance SOAR integration and AI digital assistance for Splunk Enterprise Security. Once those are fully implemented, the product will further improve. Overall, I rate the solution an eight out of ten.
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Offensive Cyber Security Analyst at a agriculture with 10,001+ employees
Real User
Top 20
2024-06-13T16:40:00Z
Jun 13, 2024
Splunk Enterprise Security is just a tool you can use, and then it's really up to the customer how they leverage it best. Overall, I rate the solution a six out of ten.
Lead Information Security Specialist at CACI International Inc.
Real User
Top 20
2024-06-12T21:54:00Z
Jun 12, 2024
I would rate Splunk Enterprise Security an eight out of ten. It is an amazing tool that provides so much visibility and streamlines so much. The main issues I have encountered with Splunk are the difficulties in configuration and keeping everything up to date as the data sources change.
There is a threat intelligence management feature. However, customers don't use it in our case. Typically, customers want something superior in that nature. Price is a major concern for most customers, big or small. However, price should not be the determining factor when seeking a solution. Users need to think about performance and quality. They need something that will help them prevent security incidents, and they need a product that will be stable. If you can monitor your environment better, you can prevent incidents that may lead to financial loss - and when incidents happen, companies can spend far more dealing with an extended phishing attack than they would on a service like Splunk that will protect them effectively. When it comes to security, while it's not necessary to have the most expensive solution on the market, you should at least seek out a solution that's best suited to your company and its needs. I'd rate the solution eight out of ten. It's a great option for enterprise-level companies. However, a smaller customer with a smaller budget may not be a good match. They may not need such a powerful solution in any case. That said, if a customer is about to grow a lot, I might suggest Splunk as a primary option. I'd advise potential users to look at the environment size and complexity, consider the budget, and then decide if Splunk makes sense.
The end-to-end visibility the tool provides is not that big of a deal. They have so many tools that can do that kind of part. Splunk doesn't have to be the one place for total visibility, but at least for visibility when it consolidates on threats. Splunk has helped improve our organization's ability to ingest and normalize data. The tool pretty much consumes everything that we have. Everything from dozens of different vendor products gets ingested into Splunk. Splunk Enterprise Security is just that one central place where everything goes. Splunk Enterprise Security has helped speed up our security investigations. Something that requires someone to work on it at the beginning of the day would not take more than 15 minutes with Splunk Enterprise Security. Overall, I rate the solution an eight out of ten.
Cloud Architecture Associate Director, Infrastructure at Kyndryl
Real User
Top 20
2024-05-08T18:30:00Z
May 8, 2024
The tool provides much more insight into what users and our apps do. We also use the solution to monitor a lot of machine-to-machine traffic. We have a hybrid environment. All of our internal tooling is in our internal data centers, but we also have a big cloud presence for some of our other tooling and mostly for our customers. Speaking from the internal side, Splunk Enterprise Security has been fantastic in helping us find all kinds of security events every day. Splunk Enterprise Security has helped improve our organization's ability to ingest and normalize data. The solution has helped us have everything in one place and grab everything at once. The tool has also helped us solve problems in real time. The Ops team will approach us when they are stuck with a problem ticket. We can look instantly, see what's happening, and track it down. The solution provides us with the relevant context to help guide our investigations. This context information makes things easier and faster for us. We get more information about exactly what's going on. Splunk Enterprise Security has helped us save around 50% of our time. Splunk Enterprise Security has helped reduce our mean time to resolve by 50%. Overall, I rate the solution ten out of ten.
CTO at a computer software company with 11-50 employees
Real User
Top 20
2024-05-07T18:11:00Z
May 7, 2024
Splunk Enterprise Security provides end-to-end visibility into an environment, but it is not our use case currently. Splunk Enterprise Security does not really provide the relevant context to help guide our investigations because, in our country, Splunk is not represented, so it is pretty hard to get the relevant information. Overall, I would rate Splunk Enterprise Security a seven out of ten. Its pricing is not good, and the learning curve for machine learning is not good. However, the parts that are working are working very well.
IT Developer/Architect at a government with 10,001+ employees
Real User
Top 20
2024-03-22T12:49:00Z
Mar 22, 2024
I would rate Splunk Enterprise Security eight out of ten. Splunk is widely used across larger organizations. While large organizations often have extensive teams dedicated to Splunk projects and upgrades, smaller organizations can also use Splunk, taking advantage of more affordable pricing options like the free tier for limited data. Cost isn't a significant concern for larger organizations, who prioritize Splunk's security features and are willing to invest in its capabilities. Splunk Enterprise Security is deployed across all departments, processing millions of data points. Over 500 people manage this data: building dashboards and reports, working with Enterprise Security, discussing use cases, and creating custom data models. This represents a massive effort for any large organization where every department utilizes Splunk. Government departments are transitioning to Splunk, with daily onboarding increasing the current user base of 5,000. Because the deployment is cloud-based, the Splunk DevOps team handles maintenance. Splunk offers a resilient SIEM solution with comprehensive capabilities for research and a wide range of use cases. It is constantly updated, ensuring it remains a valuable and comprehensive SIEM package. I recommend Splunk Enterprise Security. It is an excellent tool widely used by many organizations, making it a valuable choice for security information and event management.
I rate Splunk Enterprise Security 8 out of 10. I would recommend Splunk to others. It's one of the most powerful tools available. It's a valuable tool for monitoring infrastructure.
I would recommend Splunk Enterprise Security to anyone who is looking for a similar solution. This is the only solution with all these features. I would rate Splunk Enterprise Security a 9 out of 10. It is stable, user-friendly, and feature-rich. It is very helpful. Even though it is expensive, the stability, support, and technical documentation make it very effective.
I would rate Splunk Enterprise Security eight out of ten. For someone who wants to use the cheapest solution, I would tell them that this is the best solution and worth the cost. I recommend Splunk Enterprise Security to others.
For the market I focus on, which includes small to medium-sized companies, I would recommend Wazuh. It's an open-source security information and event management solution. The main consideration is that, in terms of both functionality and cost, Wazuh is sufficient for the requirements of smaller enterprises. Utilizing an open-source tool like Wazuh can effectively cover the necessary areas without the need for the higher costs associated with Splunk. I would recommend that anyone considering implementing Splunk should first thoroughly assess their environment. It's crucial to determine whether Splunk is genuinely needed for your specific usage scenario or if a smaller software solution might suffice. Overall, I would rate it nine out of ten.
If you are willing to invest in engineering effort, Splunk Enterprise Security provides excellent visibility into multiple environments, including cloud, on-premises, and hybrid setups. While some solutions may require less effort, Splunk is capable and versatile, making it a strong choice for comprehensive visibility across diverse IT environments. Assessing threat detection capabilities in Splunk Enterprise Security is like evaluating how easy it is to drive a car. It provides powerful tools, but mastering the query language for utilizing these features requires effort. Once you know how to use them, it becomes an effective tool for detecting unknown threats and monitoring user behavior. I use the Splunk Mission Control feature, which is highly important to my security operations. It is particularly valuable for multi-tenant and multi-site mission control scenarios. The Splunk Mission Control feature is effective for centralizing threat intelligence and ticketing system data when dealing with a single entity or group. However, its usefulness diminishes when managing multiple customers with diverse policies and groups. The features in Splunk for discovering the overall scope of an incident, including the topography aspect, are considered industry standards. However, the topography feature is not particularly useful in my case, so I don't extensively use it. Splunk Enterprise Security is effective for analyzing malicious activities and detecting breaches, especially if you invest the effort. However, newer solutions are considered better and more flexible. While Splunk was an industry leader five years ago, today, platforms like Microsoft Sentinel may outshine it in terms of ease of use, especially for users unfamiliar with Splunk. Splunk Enterprise Security has helped me detect threats faster compared to other solutions. It stands out in terms of speed and effectiveness. My advice to others is that if you are looking for the cheapest solution, Splunk may not be the right choice. Consider alternatives like LogPoint or Arctic Wolf, but be cautious as they might not offer the quality and capabilities needed for effective security. Sometimes it is better to invest in a more robust solution than settling for a cheap option that might not meet your requirements. Overall, I would rate the solution as a six out of ten, mostly because of its pricing.
Analyst, TSG Information Security Cyber Operations at a consultancy with 5,001-10,000 employees
Real User
Top 10
2023-11-13T16:46:00Z
Nov 13, 2023
We're a Splunk customer. To those considering just going with the cheapest solution, it depends on your level of comfort with support. If you have a cheaper tool, the support would be addressed. With Splunk, that's the difference - their support response. If you have a tool with a good license, you will be able to get immediate help if there's any vulnerability. I'd rate the solution eight out of ten. I'd advise others to take time to learn the solution and develop skills. It's all about DSL queries. If you are off on queries, it won't give you any results. You need to be accurate with your SQL commands.
Systems Engineer at a consultancy with 201-500 employees
Real User
Top 5
2023-10-24T10:21:00Z
Oct 24, 2023
We are Splunk customers. We do not use it in multiple environments. We just use it on-premises. I'm not yet using the threat intelligence features. We do not use the mission control feature. I have not created any customized dashboards as of now. At some point, I will create one for, for example, Windows Security. I'm still in the process of mastering threat detection and XDR. I'd rate the solution eight out of ten. I haven't used it for such a long time, so it's hard to give comprehensive details about the solution.
Currently, we are just Splunk customers. We do not monitor various clouds; we only monitor one. However, they have a good solution in that we don't need to worry about maintenance if we do. We've never used the Mission Control feature. If someone is looking for the cheapest SIEM solution, there are a lot of open-source options out there. However, Splunk definitely is an option. If a company is bigger, it would benefit from Splunk. They will be paying some money for it, however, it's worth it. Resilience is important. To some extent, Splunk addresses this as we haven't had any issues. It's important to have resiliency. If your solution is not resilient, you risk security issues. I'd rate the solution eight out of ten. I would advise others to spell out what you really need and make it measurable so that you will understand if Splunk is right for you. If you are going to use Splunk, it's important to do your due diligence.
I would rate Splunk Enterprise Security seven out of ten. The threat detection capabilities that we get by default are very basic. However, if we want to implement the most effective threat protection on the internet, we need to purchase a relevant solution for intelligent threat protection. This will provide us with more feeds for enterprise security and help us to integrate data by matching the data to the target and to the security with our Splunk. We have 60 percent of our customers using Splunk Enterprise Security in their environments. Splunk maintenance is required for updates. Splunk provides a centralized monitoring platform, eliminating the need to switch between different platforms to monitor security. Splunk provides a clear view of different security losses and incidents, and we can onboard any number of devices as needed. We can monitor our entire environment from one place, requiring only one team to monitor it. Splunk adds a lot of value currently.
If budget is not an issue, you can go ahead with Splunk Enterprise Security. Nowadays, Splunk is ready to negotiate. With good negotiation, you might get a good deal. If you are a large organization with more than 2,000 devices or more than 500 licenses, Splunk is the best choice. If price is not an issue, you can blindly go with Splunk because it is the most mature tool in the market at this time. Microsoft Sentinel is scaling up, but it is still not there where Splunk Enterprise Security is. Overall, I would rate Splunk Enterprise Security a nine out of ten.
I would rate Splunk Enterprise Security nine out of ten. Organizations that value their security should not choose the cheapest SIEM solution. They should expect to invest in a SIEM solution that can meet their specific needs, even if it means spending more money. Monthly patching maintenance is required.
Security Operation Centre (SOC) Analyst at Nera Philippines Inc.
Real User
Top 20
2023-09-20T10:41:00Z
Sep 20, 2023
The resilience of the solution is good. It's quite scalable, however, it does depend on the license. If you want more sources or logs you need to increase your license. I'd advise users to evaluate the solution to see if it meets their personal requirements. I would rate the solution eight out of ten.
