Data Analyst at a government with 10,001+ employees
Real User
2024-06-13T19:49:00Z
Jun 13, 2024
We never had any issues when it comes to the type of use cases we are using it for. We did not need more advancement on it, but I know that, in general, everything can be updated. There are tiny little tweaks that can be made regardless of whether it looks better or has a different flow to it than it does right now, but it works pretty well for what we use it for.
One thing I recently ran into was that the logs on the server most often get Gzipped after they have been rotated. We found that we were not monitoring some of the things, so we had to go back and pull them in. Right now, it pulls one at a time, untars it, or unzips it, so I cannot look at the entire history. There can be an improvement in that area.
Senior Client Partner at a tech consulting company with 1-10 employees
Real User
Top 10
2024-04-05T08:40:00Z
Apr 5, 2024
The main drawback of Splunk for network monitoring is its limited agent deployment. Splunk excels at collecting data from servers and databases where agents can be installed. However, it cannot directly monitor network devices, unlike Broadcom. Broadcom offers Spectrum and Performance Management tools that primarily work on SNMP to collect data from network devices. Splunk doesn't have a directly comparable functionality for network devices. While Splunk offers a wider range of data collection, including metrics, logs, and more, it can be more expensive. Splunk's licensing model is based on data volume (terabytes) rather than the number of devices. This can be costlier compared to Broadcom or similar tools, which often use device-based licensing. The end-to-end visibility is lacking because Splunk cannot directly monitor network devices. Broadcom provides a topology-based root cause analysis that is not available with Splunk.
Splunk and AppDynamics SME at Saudi Networkers Services
Real User
Top 10
2024-02-27T15:45:00Z
Feb 27, 2024
The clustering part of indexes can be more refined. They can cut down a bit at the monetary level for the long-time customers. We recently had a scenario where we were in discussions to see if there was any flexibility from Splunk's side.
It's a bit difficult to use. It takes some time to get into it and to get it to do what you would like it to do. It is not straightforward to use it. Once you have the dashboards for collecting and analyzing transactions configured, they are okay, but it takes some time to do it. Configuration could be easier.
We still use Splunk Enterprise licensing. A lot of the newer features go into Splunk Cloud before Enterprise. We're not looking to switch our licensing over, so we're falling behind on the newer features. I know Splunk has plans to move their cloud features into Enterprise at some point. The only improvement we would like is to have more features put into Enterprise that focus on the cloud. Some people come from an on-prem environment and slowly move to cloud and would have to make a full jump into the Splunk Cloud licensing to get any of the cool Cloud features.
They need to offer better endpoint protection. They don't have their own platform for endpoint protection. It would be helpful if they added something that addressed that. They need more EDR functionalities. Support could be faster.
The solution's stability is an area that has room for improvement. It needs to provide constant stability to its users. Also, the price of the license for the solution could be a bit better.
There's a component in this solution that is particular and takes a lot of manual work and that is the automation. There is a lot of room for improvement with the automation. They should also improve the discovery and detection of all the infrastructure components so that it is more automated and takes less manual work.
Solution Architect(Splunk- Log Management) at Tata Consultancy
Real User
Top 10
2023-03-01T12:15:03Z
Mar 1, 2023
I don't see any issues yet because my use case has not been finalized. The point is, if anyone is going to acquire Splunk ITSI, their primary purpose should be to ensure that all infrastructure assets in production are logged into Splunk to ensure complete monitoring is enabled. Each organization has its own criteria for the importance of its applications and servers. All of these must be added for the monitoring to be effective. The implementation can be more user-friendly.
Security Engineer at a tech services company with 201-500 employees
Real User
2020-03-29T08:26:00Z
Mar 29, 2020
We haven't faced any problems yet. It's working as expected. We are using the enterprise-grade, strong products and we're just paying a lot for it right now. People intend to go for automation. We are following the works process and we are inculcating the engineers to ensure everything is automated. Whatever needs to be mitigated, has to be followed up on ticketing tools, this tool would come in. It handles the issues going on and what needs to be remediated in this single tool. We need multiple tools in order to accomplish what we need. It's kind of a medium across multiple products. It would be better if we have a dedicated tool, that takes care of the entire work process, including automation as well. They do not have all the features that I expect right now.
Security Administrator at a tech services company with 501-1,000 employees
MSP
2020-03-15T08:07:00Z
Mar 15, 2020
Splunk would be better if some tools were integrated to be able to take action on security or network concerns. People in the IT field are looking for a single tool that can do everything. Not separate tools for monitoring and fixing.
Cyber Security Consultant at a manufacturing company with 10,001+ employees
Real User
2020-03-09T08:07:55Z
Mar 9, 2020
Without having used the solution too much, I don't really have any suggestions for feature improvement. It would be useful if they provided some help pages. If you don't know too much about the tool, there should be more documentation readily available. It would be useful if they had a help button embedded in the solution so you could ask questions and get answers. The solution should provide for some entry-level training.
Prinicipal Security Sales Engineer at a computer software company with 501-1,000 employees
Real User
2020-03-09T08:07:00Z
Mar 9, 2020
The cost needs to be re-examined. It's extremely expensive to run. It's also expensive to expand. That's the number one complaint all of my customers have when it comes to Splunk. It's way too expensive compared to other solutions. The integration of their cloud solution, which came out a couple of years ago, and the ability to now integrate Phantom, needs to be improved. It would be ideal if there was a more automated process for finding and identifying data sources that a user wants to bring into the solution. Right now, it's all manual.