I'm a customer. We cannot use the cloud versions as we are based in Iran. I don’t have experience with the Spunk Mission Control feature. I've worked with Splunk so far and while it's very easy to use it's not free. There are other solutions that are open-source that you could use, however, I find Splunk to be worth the price and I'd recommend it to others. I'd rate the solution ten out of ten. I would recommend Splunk to others.
Security Analyst at a tech services company with 1-10 employees
Real User
Top 20
2023-08-29T09:06:00Z
Aug 29, 2023
I'm a customer and end-user. I'd recommend the solution to others and invite them to test the service first on the infrastructure they have. It's a very valuable product to have. I'd rate the solution nine out of ten.
CSO at a manufacturing company with 1,001-5,000 employees
Real User
Top 5
2023-08-11T14:06:00Z
Aug 11, 2023
I rate Splunk Enterprise Security a nine out of ten. We do not monitor the cloud environments with Splunk. While we have several cloud environments, we avoid using Splunk for this purpose due to its high cost. To utilize Splunk, it would be necessary to place the Splunk engine in the cloud and gather all the logs from various cloud sources, resulting in substantial expenses due to the large volume of logs. As a result, our primary usage of Splunk is on-premise. Instead, we employ different systems to monitor the cloud, generating alerts through various security mechanisms. These alerts are then processed in Splunk, reducing both data traffic and costs. Splunk Enterprise Security's capabilities to analyze malicious activities and detect breaches are similar to those of other systems. Its effectiveness depends on the rules we develop within it. To truly maximize its value and tailor it to the organization's needs, a significant amount of additional work and utilization of professional services are required. The reduction of the alert volume presents a challenge due to the X number of personnel in the security alert center. They can effectively handle only Y alerts per day without experiencing fatigue. When the volume surpasses this limit, they tend to merely open and close alerts without thorough investigation. It's as if they've become weary of the process. Therefore, we must determine the optimal number of alerts per day and adjust the rules accordingly. The primary objective is to achieve a statistically reasonable number of alerts per day. This number should be somewhat higher than the current rate, but not three times greater, as exceeding this threshold would render their efforts ineffective. Conversely, if the number of alerts is too high, the personnel's capacity to take action is undermined, resulting in a lack of meaningful outcomes. Striking a balanced middle ground is imperative. This approach enables us to effectively identify and address crucial matters while ensuring our personnel can thoroughly investigate each alert. Depending on the goals an organization aims to achieve, if their sole focus is on finding the most economical solution and they do not prioritize comprehensiveness, then QRadar would suffice. However, if they seek instant access to answers, I would recommend Splunk Enterprise Security. Splunk Enterprise Security is deployed across our entire network. Maintenance is necessary for the system, and updates are needed periodically. Whenever we acquire a new system, we must connect it to Splunk. Resilience constitutes a crucial component of Splunk Enterprise Security, contributing significantly to the safeguarding of our system. I recommend Splunk Enterprise Security for organizations that have the budget, time, and skill to properly utilize the solution. I do recommend paying for Splunk Professional Services.
IS Engineer at a hospitality company with 10,001+ employees
Real User
Top 20
2023-07-20T01:54:00Z
Jul 20, 2023
We are behind a few versions. So I hope that as we upgrade, I get more ideas for what I'd like to improve. We're still in the process of moving to the cloud. The product has improved our organization's business resilience. The right tools are available to our analysts within the product, and we use them daily. It has drastically driven down our time to remediate, which is huge for us. It's huge for any company. We don't want four hours to find out that something has gone terribly, terribly wrong. Finding such issues before they turn into full-blown security incidents has been our biggest impact. Splunk Enterprise Security empowers our staff. It is so user-friendly. It allows our analysts at every level to learn the tool and learn more about security through the tool. I progressed from level one. Now, I'm a content developer for enterprise security. The usability of Splunk is the best on the market. The solution has helped reduce our mean time to resolve. As we add new features and applications into Splunk, time to value is pretty quick on most things. As long as we have someone that's willing to go through the effort to configure, the time to value is rapid. Adding applications to Splunk is a seamless experience. The UI of Splunk makes life so much easier. Some of my experience is based on technical debt in the organizations I worked with. I would probably rate the tool a ten if we didn't have so much technical debt. By attending Splunk conferences, I get to learn about all the new tools and how to implement them. I use it for RBA and Machine Learning Toolkit. I develop content for our company. I am here to learn how to implement RBA and Machine Learning Toolkit better to reduce alert fatigue for my analysts. Overall, I rate the product an eight out of ten.
Splunk Developer at a tech vendor with 11-50 employees
Real User
Top 20
2023-07-19T01:35:00Z
Jul 19, 2023
I would rate Enterprise Security a nine out of ten. Not a ten because everything has room for improvement. The biggest value of the Splunk conference is meeting people.
Sr. Cybersecurity Engineer Splunk Architect at Coalfire Federal
Real User
Top 10
2023-07-19T01:34:00Z
Jul 19, 2023
I would rate Splunk Enterprise Security a seven out of ten. There is definitely some room for improvement. I have not installed the newer version. Once I get into it, I will see what new capabilities there are, but there is a decent lift that is needed for the setup. Professional services help with that, but the customer generally does not like paying for that more than once. Because of the ELA, I am able to come to Splunk conferences for free instead of having to pay my own dime. That helps tremendously, especially considering the fact that education is included. I believe that is because of the enterprise license agreement with the government contract. That helps out a lot. I have been coming to conferences since 2017. There are a lot of good people and a great community.
I would rate Splunk Enterprise Security a ten out of ten. I have worked with other SIEM solutions before and Splunk is the best one. The biggest value I get out of attending a Splunk conference is getting to network with other people within my same account under my same account manager. I appreciate the ability to go to sessions about different support products that my organization doesn't use and try to help myself understand how some of these tools are used and how I could encourage my organization to use them.
SOC Analyst at a tech services company with 10,001+ employees
Real User
Top 20
2023-07-19T01:08:00Z
Jul 19, 2023
I do see the possibility and the opportunity to increase the meantime to resolution by a lot. We use several different applications to monitor logs. We have the vision. I've seen some of the updates and changes like Splunk AI and Splunk Vision Control that look nice. I didn't manage to get on some of the hands-on, which would have been lovely. I would like to get more ideas on how we can integrate Splunk into our networks. I would rate Splunk Enterprise Security a nine out of ten. I see the opportunity and I'm hoping with our engineer that we can get to where we can make the best use of Splunk. It really seems great. A lot of our staff here were all ready to use it. We're just hoping our engineer can get to the place where we can actually make use of it. The biggest value I get from attending a Splunk conference is being able to see the updates, changes, the features they're adding, the Splunk AI, and Splunk Vision Control. That's been nice. I am looking forward to some of the sessions. I want to get more ideas on how we can integrate Splunk into our networks and things like that, especially focusing on cybersecurity. I would also like to see some of the stock sessions because it's a brand new stock. We're trying to stand it up. Seeing how they're using it for stocks would be great.
IT Consultant at a tech services company with 51-200 employees
Real User
Top 5
2023-07-17T15:07:00Z
Jul 17, 2023
I would rate Splunk Enterprise Security an eight out of ten due to its high total cost of ownership, difficulties in maintenance, and the complexity of configuration immediately after deployment. Splunk Enterprise Security may not be cost-effective for small and even some medium-sized companies. While each organization has different requirements, we do recommend Splunk for medium and large organizations. Organizations should take into account the complexity of their environment. For instance, if they have a purely vendor-based environment for their network security appliance, it may be easier for them to handle security, fabric, and architecture requirements. However, if they operate in a multi-vendor and mixed environment, they need to conduct more research on how to integrate various components. Often, they rush into negotiating their cybersecurity program without sufficient research, leading to potential problems for clients.
In terms of maintenance of Splunk, you need to have an IT administrator monitoring it at all times. When it comes to a large, enterprise customer's critical infrastructure, Splunk is one of the best solutions to use in a security operations center. It has multiple advantages, such as the dashboard that provides complete visibility, and a threat detection system with very advanced features. It is very valuable for any company that wants a good protection system. You should definitely consider Splunk as one of your options for your SOC.
We work on multiple cloud environments including AWS, Azure, GCP, and most of the popular clouds. We have built our own combined app to monitor most of the cloud service providers. We have our own solution for cloud security monitoring. My advice is that for big firms, because it has better detection and security, Splunk Enterprise Security is a very good tool. For big companies, good security is important, especially if they have a global market. I don't see any other software having as much functionality and different ways to investigate security.
Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees
Real User
Top 5
2023-05-11T19:40:00Z
May 11, 2023
I give Splunk Enterprise Security an eight out of ten. Using a SIEM is not cheap, no matter how you slice it. So, the first question I would ask is, what are we trying to do with our SIEM? In my opinion, Splunk, including ES shines when we are willing to invest in learning and modifying our SIEM, our solution, and our environment to align it with what we do and how we do it. If we are willing to make that investment to contextualize the security and visibility, then Splunk is a tool that can help us do that. If we are looking for a turnkey solution, where we can just throw logs at something and then pull the arm of the slot machine and get things out, then Splunk is not necessarily the right tool for us. We can get there, but it will be a pricey slot machine. I think we will get the most value out of Splunk if we want to get things that are more contextual to us. We may need to enhance or build off of the Splunk dashboards that ES includes, and that will help us to create dashboards that are extremely relevant to our environment. If we are comfortable with creating Splunk queries, then we will have a lot of power at our fingertips. To those looking into the solution, I would ask: What are they looking for? What are they willing to invest in? Do they want to understand queries? Do they want to build the knowledge around how to structure them? Are they willing to put in the effort to get the real power out of it, or are they expecting something to tell them what is going on? They need to realize that it is never going to be built for them at that point. So they are going to be getting something generic. They have to consider their specific situation, such as how many people they have on their team, etc. They should also probably take a good stock of what they are trying to log and how long they have to retain it. I have been very happy with our Splunk Cloud instances. They have been very reliable. I think it has been incredibly powerful for us. I think that is also another aspect of whether they are going to have their SIEM in their environment or outside of their environment. They need to think about some of these items. Obviously, Splunk can go either way. They have to make their decisions there. We have been very happy with our Splunk Cloud instance. So that's what's been really good for us. And, also, it takes some of the administrative aspects and puts them on somebody else. That's valuable for us too.
Security Compliance Program Manager at a educational organization with 5,001-10,000 employees
Real User
Top 10
2023-02-02T18:05:00Z
Feb 2, 2023
I would rate Splunk Cloud a 6.5 out of 10, but plugged on time, I would give it 8.8 out of 10. The maintenance of Splunk is a bit difficult due to the time-consuming tech support. I would recommend Splunk. I cannot compare Splunk with any other SIEM solution because I have worked with many different solutions and logarithms, like the ManageEngine Endpoint Central, and Wazuh. I have used Splunk for two years and I can see Splunk as really the best SIEM solution that can be used for work. I totally recommend it even though I gave some negative feedback, it's because I am coming from a product perspective. We have to also take into consideration the security perspective. I am not talking about only visibility in which they should take a lot of care, but the way the solution is handling and even manipulating the data. This is the most valuable thing.
Information Security Manager at a retailer with 10,001+ employees
Real User
Top 5
2021-04-07T14:57:10Z
Apr 7, 2021
Cost and vegetative growth in the medium/long term. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". The quantity of "use-case" is not so big when compared with others tools (and for example, you dont have specific use-cases divided by industry-segments". Before choose any tool and define your BOC (Business Operation Center), read about datamart/datawarehouse concepts and models (design and archicture too) defended by Inmon & Kimball. You'll saving a lot of $ in future.
Make sure it fits your use case. Be clear about what you want to achieve, get out of the product, and how you want to integrate it. Once you tie the solution into your systems, it is not trivial or easy to walk away from. Therefore, due diligence needs to be made to understand what your requirements are before choosing a product. Some companies may not even want to host, and prefer to go the managed services route. We have it integrated with every product that I can think of. We use both the AWS and on-premise versions. The AWS hosted version typically caters to all the microservices that we run on AWS, so there is a clear segregation between on-premise and cloud. In terms of usability and experience, both of them have been similar. We have seen a few bottlenecks on the cloud, but that can probably be attributed more on the user side of the house in terms of the way we write our applications and the type of payloads that we sent this month. This is an optimization which is ongoing from our end. Other that, we have been fairly happy with Splunk and what we get out of it.
QA Lead at a financial services firm with 11-50 employees
Real User
2018-12-11T08:31:00Z
Dec 11, 2018
Splunk's website is quite useful. You can find a lot of information on it. I would recommend to use it and try to figure out the product's features and what you can actually do with Splunk. You can do a lot of things with Splunk, but you need to know what to do first. I have used both the AWS and on-premise versions, but in two different environment, so I am unable to compare the versions.
It works well when searching logs. If you looked to try to do things beyond this, the problem that we ran into is that we treated it as the hammer which hits all nails. That is not really feasible, and there are other tools out there that can do more specialized things. User administration is key. Trying to prevent users from being able search records all the time is a huge problem. You need a tight approval process on dashboards, making sure the dashboards are queried in the most efficient way possible. The on-premise version that we had was not scalable at all. It was very difficult to use. We have EC2 instances in the cloud with Splunk installed, which is more scalable and easier to use. It now works much better.
Network Security Services at ACE Managed Securty Services
Real User
Top 5
2022-12-14T12:04:33Z
Dec 14, 2022
Splunk is an excellent tool for monitoring, troubleshooting, and analyzing your IT infrastructure. It has saved me a lot of time figuring out my system's issues. Splunk plays an important role in on-track and off-track performance. Splunk provides unified security and unlimited tailor-made applications.
Familiarize yourself with the basics of Splunk. There is a lot of functionality in Splunk, and it can be overwhelming at first. Start by learning to index and search data, then move on to more advanced topics.
Set up alerts for important events. One of the best features of Splunk is its ability to send alerts when particular events occur. This can help you quickly identify issues and correct them before they become bigger problems.
Use their Active Dashboards. They offer end-to-end visibility to get insight and have a single view of their data. Hence, I suggest using Splunk for complex environments and huge data ingestions. The only challenge in using Splunk is its pricing. Because they have a daily limit on parsing the logs, if they offered lower pricing, you could even buy more capabilities to parse logs daily.
If it is a complex environment and data ingestion is huge where you want to ingest Syslogs or networking devices logs, you should go with Splunk. It is better than QRadar. Nowadays, the usage of AWS is growing, and that should be taken into consideration when deciding about on-premises or cloud deployment. I would rate it a nine out of 10. I find it great. I'm very eager to do the Splunk certifications as well.
Security Architect at a computer software company with 51-200 employees
Real User
Top 20
2022-03-11T16:34:16Z
Mar 11, 2022
I would recommend this solution to others who are interested in using this solution. I would say the forums and READMEs provide more than enough information about Splunk. Most people struggle because they move too quickly through the implementation process. As long as you follow the guidelines, particularly the specifications for environment requirements and implementation methodology, these solutions should work out of the box. Splunk is a very good solution, I would rate it a ten out of ten.
Product Owner at a financial services firm with 10,001+ employees
Real User
Top 5
2022-03-02T14:46:57Z
Mar 2, 2022
My understanding is that as a company, we are migrating to Azure. When this happens, Splunk will be decommissioned. Overall, I don't think that this is a very good product and I don't recommend it. I would rate this solution a five out of ten.
Director General de España at a cloud solution provider with 51-200 employees
Real User
2022-02-20T17:18:00Z
Feb 20, 2022
Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable. I would rate it a nine out of 10.
Information Security Officer at a financial services firm with 501-1,000 employees
Real User
2022-02-18T13:05:09Z
Feb 18, 2022
We are a customer and an end-user. I would rate the solution at a nine out of ten. We've been very happy with its capabilities in general. The only downside is the pricing. If the price would be lower, you would have the possibility to buy more capacity for parsing logs per day. In Splunk, you have a daily limit of logs that will be parsed. If you place that limit several times, the Splunk license will be blocked and you have to talk with support to get a recovery license. With the capacity, you can include, let's say, 30 servers, but if you want to include another 20 servers, you have to buy an additional license, which is very costly. That said, for medium and large enterprise businesses it's really necessary to have. Even in smaller businesses, it is good to have. It's just the price that would stop small businesses from taking it on. If a small business has less than 500 MB logs/day, they may use a splunk free license.
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
2022-02-08T07:40:00Z
Feb 8, 2022
There is a large number of options for training and certification. The more training you have the more useful Splunk becomes. However, right out the gate you can do useful searches due to the search bar design.
I'm a consultant. I'm also a customer and use it myself. We use multiple deployment models, including public and private clouds. We typically use the latest version of the solution. I'd advise potential new users to get a proper plan. They should have a good partner or someone that can help them and quickly map and orchestrate. I'd rate the solution at a ten out of ten.
Information Technology Specialist at a healthcare company with 10,001+ employees
Real User
2021-12-27T19:34:00Z
Dec 27, 2021
I would advise making sure that your staff is very aware of how the program works. After one or two classes, I got the hang of it, and it felt like I knew everything that was there to know about it, but when we went into the next class, I realized that there is a lot more. So, if you are going to use the program, I would advise making sure that everyone is trained and everyone really understands it. You should take your time to go into the nitty-gritty. You can very easily think that you know everything, but when you make mistakes in Splunk, at least from my experience, it can get messy quickly. So, you want to make sure that everyone has a very good understanding of what they're doing so that you can keep everything organized and accurate. I would rate it an eight out of 10. When we're getting into the nuts and bolts and looking at the data, it is an eight, but when we are just navigating through the website, it is a seven. Only its UI needs improvement. It isn't bad, but there is room for improvement. They should make it a little bit more user-friendly.
Account Presale at a tech services company with 1,001-5,000 employees
Real User
Top 10
2021-12-24T15:50:00Z
Dec 24, 2021
Due to the cost of Splunk, I recommend it for larger companies. Splunk is powerful when sorting huge amounts of data. Implementation of Splunk takes preparation. It requires a lot of resources and needs the infrastructure to support the project. I would rate the solution an 8 out of 10.
Security Engineer at a recreational facilities/services company with 10,001+ employees
Real User
2021-12-22T17:40:00Z
Dec 22, 2021
My advice to anyone considering Splunk is to understand exactly how much data you want to look at and you want to bring in on a daily basis. Then create a rational strategy to bring the data in, in reasonably sized chunks, that fulfill a use case at a time. On a scale of one to ten, I would rate Splunk a really good nine. I'd rate it a really good nine because it's really versatile. You can do a lot of things with it. It allows you to do a lot of analytics in the platform without needing a bunch of other third partyware to help you figure it out.
I would rate this solution a seven out of ten. Splunk has a user-friendly interface and GUI. Its architecture is also much more sophisticated than others.
Enterprise Client Executive at a tech services company with 11-50 employees
Reseller
2021-12-16T18:33:00Z
Dec 16, 2021
It is hard to integrate because it can do so many things. A lot of people think it is a set-it-and-forget-it solution, but it is a full-time job for somebody. I would advise others to plan and prepare for ongoing management. It requires a dedicated person for management. Compared to other SIEMs, it is a 10 out of 10.
project manager at ManTech International Corporation
Real User
2021-12-16T17:06:00Z
Dec 16, 2021
I would advise making sure that you incorporate enough storage and processing in order to properly support the environment. I would rate it an eight out of 10. It is definitely the best tool I've ever used, but nothing is perfect. They could do a little bit better on data compression and system resource management, but outside of that, it is an excellent product.
Regional Head at a tech services company with 51-200 employees
Real User
2021-12-01T09:57:02Z
Dec 1, 2021
The solution can be deployed both on-premises and on the cloud. I'd rate the solution at a nine out of ten. We've been very happy with the product. I would recommend the solution. It really is the best.
Senior security consultant at a comms service provider with 51-200 employees
Consultant
2021-11-29T08:09:05Z
Nov 29, 2021
I work in security architectures, not operations, so I don't actually work with Splunk on a regular basis, but the team that does is working on threat hunting and incident management. I rate Splunk an eight out of ten.
We do not sell Compliance Control Limited solutions because our focus is on auditing and independent security assessments. We put an end to our selling program with Checkmarks. I would recommend this solution to others. Splunk is appropriate for small to medium-sized projects, and it should be calculated for large projects. It's one of the best CM solutions on the market for monitoring, and correlation, as well as IT monitoring security. I would rate Splunk an eight out of ten.
Principal Enterprise Architect at Aurenav Sweden AB
Real User
Top 5
2021-11-05T19:14:00Z
Nov 5, 2021
We use Splunk and we also sell and support it for our clients. Normally our policy is to keep software updated to the latest version. The main issue is that we do enterprise architecture and network and security operations. We recommend certain platforms to clients. We don't always sell Splunk directly to them due to the fact that, since we're being hired to help them make choices, we need to be neutral. In the cases where it doesn't make sense, we don't sell it. We just help clients make decisions. I don't know which version of the solution we're using. I'm an architect; I'm not on the operations level. I'm not the one who actually uses it. Our operations use it. I get dashboard results and I do reports that are based on it, however, I'm not the one actually running it. We have a NOC and a SOC and others use it a lot more individually. They have a lot more interaction than I do. I'm getting reports out of it. Others are actually connecting to it, using it as a tool. I'm not a tool user. I'm an information user. All Splunk is, is data collection and it can sort things out on a dashboard. However, a lot of what Splunk does is collect data and you have to decide what kind of information you're going to let it collect. When we're doing design operations we have to really pay attention to what we're doing, so we don't actually slow things down or impede things. The reason we use Splunk is we put a lot of data into it. With Splunk, you need to really be careful about what you're monitoring and how you use it, to get keep the results working. It's a good tool if you know what you're doing and what you need to be logging. You need to be aware of what you're logging to ensure it isn't going to cause problems with your performance. I wouldn't recommend it for somebody who's coming in new. Of the clients we have using it, I don't know if any of them don't have professional IT running it. It's important to really understand what's going on. I'd rate the solution at an eight out of ten. In certain environments, it could be a bit complex. It's not something you could just drop into an organization, you need to be trained to use it. You need the experience to use it properly.
CyberSecurity Consultant at Information Technology Solutions- ITS
Real User
Top 20
2021-11-02T18:33:14Z
Nov 2, 2021
We are partners of Splunk and provide the solution to customers. I feel Splunk is easy to utilize. My company has an app. on which the solution is deployed on-premises on a single server. There is another team in my company that works with Splunk products. I rate Splunk as a seven-point-five out of ten.
I cannot think of anything disadvantageous about Splunk, as we are talking about a product that I like. I feel the solution has beautiful features. The decision to go with Splunk would depend on the business needs of the individual. I know that Splunk has both a cloud and an on-premises option. Sometimes, such as when it comes to conferences, there is no need to move some of the data to the cloud for the purpose of complying with regional requirements. There may be a need to retain some of it and a person might wish for a mixture of on-cloud and on-premises capabilities. I rate Splunk as an eight out of ten. It is a robust platform and easy to use.
Data Center Architect at a outsourcing company with 201-500 employees
MSP
2021-10-22T20:34:52Z
Oct 22, 2021
I would advise definitely taking advantage of their professional services and making sure that the administrators and whoever is going to be using the tool go through the training. The cost for the training, which depends on if you're commercial or government, is not that much, and there is a definite value there because if you're trying to learn it on your own with a book, it is going to take forever. I would rate Splunk a seven out of 10.
Network Operations Center Engineer at a tech company with 51-200 employees
Real User
2021-10-18T20:29:35Z
Oct 18, 2021
The solution is cloud-based. There are more than a thousand users making use of the solution in our organization, who are connected with us in over 530 different areas. I recommend the solution and plan to continue using it. I rate Splunk as a seven out of ten.
Sr. Cyber Security and Solutions Architect at a government with 10,001+ employees
Real User
2021-09-14T10:44:10Z
Sep 14, 2021
We're partners and end-users. We don't have a business relationship with Splunk. We use the latest version. I'm not hands-on. I'm called the architect, however, we do use the latest version as that's a part of our configuration management framework, that all of our applications - especially in security - are up-to-date with the latest and greatest updates, bells, and whistles. We use both public and private clouds. In terms of creating the solution, for what we do from an enterprise standpoint, everything from monitoring to data capture to reporting, we would rate it at a nine out of ten.
We're a partner and a customer. I'm using the latest version of the solution. I would highly recommend the solution. It's the best product out there. It's definitely easy to set up. The use cases are multiple. It's not restrictive in terms of the efficiency of the platform. Just make sure that you have enough resources or good counsel from people who can help with the use cases. If you do the sky would be the limit. It is a good solution. I'd rate the solution at a ten out of ten.
Technical Architect, Cloud Operations at a computer software company with 5,001-10,000 employees
Real User
2021-06-05T13:53:29Z
Jun 5, 2021
I would recommend this solution. If you are a technical person, it does what you need. If you are not a technical person and you require graphs, that's a different story. I would rate Splunk a ten out of ten because I have no problems with it.
Cyber Security Consultant at a computer software company with 11-50 employees
MSP
2021-05-24T15:00:29Z
May 24, 2021
When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data. I rate Splunk an eight out of ten.
We are resellers. We use a variety of deployment models, including private cloud and hybrid. This solution is the best security solution. If a company is looking for the best, they have to buy Splunk. It is a very good and very mature solution. It is very easy to integrate with some other service or security solutions. If they have specific solutions that need to be integrated for monitoring purposes, it should be a problem. For example, it integrates very well with Cisco. I'd rate the solution at a ten out of ten. We are quite happy with its capabilities.
Product Manager, CyberSecurity at a tech services company with 201-500 employees
Reseller
2021-04-13T17:56:34Z
Apr 13, 2021
Plan your requirements properly from the beginning so that you can get the most value in a shorter space of time. On a scale from one to ten, I would rate Splunk at six.
Senior Information Technology System Analyst at YASH Technologies
Real User
2021-03-26T12:45:56Z
Mar 26, 2021
A few years ago, I would have definitely recommended Splunk, but nowadays, better alternatives are available. We are currently exploring a few other alternatives, so I won't recommend Splunk as of now. I would rate Splunk a seven out of ten.
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
2021-03-05T11:09:33Z
Mar 5, 2021
This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer. I would rate this solution a nine out of ten.
Assistant Manager System at a financial services firm with 10,001+ employees
Real User
2021-02-17T09:35:39Z
Feb 17, 2021
As we recently purchased the solution, we are using the latest version right now. I would recommend the solution to other users. I would rate the solution at an eight out of ten. If the solution offered a better price and better support services, I would likely rate it higher. However, for the most part, we have been satisfied with the product and its capabilities.
This is a solution that I could recommend for somebody who wants a really powerful product. It is not an end to end orchestrated SIEM yet. This is a product that I would generally recommend, although I would not do so if the customer is really budget-driven. I would rate this solution a six out of ten.
IT System Developer/Admin at a manufacturing company with 10,001+ employees
Real User
2020-12-27T09:14:00Z
Dec 27, 2020
It is important to define different guidelines to integrate Splunk in development, QA, and production deployments. Additionally, define the applications that will be used and the configuration of the databases to collect the data. If this is not done, there will be a lot of issues due to, for example, master access or permissions to use the database collector and blocks.
We use a mixture of public and private cloud deployments. I would definitely recommend the solution, having seen it work for others so well. Its ease of usage and its man integrations make it a great product. The way you can access whatever you need on the solution is very similar to a Google bar where you can search for anything you need. It's just a super quick responsive, product. Overall, I would rate it a perfect ten out of ten. We have no complaints.
CSSP Manager at a tech services company with 51-200 employees
MSP
2020-12-16T06:34:38Z
Dec 16, 2020
It's important to prepare. You can't just get a solution and start to implement it. A big part of that needs to be preparation, and in IT, we're not great at that. I would go with Elastic, a similar product but better. The licensing is a little different but it gives you a little more freedom to do things. It's really flexible with what you can do and versatile in how you can use it. Splunk is still top when it comes to log collection. If you wanted anything more than that, you should probably look into using several different products. There isn't really one product that you're going to find that's going to give you that coverage and I just like the versatility of using several different products. There are some other things you can use that actually do a better job at the correlation part. I would rate this solution a seven out of 10.
I would recommend Splunk to any company: small, medium, and large. Splunk is a great tool but you should get a partner who knows what they are doing, implementation-wise. On a scale from one to ten, I would give Splunk a rating of nine.
Automation Specialist, Analytics at a computer software company with 10,001+ employees
Real User
2020-12-02T20:10:59Z
Dec 2, 2020
I would definitely recommend using Splunk. They have free learning models available. There are models available on their learning page where you can gain a better understanding of how to use Splunk. Within one month alone, you can at least understand how to operate Splunk, whereas, with other tools, it can take a lot of time to understand. On a scale from one to ten, I would give Splunk a rating of nine. The only downside is the cost. Price is the only factor; sometimes, companies shy away from Splunk because of the price.
Senior Informatica Administrator at a computer software company with 10,001+ employees
Real User
2020-12-02T19:50:00Z
Dec 2, 2020
I would definitely recommend Splunk. We will review performance within two years of our three-year contract and then decide at that point what other aspects we need to consider. I would rate Splunk 8 out of 10.
Audit Remideation/Financial Manager at a tech services company with 1,001-5,000 employees
Real User
2020-11-27T18:12:28Z
Nov 27, 2020
We're just a customer. We don't have a business relationship with Splunk. We're using the latest version of the solution. I'd advise those considering the solution to do some basic training before jumping into using the solution. It will help you understand how everything is supposed to work. I'd rate the solution at an eight out of ten, due to the fact that it's more flexible than other solutions. I like the idea of taking a log, any log, and putting it into a tool and creating your events and your conditions in order to get the output that you're looking for. It's more scalable and flexible than other options on the market.
System Administrator and DevOps Engineer at a tech services company with 10,001+ employees
Real User
2020-11-23T21:49:36Z
Nov 23, 2020
If you're going with this solution, make sure that when implementing the ports are open. If they're not open, it creates problems with the server. Other than that, this is a very stable and very easy to configure product. We can easily deploy and easily use. Other similar solutions are difficult to configure, Splunk is the simplest. I've used three or four monitoring tools and Splunk is the easiest. If a company can afford it, this is a good product. We are planning to shift to another product because of the cost. We're searching for an open source or cheaper product. I would rate this solution a nine out of 10. They lose one point for the price and lack of infrastructure support.
Engineer at a financial services firm with 201-500 employees
Real User
2020-11-23T17:00:05Z
Nov 23, 2020
We're just users. We don't have a business relationship with Splunk. We're on a variation of version seven. I'm not sure of the exact one. It's not quite the latest. I'd advise new users, if they have the budget for it, to go and take the training that they offer. Or, for casual users, you just want to spend as much time watching YouTube videos as you can. It will help lessen the learning curve. As a solution, it's still pretty much industry standard. I would give it a nine out of ten overall, even though I have my gripes with it.
Splunk is a good product but I would definitely tell people to analyze their requirements to see if Splunk fits their use case, or not. The licensing model is very complicated, so if there is a product that has a better licensing model then it would probably be good to start with that. Then, later on, if the product is not working well enough, then they can switch to Splunk. At that point, they will have knowledge of the data they are using and will understand the costs that they might incur while using it. The only way that I would suggest somebody use this as their first solution is if they already had all of the data that is required to get a cost estimate. I would rate this solution a seven out of ten.
We're partners. We have a business relationship with Splunk. We're using the latest version of the solution. Overall, I would rate the solution at a seven out of ten. I'd advise potential new users to ensure they do proper sizing before deploying the product. If it's a very large deployment, the number of endpoints will be quite sizeable. You need to figure out the correct number of endpoints as well as endpoint devices, switches, routers, etc. It's also a good idea to look at use cases. Splunk is very strong in some use cases. It's important to look into deployment scenarios and check out the use cases before deploying anything. My biggest takeaway after working with the solution is that the environment is very important. You need to be clear about the problem you are addressing and it takes a lot of planning at the outset.
I would definitely suggest sending people to analyze or evaluate Splunk. Because the licensing model is very complicated to understand, it would be better to start with another product that provides a better licensing model. Later, if the product is not working well, they can consider using Splunk and may have a better understanding of the cost. For me, I would not recommend Splunk as their first solution unless they have all of the data that is required. I would rate Splunk a seven out of ten.
Because it was a trial version, I was the only one who used it in our company. I kept some snapshots from our trial with the Splunk system and we are preparing a proposal to submit to our manager in Vietnam. If in the near future we have enough money to purchase the system, we will invest in this system for our company.
Director of Information Security with 201-500 employees
Real User
2019-02-10T10:06:00Z
Feb 10, 2019
As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations.
Presales Manager at a tech services company with 11-50 employees
Reseller
2019-02-07T12:28:00Z
Feb 7, 2019
I will rate it as a security product an eight out of 10. There's no product which is perfect unless you go back and you create a psychic of the solutions.
I would rate this solution a nine out of ten. I rated it a nine because every tool will have its drawbacks but ultimately it's a very good tool in comparison to HP ArcSight. If we can add on a scalability feature it would significantly improve the solution. I would advise someone considering this solution to use it at least for a year to get a hands-on and technical understanding because it's a good product. Then decide whether or not to move forward with Splunk - but I would advise to stick with Splunk.
Do your homework and make sure it fits your needs. The product is pretty good. We are pretty satisfied with it. It does what it does. We host the product on AWS, but we did not purchase it on the AWS Marketplace.
Implement something and watch how much data you are sending to it, then have some way to shut it off without redeploying your app in case things get hairy. We use the cloud version of the product.
Go with Splunk. A lot of people know how to use it because they have experience with it. It works well. While it has some pain points, it provides reports and data visibility. It integrates great with Opsgenie, PagerDuty and Slack. We love the Slack integration, as works great with the Slack alerts. We use the on-premise version in our data centers and we use the AWS version. We are just starting to migrate to the AWS hosted version, and I have not seen a difference.
Enterprise Architect at a tech services company with 10,001+ employees
Real User
2018-12-11T08:31:00Z
Dec 11, 2018
Build your environment a lot bigger than you think you will need it, because you fill it up quickly. We log somewhere in the neighborhood of two to four terabytes a day per data center. We use both AWS and SaaS versions. With the SaaS version, you don't have as much control, but it functions the same, so there is no real difference. Though, the AWS version is probably easier to scale, because it is AWS.
Director at a tech services company with 10,001+ employees
Real User
2018-12-11T08:31:00Z
Dec 11, 2018
Explore Splunk. The product has a lot of depth. It works with multiple products which are scheduling systems to ERPs to legacy, and it works perfectly fine. I use the on-premise version. I have not had the opportunity to explore the AWS on Splunk version yet.
It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign. It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. I am using the on-premise version.
Project Manager at a comms service provider with 10,001+ employees
Real User
2018-09-25T09:23:00Z
Sep 25, 2018
When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed. But, the instance was resolved.
There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best. I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.
Growth in data ingested will be much larger that you anticipated. If you need to prove this first, consider using an ELK Stack Logstash type of solution before using Splunk.
If you have an R&D department within your company that is looking for something new to increase the efficiencies and effectiveness of your company's operations, I would highly recommend having them get the free trial to test out.
Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.
Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and...
I rate Splunk Enterprise Security nine out of 10. If you want to use Splunk, you can try the free version, which goes up to half a gig. You can feed a log from the Active Directory. If you take that information directly from Active Directory, it will be hard to read. Splunk provides a good dashboard. Splunk is an excellent choice for an organization that needs a fully scalable and highly customizable solution. We can customize the dashboard to combine all the device logs. Unfortunately, others still need to learn how to do that. It depends on an organization's needs and resources because it's not cheap. It's on the higher end of pricing, which can be a significant factor for small organizations with budget constraints. It's more appropriate for the enterprise level and companies with over 500 employees.
I would rate Splunk Enterprise Security seven out of ten.
I rate Splunk Enterprise Security nine out of 10.
I would rate Splunk Enterprise Security eight out of ten. Splunk Enterprise Security is easy to maintain and doesn't require much time due to its full automation. Splunk is a good solution if you haven't automated your log management, as manual log reviews are no longer efficient or practical.
The solution helps us see what's actually happening in our environment. Some things we might not expect at times, and others we do expect. The tool helps us respond based on what we see from our logs. I've seen and thoroughly liked some AI, automation, and single-pane-of-glass updates coming to the solution. It is very important to our organization that Splunk Enterprise Security provides end-to-end visibility into our environment. You can't respond to what you can't see was ingested. So, the visibility provided by the tool into our logs and alerting environment is critical. From an ingestion point of view, the solution alerts you to what you'd tell it to. It's pretty agnostic log-wise. Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data. It has helped reduce our alert volume. You're getting the same alerts. You can see what's noise, what's actionable, and what's not as actionable. Splunk Enterprise Security provides us with the relevant context to help guide our investigations. We see what's coming into the environment, including specific logs that we wouldn't expect as much. All of that gets filtered into alert data, potentially operational data, and sometimes even billing data, so we can adjust and move forward with that in the environment. Splunk Enterprise Security helped reduce your mean time to resolve by somewhere between 20% to 35%. Splunk Enterprise Security has helped improve our organization's business resilience for some ingestion purposes. The unified platform helps consolidate networking, security, and IT observability tools. Splunk is pretty log-agnostic. All of your logs, tools, and sometimes even dashboards can get ingested into one specific tool. That way, you have a single platform where you can view all those logs and respond based on that data. Overall, I rate the solution a nine out of ten.
Splunk Enterprise Security is really strong, capable, and great at what it does. There are obvious areas of improvement, but it looks like Splunk has already identified them and is working on road maps to enhance SOAR integration and AI digital assistance for Splunk Enterprise Security. Once those are fully implemented, the product will further improve. Overall, I rate the solution an eight out of ten.
Splunk Enterprise Security is just a tool you can use, and then it's really up to the customer how they leverage it best. Overall, I rate the solution a six out of ten.
Overall, I rate the solution an eight out of ten.
Overall, I rate the solution a seven out of ten.
Overall, I rate the solution an eight out of ten.
I would rate Splunk Enterprise Security an eight out of ten. It is an amazing tool that provides so much visibility and streamlines so much. The main issues I have encountered with Splunk are the difficulties in configuration and keeping everything up to date as the data sources change.
I would recommend the solution to other users. Overall, I rate the solution a nine out of ten.
There is a threat intelligence management feature. However, customers don't use it in our case. Typically, customers want something superior in that nature. Price is a major concern for most customers, big or small. However, price should not be the determining factor when seeking a solution. Users need to think about performance and quality. They need something that will help them prevent security incidents, and they need a product that will be stable. If you can monitor your environment better, you can prevent incidents that may lead to financial loss - and when incidents happen, companies can spend far more dealing with an extended phishing attack than they would on a service like Splunk that will protect them effectively. When it comes to security, while it's not necessary to have the most expensive solution on the market, you should at least seek out a solution that's best suited to your company and its needs. I'd rate the solution eight out of ten. It's a great option for enterprise-level companies. However, a smaller customer with a smaller budget may not be a good match. They may not need such a powerful solution in any case. That said, if a customer is about to grow a lot, I might suggest Splunk as a primary option. I'd advise potential users to look at the environment size and complexity, consider the budget, and then decide if Splunk makes sense.
The end-to-end visibility the tool provides is not that big of a deal. They have so many tools that can do that kind of part. Splunk doesn't have to be the one place for total visibility, but at least for visibility when it consolidates on threats. Splunk has helped improve our organization's ability to ingest and normalize data. The tool pretty much consumes everything that we have. Everything from dozens of different vendor products gets ingested into Splunk. Splunk Enterprise Security is just that one central place where everything goes. Splunk Enterprise Security has helped speed up our security investigations. Something that requires someone to work on it at the beginning of the day would not take more than 15 minutes with Splunk Enterprise Security. Overall, I rate the solution an eight out of ten.
Overall, I rate the solution a nine out of ten.
The tool provides much more insight into what users and our apps do. We also use the solution to monitor a lot of machine-to-machine traffic. We have a hybrid environment. All of our internal tooling is in our internal data centers, but we also have a big cloud presence for some of our other tooling and mostly for our customers. Speaking from the internal side, Splunk Enterprise Security has been fantastic in helping us find all kinds of security events every day. Splunk Enterprise Security has helped improve our organization's ability to ingest and normalize data. The solution has helped us have everything in one place and grab everything at once. The tool has also helped us solve problems in real time. The Ops team will approach us when they are stuck with a problem ticket. We can look instantly, see what's happening, and track it down. The solution provides us with the relevant context to help guide our investigations. This context information makes things easier and faster for us. We get more information about exactly what's going on. Splunk Enterprise Security has helped us save around 50% of our time. Splunk Enterprise Security has helped reduce our mean time to resolve by 50%. Overall, I rate the solution ten out of ten.
Splunk Enterprise Security provides end-to-end visibility into an environment, but it is not our use case currently. Splunk Enterprise Security does not really provide the relevant context to help guide our investigations because, in our country, Splunk is not represented, so it is pretty hard to get the relevant information. Overall, I would rate Splunk Enterprise Security a seven out of ten. Its pricing is not good, and the learning curve for machine learning is not good. However, the parts that are working are working very well.
I work in cybersecurity consultation. I'd recommend the product to others. I'd rate the solution overall 9 out of 10.
I would rate Splunk Enterprise Security eight out of ten. Splunk is widely used across larger organizations. While large organizations often have extensive teams dedicated to Splunk projects and upgrades, smaller organizations can also use Splunk, taking advantage of more affordable pricing options like the free tier for limited data. Cost isn't a significant concern for larger organizations, who prioritize Splunk's security features and are willing to invest in its capabilities. Splunk Enterprise Security is deployed across all departments, processing millions of data points. Over 500 people manage this data: building dashboards and reports, working with Enterprise Security, discussing use cases, and creating custom data models. This represents a massive effort for any large organization where every department utilizes Splunk. Government departments are transitioning to Splunk, with daily onboarding increasing the current user base of 5,000. Because the deployment is cloud-based, the Splunk DevOps team handles maintenance. Splunk offers a resilient SIEM solution with comprehensive capabilities for research and a wide range of use cases. It is constantly updated, ensuring it remains a valuable and comprehensive SIEM package. I recommend Splunk Enterprise Security. It is an excellent tool widely used by many organizations, making it a valuable choice for security information and event management.
I rate Splunk Enterprise Security 8 out of 10. I would recommend Splunk to others. It's one of the most powerful tools available. It's a valuable tool for monitoring infrastructure.
I would recommend Splunk Enterprise Security to anyone who is looking for a similar solution. This is the only solution with all these features. I would rate Splunk Enterprise Security a 9 out of 10. It is stable, user-friendly, and feature-rich. It is very helpful. Even though it is expensive, the stability, support, and technical documentation make it very effective.
I would rate Splunk Enterprise Security eight out of ten. For someone who wants to use the cheapest solution, I would tell them that this is the best solution and worth the cost. I recommend Splunk Enterprise Security to others.
Overall, I would rate it eight out of ten.
For the market I focus on, which includes small to medium-sized companies, I would recommend Wazuh. It's an open-source security information and event management solution. The main consideration is that, in terms of both functionality and cost, Wazuh is sufficient for the requirements of smaller enterprises. Utilizing an open-source tool like Wazuh can effectively cover the necessary areas without the need for the higher costs associated with Splunk. I would recommend that anyone considering implementing Splunk should first thoroughly assess their environment. It's crucial to determine whether Splunk is genuinely needed for your specific usage scenario or if a smaller software solution might suffice. Overall, I would rate it nine out of ten.
Overall, I would rate it eight out of ten.
If you are willing to invest in engineering effort, Splunk Enterprise Security provides excellent visibility into multiple environments, including cloud, on-premises, and hybrid setups. While some solutions may require less effort, Splunk is capable and versatile, making it a strong choice for comprehensive visibility across diverse IT environments. Assessing threat detection capabilities in Splunk Enterprise Security is like evaluating how easy it is to drive a car. It provides powerful tools, but mastering the query language for utilizing these features requires effort. Once you know how to use them, it becomes an effective tool for detecting unknown threats and monitoring user behavior. I use the Splunk Mission Control feature, which is highly important to my security operations. It is particularly valuable for multi-tenant and multi-site mission control scenarios. The Splunk Mission Control feature is effective for centralizing threat intelligence and ticketing system data when dealing with a single entity or group. However, its usefulness diminishes when managing multiple customers with diverse policies and groups. The features in Splunk for discovering the overall scope of an incident, including the topography aspect, are considered industry standards. However, the topography feature is not particularly useful in my case, so I don't extensively use it. Splunk Enterprise Security is effective for analyzing malicious activities and detecting breaches, especially if you invest the effort. However, newer solutions are considered better and more flexible. While Splunk was an industry leader five years ago, today, platforms like Microsoft Sentinel may outshine it in terms of ease of use, especially for users unfamiliar with Splunk. Splunk Enterprise Security has helped me detect threats faster compared to other solutions. It stands out in terms of speed and effectiveness. My advice to others is that if you are looking for the cheapest solution, Splunk may not be the right choice. Consider alternatives like LogPoint or Arctic Wolf, but be cautious as they might not offer the quality and capabilities needed for effective security. Sometimes it is better to invest in a more robust solution than settling for a cheap option that might not meet your requirements. Overall, I would rate the solution as a six out of ten, mostly because of its pricing.
We're a Splunk customer. To those considering just going with the cheapest solution, it depends on your level of comfort with support. If you have a cheaper tool, the support would be addressed. With Splunk, that's the difference - their support response. If you have a tool with a good license, you will be able to get immediate help if there's any vulnerability. I'd rate the solution eight out of ten. I'd advise others to take time to learn the solution and develop skills. It's all about DSL queries. If you are off on queries, it won't give you any results. You need to be accurate with your SQL commands.
We are Splunk customers. We do not use it in multiple environments. We just use it on-premises. I'm not yet using the threat intelligence features. We do not use the mission control feature. I have not created any customized dashboards as of now. At some point, I will create one for, for example, Windows Security. I'm still in the process of mastering threat detection and XDR. I'd rate the solution eight out of ten. I haven't used it for such a long time, so it's hard to give comprehensive details about the solution.
I rate Splunk Enterprise Security eight out of 10.
Currently, we are just Splunk customers. We do not monitor various clouds; we only monitor one. However, they have a good solution in that we don't need to worry about maintenance if we do. We've never used the Mission Control feature. If someone is looking for the cheapest SIEM solution, there are a lot of open-source options out there. However, Splunk definitely is an option. If a company is bigger, it would benefit from Splunk. They will be paying some money for it, however, it's worth it. Resilience is important. To some extent, Splunk addresses this as we haven't had any issues. It's important to have resiliency. If your solution is not resilient, you risk security issues. I'd rate the solution eight out of ten. I would advise others to spell out what you really need and make it measurable so that you will understand if Splunk is right for you. If you are going to use Splunk, it's important to do your due diligence.
I would rate Splunk Enterprise Security seven out of ten. The threat detection capabilities that we get by default are very basic. However, if we want to implement the most effective threat protection on the internet, we need to purchase a relevant solution for intelligent threat protection. This will provide us with more feeds for enterprise security and help us to integrate data by matching the data to the target and to the security with our Splunk. We have 60 percent of our customers using Splunk Enterprise Security in their environments. Splunk maintenance is required for updates. Splunk provides a centralized monitoring platform, eliminating the need to switch between different platforms to monitor security. Splunk provides a clear view of different security losses and incidents, and we can onboard any number of devices as needed. We can monitor our entire environment from one place, requiring only one team to monitor it. Splunk adds a lot of value currently.
If budget is not an issue, you can go ahead with Splunk Enterprise Security. Nowadays, Splunk is ready to negotiate. With good negotiation, you might get a good deal. If you are a large organization with more than 2,000 devices or more than 500 licenses, Splunk is the best choice. If price is not an issue, you can blindly go with Splunk because it is the most mature tool in the market at this time. Microsoft Sentinel is scaling up, but it is still not there where Splunk Enterprise Security is. Overall, I would rate Splunk Enterprise Security a nine out of ten.
I would rate Splunk Enterprise Security nine out of ten. Organizations that value their security should not choose the cheapest SIEM solution. They should expect to invest in a SIEM solution that can meet their specific needs, even if it means spending more money. Monthly patching maintenance is required.
The resilience of the solution is good. It's quite scalable, however, it does depend on the license. If you want more sources or logs you need to increase your license. I'd advise users to evaluate the solution to see if it meets their personal requirements. I would rate the solution eight out of ten.
I'm a customer. We cannot use the cloud versions as we are based in Iran. I don’t have experience with the Spunk Mission Control feature. I've worked with Splunk so far and while it's very easy to use it's not free. There are other solutions that are open-source that you could use, however, I find Splunk to be worth the price and I'd recommend it to others. I'd rate the solution ten out of ten. I would recommend Splunk to others.
I'm a customer and end-user. I'd recommend the solution to others and invite them to test the service first on the infrastructure they have. It's a very valuable product to have. I'd rate the solution nine out of ten.
I rate Splunk Enterprise Security a nine out of ten. We do not monitor the cloud environments with Splunk. While we have several cloud environments, we avoid using Splunk for this purpose due to its high cost. To utilize Splunk, it would be necessary to place the Splunk engine in the cloud and gather all the logs from various cloud sources, resulting in substantial expenses due to the large volume of logs. As a result, our primary usage of Splunk is on-premise. Instead, we employ different systems to monitor the cloud, generating alerts through various security mechanisms. These alerts are then processed in Splunk, reducing both data traffic and costs. Splunk Enterprise Security's capabilities to analyze malicious activities and detect breaches are similar to those of other systems. Its effectiveness depends on the rules we develop within it. To truly maximize its value and tailor it to the organization's needs, a significant amount of additional work and utilization of professional services are required. The reduction of the alert volume presents a challenge due to the X number of personnel in the security alert center. They can effectively handle only Y alerts per day without experiencing fatigue. When the volume surpasses this limit, they tend to merely open and close alerts without thorough investigation. It's as if they've become weary of the process. Therefore, we must determine the optimal number of alerts per day and adjust the rules accordingly. The primary objective is to achieve a statistically reasonable number of alerts per day. This number should be somewhat higher than the current rate, but not three times greater, as exceeding this threshold would render their efforts ineffective. Conversely, if the number of alerts is too high, the personnel's capacity to take action is undermined, resulting in a lack of meaningful outcomes. Striking a balanced middle ground is imperative. This approach enables us to effectively identify and address crucial matters while ensuring our personnel can thoroughly investigate each alert. Depending on the goals an organization aims to achieve, if their sole focus is on finding the most economical solution and they do not prioritize comprehensiveness, then QRadar would suffice. However, if they seek instant access to answers, I would recommend Splunk Enterprise Security. Splunk Enterprise Security is deployed across our entire network. Maintenance is necessary for the system, and updates are needed periodically. Whenever we acquire a new system, we must connect it to Splunk. Resilience constitutes a crucial component of Splunk Enterprise Security, contributing significantly to the safeguarding of our system. I recommend Splunk Enterprise Security for organizations that have the budget, time, and skill to properly utilize the solution. I do recommend paying for Splunk Professional Services.
We are behind a few versions. So I hope that as we upgrade, I get more ideas for what I'd like to improve. We're still in the process of moving to the cloud. The product has improved our organization's business resilience. The right tools are available to our analysts within the product, and we use them daily. It has drastically driven down our time to remediate, which is huge for us. It's huge for any company. We don't want four hours to find out that something has gone terribly, terribly wrong. Finding such issues before they turn into full-blown security incidents has been our biggest impact. Splunk Enterprise Security empowers our staff. It is so user-friendly. It allows our analysts at every level to learn the tool and learn more about security through the tool. I progressed from level one. Now, I'm a content developer for enterprise security. The usability of Splunk is the best on the market. The solution has helped reduce our mean time to resolve. As we add new features and applications into Splunk, time to value is pretty quick on most things. As long as we have someone that's willing to go through the effort to configure, the time to value is rapid. Adding applications to Splunk is a seamless experience. The UI of Splunk makes life so much easier. Some of my experience is based on technical debt in the organizations I worked with. I would probably rate the tool a ten if we didn't have so much technical debt. By attending Splunk conferences, I get to learn about all the new tools and how to implement them. I use it for RBA and Machine Learning Toolkit. I develop content for our company. I am here to learn how to implement RBA and Machine Learning Toolkit better to reduce alert fatigue for my analysts. Overall, I rate the product an eight out of ten.
I would rate Splunk Enterprise Security an eight out of ten.
I would rate Enterprise Security a nine out of ten. Not a ten because everything has room for improvement. The biggest value of the Splunk conference is meeting people.
I would rate Splunk Enterprise Security a seven out of ten. There is definitely some room for improvement. I have not installed the newer version. Once I get into it, I will see what new capabilities there are, but there is a decent lift that is needed for the setup. Professional services help with that, but the customer generally does not like paying for that more than once. Because of the ELA, I am able to come to Splunk conferences for free instead of having to pay my own dime. That helps tremendously, especially considering the fact that education is included. I believe that is because of the enterprise license agreement with the government contract. That helps out a lot. I have been coming to conferences since 2017. There are a lot of good people and a great community.
I would rate Splunk Enterprise Security a ten out of ten. I have worked with other SIEM solutions before and Splunk is the best one. The biggest value I get out of attending a Splunk conference is getting to network with other people within my same account under my same account manager. I appreciate the ability to go to sessions about different support products that my organization doesn't use and try to help myself understand how some of these tools are used and how I could encourage my organization to use them.
I do see the possibility and the opportunity to increase the meantime to resolution by a lot. We use several different applications to monitor logs. We have the vision. I've seen some of the updates and changes like Splunk AI and Splunk Vision Control that look nice. I didn't manage to get on some of the hands-on, which would have been lovely. I would like to get more ideas on how we can integrate Splunk into our networks. I would rate Splunk Enterprise Security a nine out of ten. I see the opportunity and I'm hoping with our engineer that we can get to where we can make the best use of Splunk. It really seems great. A lot of our staff here were all ready to use it. We're just hoping our engineer can get to the place where we can actually make use of it. The biggest value I get from attending a Splunk conference is being able to see the updates, changes, the features they're adding, the Splunk AI, and Splunk Vision Control. That's been nice. I am looking forward to some of the sessions. I want to get more ideas on how we can integrate Splunk into our networks and things like that, especially focusing on cybersecurity. I would also like to see some of the stock sessions because it's a brand new stock. We're trying to stand it up. Seeing how they're using it for stocks would be great.
I would rate Splunk Enterprise Security an eight out of ten due to its high total cost of ownership, difficulties in maintenance, and the complexity of configuration immediately after deployment. Splunk Enterprise Security may not be cost-effective for small and even some medium-sized companies. While each organization has different requirements, we do recommend Splunk for medium and large organizations. Organizations should take into account the complexity of their environment. For instance, if they have a purely vendor-based environment for their network security appliance, it may be easier for them to handle security, fabric, and architecture requirements. However, if they operate in a multi-vendor and mixed environment, they need to conduct more research on how to integrate various components. Often, they rush into negotiating their cybersecurity program without sufficient research, leading to potential problems for clients.
In terms of maintenance of Splunk, you need to have an IT administrator monitoring it at all times. When it comes to a large, enterprise customer's critical infrastructure, Splunk is one of the best solutions to use in a security operations center. It has multiple advantages, such as the dashboard that provides complete visibility, and a threat detection system with very advanced features. It is very valuable for any company that wants a good protection system. You should definitely consider Splunk as one of your options for your SOC.
We work on multiple cloud environments including AWS, Azure, GCP, and most of the popular clouds. We have built our own combined app to monitor most of the cloud service providers. We have our own solution for cloud security monitoring. My advice is that for big firms, because it has better detection and security, Splunk Enterprise Security is a very good tool. For big companies, good security is important, especially if they have a global market. I don't see any other software having as much functionality and different ways to investigate security.
I give Splunk Enterprise Security an eight out of ten. Using a SIEM is not cheap, no matter how you slice it. So, the first question I would ask is, what are we trying to do with our SIEM? In my opinion, Splunk, including ES shines when we are willing to invest in learning and modifying our SIEM, our solution, and our environment to align it with what we do and how we do it. If we are willing to make that investment to contextualize the security and visibility, then Splunk is a tool that can help us do that. If we are looking for a turnkey solution, where we can just throw logs at something and then pull the arm of the slot machine and get things out, then Splunk is not necessarily the right tool for us. We can get there, but it will be a pricey slot machine. I think we will get the most value out of Splunk if we want to get things that are more contextual to us. We may need to enhance or build off of the Splunk dashboards that ES includes, and that will help us to create dashboards that are extremely relevant to our environment. If we are comfortable with creating Splunk queries, then we will have a lot of power at our fingertips. To those looking into the solution, I would ask: What are they looking for? What are they willing to invest in? Do they want to understand queries? Do they want to build the knowledge around how to structure them? Are they willing to put in the effort to get the real power out of it, or are they expecting something to tell them what is going on? They need to realize that it is never going to be built for them at that point. So they are going to be getting something generic. They have to consider their specific situation, such as how many people they have on their team, etc. They should also probably take a good stock of what they are trying to log and how long they have to retain it. I have been very happy with our Splunk Cloud instances. They have been very reliable. I think it has been incredibly powerful for us. I think that is also another aspect of whether they are going to have their SIEM in their environment or outside of their environment. They need to think about some of these items. Obviously, Splunk can go either way. They have to make their decisions there. We have been very happy with our Splunk Cloud instance. So that's what's been really good for us. And, also, it takes some of the administrative aspects and puts them on somebody else. That's valuable for us too.
I rate Splunk Enterprise Security an eight out of ten. I would give it a ten if it had built-in threat management.
I would rate Splunk Cloud a 6.5 out of 10, but plugged on time, I would give it 8.8 out of 10. The maintenance of Splunk is a bit difficult due to the time-consuming tech support. I would recommend Splunk. I cannot compare Splunk with any other SIEM solution because I have worked with many different solutions and logarithms, like the ManageEngine Endpoint Central, and Wazuh. I have used Splunk for two years and I can see Splunk as really the best SIEM solution that can be used for work. I totally recommend it even though I gave some negative feedback, it's because I am coming from a product perspective. We have to also take into consideration the security perspective. I am not talking about only visibility in which they should take a lot of care, but the way the solution is handling and even manipulating the data. This is the most valuable thing.
Cost and vegetative growth in the medium/long term. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". The quantity of "use-case" is not so big when compared with others tools (and for example, you dont have specific use-cases divided by industry-segments". Before choose any tool and define your BOC (Business Operation Center), read about datamart/datawarehouse concepts and models (design and archicture too) defended by Inmon & Kimball. You'll saving a lot of $ in future.
Make sure it fits your use case. Be clear about what you want to achieve, get out of the product, and how you want to integrate it. Once you tie the solution into your systems, it is not trivial or easy to walk away from. Therefore, due diligence needs to be made to understand what your requirements are before choosing a product. Some companies may not even want to host, and prefer to go the managed services route. We have it integrated with every product that I can think of. We use both the AWS and on-premise versions. The AWS hosted version typically caters to all the microservices that we run on AWS, so there is a clear segregation between on-premise and cloud. In terms of usability and experience, both of them have been similar. We have seen a few bottlenecks on the cloud, but that can probably be attributed more on the user side of the house in terms of the way we write our applications and the type of payloads that we sent this month. This is an optimization which is ongoing from our end. Other that, we have been fairly happy with Splunk and what we get out of it.
Splunk's website is quite useful. You can find a lot of information on it. I would recommend to use it and try to figure out the product's features and what you can actually do with Splunk. You can do a lot of things with Splunk, but you need to know what to do first. I have used both the AWS and on-premise versions, but in two different environment, so I am unable to compare the versions.
It works well when searching logs. If you looked to try to do things beyond this, the problem that we ran into is that we treated it as the hammer which hits all nails. That is not really feasible, and there are other tools out there that can do more specialized things. User administration is key. Trying to prevent users from being able search records all the time is a huge problem. You need a tight approval process on dashboards, making sure the dashboards are queried in the most efficient way possible. The on-premise version that we had was not scalable at all. It was very difficult to use. We have EC2 instances in the cloud with Splunk installed, which is more scalable and easier to use. It now works much better.
Splunk is an excellent tool for monitoring, troubleshooting, and analyzing your IT infrastructure. It has saved me a lot of time figuring out my system's issues. Splunk plays an important role in on-track and off-track performance. Splunk provides unified security and unlimited tailor-made applications.
Familiarize yourself with the basics of Splunk. There is a lot of functionality in Splunk, and it can be overwhelming at first. Start by learning to index and search data, then move on to more advanced topics.
Set up alerts for important events. One of the best features of Splunk is its ability to send alerts when particular events occur. This can help you quickly identify issues and correct them before they become bigger problems.
Use their Active Dashboards. They offer end-to-end visibility to get insight and have a single view of their data. Hence, I suggest using Splunk for complex environments and huge data ingestions. The only challenge in using Splunk is its pricing. Because they have a daily limit on parsing the logs, if they offered lower pricing, you could even buy more capabilities to parse logs daily.
If it is a complex environment and data ingestion is huge where you want to ingest Syslogs or networking devices logs, you should go with Splunk. It is better than QRadar. Nowadays, the usage of AWS is growing, and that should be taken into consideration when deciding about on-premises or cloud deployment. I would rate it a nine out of 10. I find it great. I'm very eager to do the Splunk certifications as well.
I can recommend this solution to others. It is a great product. I would rate it an eight out of 10.
I would recommend this solution to others who are interested in using this solution. I would say the forums and READMEs provide more than enough information about Splunk. Most people struggle because they move too quickly through the implementation process. As long as you follow the guidelines, particularly the specifications for environment requirements and implementation methodology, these solutions should work out of the box. Splunk is a very good solution, I would rate it a ten out of ten.
My understanding is that as a company, we are migrating to Azure. When this happens, Splunk will be decommissioned. Overall, I don't think that this is a very good product and I don't recommend it. I would rate this solution a five out of ten.
I would rate Splunk an eight out of ten.
I have been using Splunk for approximately
Splunk is a very good platform for analytics and cybersecurity. We use it very extensively. It is very easy to use, and it is very stable and scalable. I would rate it a nine out of 10.
We are a customer and an end-user. I would rate the solution at a nine out of ten. We've been very happy with its capabilities in general. The only downside is the pricing. If the price would be lower, you would have the possibility to buy more capacity for parsing logs per day. In Splunk, you have a daily limit of logs that will be parsed. If you place that limit several times, the Splunk license will be blocked and you have to talk with support to get a recovery license. With the capacity, you can include, let's say, 30 servers, but if you want to include another 20 servers, you have to buy an additional license, which is very costly. That said, for medium and large enterprise businesses it's really necessary to have. Even in smaller businesses, it is good to have. It's just the price that would stop small businesses from taking it on. If a small business has less than 500 MB logs/day, they may use a splunk free license.
This solution has good technology. I rate Splunk an eight out of ten.
I would rate this solution an eight out of ten.
If this solution matches the needs of your use case then I would give it a try. I rate Splunk a nine out of ten.
There is a large number of options for training and certification. The more training you have the more useful Splunk becomes. However, right out the gate you can do useful searches due to the search bar design.
If you are considering Splunk and you like what you are seeing; my advice would be to go for it. I would rate Splunk an 8 out of 10.
I rate Splunk an eight out of ten.
I'm a consultant. I'm also a customer and use it myself. We use multiple deployment models, including public and private clouds. We typically use the latest version of the solution. I'd advise potential new users to get a proper plan. They should have a good partner or someone that can help them and quickly map and orchestrate. I'd rate the solution at a ten out of ten.
I would advise making sure that your staff is very aware of how the program works. After one or two classes, I got the hang of it, and it felt like I knew everything that was there to know about it, but when we went into the next class, I realized that there is a lot more. So, if you are going to use the program, I would advise making sure that everyone is trained and everyone really understands it. You should take your time to go into the nitty-gritty. You can very easily think that you know everything, but when you make mistakes in Splunk, at least from my experience, it can get messy quickly. So, you want to make sure that everyone has a very good understanding of what they're doing so that you can keep everything organized and accurate. I would rate it an eight out of 10. When we're getting into the nuts and bolts and looking at the data, it is an eight, but when we are just navigating through the website, it is a seven. Only its UI needs improvement. It isn't bad, but there is room for improvement. They should make it a little bit more user-friendly.
Due to the cost of Splunk, I recommend it for larger companies. Splunk is powerful when sorting huge amounts of data. Implementation of Splunk takes preparation. It requires a lot of resources and needs the infrastructure to support the project. I would rate the solution an 8 out of 10.
My advice to anyone considering Splunk is to understand exactly how much data you want to look at and you want to bring in on a daily basis. Then create a rational strategy to bring the data in, in reasonably sized chunks, that fulfill a use case at a time. On a scale of one to ten, I would rate Splunk a really good nine. I'd rate it a really good nine because it's really versatile. You can do a lot of things with it. It allows you to do a lot of analytics in the platform without needing a bunch of other third partyware to help you figure it out.
I would rate this solution a seven out of ten. Splunk has a user-friendly interface and GUI. Its architecture is also much more sophisticated than others.
It is hard to integrate because it can do so many things. A lot of people think it is a set-it-and-forget-it solution, but it is a full-time job for somebody. I would advise others to plan and prepare for ongoing management. It requires a dedicated person for management. Compared to other SIEMs, it is a 10 out of 10.
I would advise making sure that you incorporate enough storage and processing in order to properly support the environment. I would rate it an eight out of 10. It is definitely the best tool I've ever used, but nothing is perfect. They could do a little bit better on data compression and system resource management, but outside of that, it is an excellent product.
The solution can be deployed both on-premises and on the cloud. I'd rate the solution at a nine out of ten. We've been very happy with the product. I would recommend the solution. It really is the best.
I work in security architectures, not operations, so I don't actually work with Splunk on a regular basis, but the team that does is working on threat hunting and incident management. I rate Splunk an eight out of ten.
I would rate Splunk a nine out of ten. I recommend this product to others who are considering implementing it.
Those who are interested in implementing this solution should be prepared to dig deep into their pockets. I would rate Splunk a nine out of ten.
We do not sell Compliance Control Limited solutions because our focus is on auditing and independent security assessments. We put an end to our selling program with Checkmarks. I would recommend this solution to others. Splunk is appropriate for small to medium-sized projects, and it should be calculated for large projects. It's one of the best CM solutions on the market for monitoring, and correlation, as well as IT monitoring security. I would rate Splunk an eight out of ten.
We use Splunk and we also sell and support it for our clients. Normally our policy is to keep software updated to the latest version. The main issue is that we do enterprise architecture and network and security operations. We recommend certain platforms to clients. We don't always sell Splunk directly to them due to the fact that, since we're being hired to help them make choices, we need to be neutral. In the cases where it doesn't make sense, we don't sell it. We just help clients make decisions. I don't know which version of the solution we're using. I'm an architect; I'm not on the operations level. I'm not the one who actually uses it. Our operations use it. I get dashboard results and I do reports that are based on it, however, I'm not the one actually running it. We have a NOC and a SOC and others use it a lot more individually. They have a lot more interaction than I do. I'm getting reports out of it. Others are actually connecting to it, using it as a tool. I'm not a tool user. I'm an information user. All Splunk is, is data collection and it can sort things out on a dashboard. However, a lot of what Splunk does is collect data and you have to decide what kind of information you're going to let it collect. When we're doing design operations we have to really pay attention to what we're doing, so we don't actually slow things down or impede things. The reason we use Splunk is we put a lot of data into it. With Splunk, you need to really be careful about what you're monitoring and how you use it, to get keep the results working. It's a good tool if you know what you're doing and what you need to be logging. You need to be aware of what you're logging to ensure it isn't going to cause problems with your performance. I wouldn't recommend it for somebody who's coming in new. Of the clients we have using it, I don't know if any of them don't have professional IT running it. It's important to really understand what's going on. I'd rate the solution at an eight out of ten. In certain environments, it could be a bit complex. It's not something you could just drop into an organization, you need to be trained to use it. You need the experience to use it properly.
We are partners of Splunk and provide the solution to customers. I feel Splunk is easy to utilize. My company has an app. on which the solution is deployed on-premises on a single server. There is another team in my company that works with Splunk products. I rate Splunk as a seven-point-five out of ten.
I cannot think of anything disadvantageous about Splunk, as we are talking about a product that I like. I feel the solution has beautiful features. The decision to go with Splunk would depend on the business needs of the individual. I know that Splunk has both a cloud and an on-premises option. Sometimes, such as when it comes to conferences, there is no need to move some of the data to the cloud for the purpose of complying with regional requirements. There may be a need to retain some of it and a person might wish for a mixture of on-cloud and on-premises capabilities. I rate Splunk as an eight out of ten. It is a robust platform and easy to use.
I would advise definitely taking advantage of their professional services and making sure that the administrators and whoever is going to be using the tool go through the training. The cost for the training, which depends on if you're commercial or government, is not that much, and there is a definite value there because if you're trying to learn it on your own with a book, it is going to take forever. I would rate Splunk a seven out of 10.
The solution is cloud-based. There are more than a thousand users making use of the solution in our organization, who are connected with us in over 530 different areas. I recommend the solution and plan to continue using it. I rate Splunk as a seven out of ten.
I rate Splunk a seven out of ten.
We are customers and end-users. I'd rate the solution at a nine out of ten.
We're partners and end-users. We don't have a business relationship with Splunk. We use the latest version. I'm not hands-on. I'm called the architect, however, we do use the latest version as that's a part of our configuration management framework, that all of our applications - especially in security - are up-to-date with the latest and greatest updates, bells, and whistles. We use both public and private clouds. In terms of creating the solution, for what we do from an enterprise standpoint, everything from monitoring to data capture to reporting, we would rate it at a nine out of ten.
We're a partner and a customer. I'm using the latest version of the solution. I would highly recommend the solution. It's the best product out there. It's definitely easy to set up. The use cases are multiple. It's not restrictive in terms of the efficiency of the platform. Just make sure that you have enough resources or good counsel from people who can help with the use cases. If you do the sky would be the limit. It is a good solution. I'd rate the solution at a ten out of ten.
Splunk is easy to use and not having the need to log into every single network device for management is helpful. I rate Splunk a seven out of ten.
I rate Splunk a five out of ten.
I'd rate the solution at an eight out of ten.
I think this is a good solution and rate it a seven out of 10.
My advice to others is not to be intimidated by the solution and to give it a try. It will become easier over time. I rate Splunk an eight out of ten.
I would recommend this solution. If you are a technical person, it does what you need. If you are not a technical person and you require graphs, that's a different story. I would rate Splunk a ten out of ten because I have no problems with it.
When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data. I rate Splunk an eight out of ten.
I would recommend this solution to others. I would rate Splunk an eight out of ten.
I would rate Splunk a seven out of ten.
We are resellers. We use a variety of deployment models, including private cloud and hybrid. This solution is the best security solution. If a company is looking for the best, they have to buy Splunk. It is a very good and very mature solution. It is very easy to integrate with some other service or security solutions. If they have specific solutions that need to be integrated for monitoring purposes, it should be a problem. For example, it integrates very well with Cisco. I'd rate the solution at a ten out of ten. We are quite happy with its capabilities.
Plan your requirements properly from the beginning so that you can get the most value in a shorter space of time. On a scale from one to ten, I would rate Splunk at six.
A few years ago, I would have definitely recommended Splunk, but nowadays, better alternatives are available. We are currently exploring a few other alternatives, so I won't recommend Splunk as of now. I would rate Splunk a seven out of ten.
This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer. I would rate this solution a nine out of ten.
I would recommend this solution to others, but it should meet their needs and architecture. I would rate Splunk a nine out of ten.
I would definitely recommend Splunk. It is quite a decent tool, and it is there in a lot of enterprises. I would rate Splunk an eight out of ten.
As we recently purchased the solution, we are using the latest version right now. I would recommend the solution to other users. I would rate the solution at an eight out of ten. If the solution offered a better price and better support services, I would likely rate it higher. However, for the most part, we have been satisfied with the product and its capabilities.
I would recommend this solution. I rate Splunk a six out of ten.
This is a solution that I could recommend for somebody who wants a really powerful product. It is not an end to end orchestrated SIEM yet. This is a product that I would generally recommend, although I would not do so if the customer is really budget-driven. I would rate this solution a six out of ten.
It is important to define different guidelines to integrate Splunk in development, QA, and production deployments. Additionally, define the applications that will be used and the configuration of the databases to collect the data. If this is not done, there will be a lot of issues due to, for example, master access or permissions to use the database collector and blocks.
We use a mixture of public and private cloud deployments. I would definitely recommend the solution, having seen it work for others so well. Its ease of usage and its man integrations make it a great product. The way you can access whatever you need on the solution is very similar to a Google bar where you can search for anything you need. It's just a super quick responsive, product. Overall, I would rate it a perfect ten out of ten. We have no complaints.
It's important to prepare. You can't just get a solution and start to implement it. A big part of that needs to be preparation, and in IT, we're not great at that. I would go with Elastic, a similar product but better. The licensing is a little different but it gives you a little more freedom to do things. It's really flexible with what you can do and versatile in how you can use it. Splunk is still top when it comes to log collection. If you wanted anything more than that, you should probably look into using several different products. There isn't really one product that you're going to find that's going to give you that coverage and I just like the versatility of using several different products. There are some other things you can use that actually do a better job at the correlation part. I would rate this solution a seven out of 10.
I would recommend Splunk to any company: small, medium, and large. Splunk is a great tool but you should get a partner who knows what they are doing, implementation-wise. On a scale from one to ten, I would give Splunk a rating of nine.
I would rate Splunk and eight out of ten.
I would rate Splunk as 8 out of 10.
I would rate this solution a seven out of ten.
I would definitely recommend using Splunk. They have free learning models available. There are models available on their learning page where you can gain a better understanding of how to use Splunk. Within one month alone, you can at least understand how to operate Splunk, whereas, with other tools, it can take a lot of time to understand. On a scale from one to ten, I would give Splunk a rating of nine. The only downside is the cost. Price is the only factor; sometimes, companies shy away from Splunk because of the price.
I would definitely recommend Splunk. We will review performance within two years of our three-year contract and then decide at that point what other aspects we need to consider. I would rate Splunk 8 out of 10.
We're just a customer. We don't have a business relationship with Splunk. We're using the latest version of the solution. I'd advise those considering the solution to do some basic training before jumping into using the solution. It will help you understand how everything is supposed to work. I'd rate the solution at an eight out of ten, due to the fact that it's more flexible than other solutions. I like the idea of taking a log, any log, and putting it into a tool and creating your events and your conditions in order to get the output that you're looking for. It's more scalable and flexible than other options on the market.
If you're going with this solution, make sure that when implementing the ports are open. If they're not open, it creates problems with the server. Other than that, this is a very stable and very easy to configure product. We can easily deploy and easily use. Other similar solutions are difficult to configure, Splunk is the simplest. I've used three or four monitoring tools and Splunk is the easiest. If a company can afford it, this is a good product. We are planning to shift to another product because of the cost. We're searching for an open source or cheaper product. I would rate this solution a nine out of 10. They lose one point for the price and lack of infrastructure support.
We're just users. We don't have a business relationship with Splunk. We're on a variation of version seven. I'm not sure of the exact one. It's not quite the latest. I'd advise new users, if they have the budget for it, to go and take the training that they offer. Or, for casual users, you just want to spend as much time watching YouTube videos as you can. It will help lessen the learning curve. As a solution, it's still pretty much industry standard. I would give it a nine out of ten overall, even though I have my gripes with it.
Splunk is a good product but I would definitely tell people to analyze their requirements to see if Splunk fits their use case, or not. The licensing model is very complicated, so if there is a product that has a better licensing model then it would probably be good to start with that. Then, later on, if the product is not working well enough, then they can switch to Splunk. At that point, they will have knowledge of the data they are using and will understand the costs that they might incur while using it. The only way that I would suggest somebody use this as their first solution is if they already had all of the data that is required to get a cost estimate. I would rate this solution a seven out of ten.
We're partners. We have a business relationship with Splunk. We're using the latest version of the solution. Overall, I would rate the solution at a seven out of ten. I'd advise potential new users to ensure they do proper sizing before deploying the product. If it's a very large deployment, the number of endpoints will be quite sizeable. You need to figure out the correct number of endpoints as well as endpoint devices, switches, routers, etc. It's also a good idea to look at use cases. Splunk is very strong in some use cases. It's important to look into deployment scenarios and check out the use cases before deploying anything. My biggest takeaway after working with the solution is that the environment is very important. You need to be clear about the problem you are addressing and it takes a lot of planning at the outset.
I would definitely suggest sending people to analyze or evaluate Splunk. Because the licensing model is very complicated to understand, it would be better to start with another product that provides a better licensing model. Later, if the product is not working well, they can consider using Splunk and may have a better understanding of the cost. For me, I would not recommend Splunk as their first solution unless they have all of the data that is required. I would rate Splunk a seven out of ten.
I would advise to get Splunk professional services from Splunk.
Splunk is great product, especially for my organization.
Because it was a trial version, I was the only one who used it in our company. I kept some snapshots from our trial with the Splunk system and we are preparing a proposal to submit to our manager in Vietnam. If in the near future we have enough money to purchase the system, we will invest in this system for our company.
I would rate this solution a perfect ten out of ten.
I would rate it an eight out of ten. Splunk is more efficient than other solutions but it's also more expensive.
As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations.
I will rate it as a security product an eight out of 10. There's no product which is perfect unless you go back and you create a psychic of the solutions.
I would rate this solution a nine out of ten. I rated it a nine because every tool will have its drawbacks but ultimately it's a very good tool in comparison to HP ArcSight. If we can add on a scalability feature it would significantly improve the solution. I would advise someone considering this solution to use it at least for a year to get a hands-on and technical understanding because it's a good product. Then decide whether or not to move forward with Splunk - but I would advise to stick with Splunk.
I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors.
Do your homework and make sure it fits your needs. The product is pretty good. We are pretty satisfied with it. It does what it does. We host the product on AWS, but we did not purchase it on the AWS Marketplace.
Implement something and watch how much data you are sending to it, then have some way to shut it off without redeploying your app in case things get hairy. We use the cloud version of the product.
Go with Splunk. A lot of people know how to use it because they have experience with it. It works well. While it has some pain points, it provides reports and data visibility. It integrates great with Opsgenie, PagerDuty and Slack. We love the Slack integration, as works great with the Slack alerts. We use the on-premise version in our data centers and we use the AWS version. We are just starting to migrate to the AWS hosted version, and I have not seen a difference.
Build your environment a lot bigger than you think you will need it, because you fill it up quickly. We log somewhere in the neighborhood of two to four terabytes a day per data center. We use both AWS and SaaS versions. With the SaaS version, you don't have as much control, but it functions the same, so there is no real difference. Though, the AWS version is probably easier to scale, because it is AWS.
Explore Splunk. The product has a lot of depth. It works with multiple products which are scheduling systems to ERPs to legacy, and it works perfectly fine. I use the on-premise version. I have not had the opportunity to explore the AWS on Splunk version yet.
I would recommend trying different stuff based on your company's needs and log types. We like the product.
It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign. It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. I am using the on-premise version.
It is easy to use, and easy to implement.
When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed. But, the instance was resolved.
We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.
There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best. I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.
It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality.
Pick it up and jump into the community! It can help get you started a lot faster.
Growth in data ingested will be much larger that you anticipated. If you need to prove this first, consider using an ELK Stack Logstash type of solution before using Splunk.
We build many of our own apps by leveraging the logic in others.
You can also get GREAT help at answers.splunk.com.
The recent acquisition of Phantom makes the future seem bright with more automated responses.
I love this product.
I have been using Splunk to increase my security experience.
If you have an R&D department within your company that is looking for something new to increase the efficiencies and effectiveness of your company's operations, I would highly recommend having them get the free trial to test out.