IT Consultant at a tech services company with 51-200 employees
Real User
Top 5
2019-10-28T06:33:00Z
Oct 28, 2019
I would like to see an improvement and some innovation in the customer interface, which puts something in your design. If we able to customize more parts of the user interface, it would be great. I also think the scalability should be improved.
In the next release, I would like to see more integration with other solutions. For example, Juniper, ManageEngine, PAM (Privileged Access Monitoring), and Wallix.
What I don't like is that you are not sure all the data is recorded. Our product is better in these areas of functionality. Splunk is quite a bit different. When you transfer some logs at the end of the day you are never sure that you grab everything or not. The transport layer is not so well done and could be better. What should be better in the solution to make Splunk a ten out of ten is a question I would rather not answer. That is an area where the products delivered by our companies compete in some ways.
Splunk Observability Cloud combines log search, data integration, and dashboards for seamless monitoring, enhancing infrastructure visibility and security. Its cloud integration and scalability support diverse environments, improving operational efficiency.Splunk Observability Cloud offers comprehensive monitoring tools with user-friendly interfaces, enabling end-to-end infrastructure visibility. Its real-time alerting and predictive capabilities enhance security monitoring, while centralized...
We never had any issues when it comes to the type of use cases we are using it for. We did not need more advancement on it, but I know that, in general, everything can be updated. There are tiny little tweaks that can be made regardless of whether it looks better or has a different flow to it than it does right now, but it works pretty well for what we use it for.
The security could be better.
One thing I recently ran into was that the logs on the server most often get Gzipped after they have been rotated. We found that we were not monitoring some of the things, so we had to go back and pull them in. Right now, it pulls one at a time, untars it, or unzips it, so I cannot look at the entire history. There can be an improvement in that area.
The main drawback of Splunk for network monitoring is its limited agent deployment. Splunk excels at collecting data from servers and databases where agents can be installed. However, it cannot directly monitor network devices, unlike Broadcom. Broadcom offers Spectrum and Performance Management tools that primarily work on SNMP to collect data from network devices. Splunk doesn't have a directly comparable functionality for network devices. While Splunk offers a wider range of data collection, including metrics, logs, and more, it can be more expensive. Splunk's licensing model is based on data volume (terabytes) rather than the number of devices. This can be costlier compared to Broadcom or similar tools, which often use device-based licensing. The end-to-end visibility is lacking because Splunk cannot directly monitor network devices. Broadcom provides a topology-based root cause analysis that is not available with Splunk.
The clustering part of indexes can be more refined. They can cut down a bit at the monetary level for the long-time customers. We recently had a scenario where we were in discussions to see if there was any flexibility from Splunk's side.
Splunk could be better integrated with configuration manager solutions so we can automatically resolve issues without human interference.
It's a bit difficult to use. It takes some time to get into it and to get it to do what you would like it to do. It is not straightforward to use it. Once you have the dashboards for collecting and analyzing transactions configured, they are okay, but it takes some time to do it. Configuration could be easier.
We still use Splunk Enterprise licensing. A lot of the newer features go into Splunk Cloud before Enterprise. We're not looking to switch our licensing over, so we're falling behind on the newer features. I know Splunk has plans to move their cloud features into Enterprise at some point. The only improvement we would like is to have more features put into Enterprise that focus on the cloud. Some people come from an on-prem environment and slowly move to cloud and would have to make a full jump into the Splunk Cloud licensing to get any of the cool Cloud features.
They need to offer better endpoint protection. They don't have their own platform for endpoint protection. It would be helpful if they added something that addressed that. They need more EDR functionalities. Support could be faster.
The solution's stability is an area that has room for improvement. It needs to provide constant stability to its users. Also, the price of the license for the solution could be a bit better.
There's a component in this solution that is particular and takes a lot of manual work and that is the automation. There is a lot of room for improvement with the automation. They should also improve the discovery and detection of all the infrastructure components so that it is more automated and takes less manual work.
I don't see any issues yet because my use case has not been finalized. The point is, if anyone is going to acquire Splunk ITSI, their primary purpose should be to ensure that all infrastructure assets in production are logged into Splunk to ensure complete monitoring is enabled. Each organization has its own criteria for the importance of its applications and servers. All of these must be added for the monitoring to be effective. The implementation can be more user-friendly.
Overall, I cannot think of any features that are missing. The deployment can be quite complex.
We haven't faced any problems yet. It's working as expected. We are using the enterprise-grade, strong products and we're just paying a lot for it right now. People intend to go for automation. We are following the works process and we are inculcating the engineers to ensure everything is automated. Whatever needs to be mitigated, has to be followed up on ticketing tools, this tool would come in. It handles the issues going on and what needs to be remediated in this single tool. We need multiple tools in order to accomplish what we need. It's kind of a medium across multiple products. It would be better if we have a dedicated tool, that takes care of the entire work process, including automation as well. They do not have all the features that I expect right now.
Splunk would be better if some tools were integrated to be able to take action on security or network concerns. People in the IT field are looking for a single tool that can do everything. Not separate tools for monitoring and fixing.
Without having used the solution too much, I don't really have any suggestions for feature improvement. It would be useful if they provided some help pages. If you don't know too much about the tool, there should be more documentation readily available. It would be useful if they had a help button embedded in the solution so you could ask questions and get answers. The solution should provide for some entry-level training.
The cost needs to be re-examined. It's extremely expensive to run. It's also expensive to expand. That's the number one complaint all of my customers have when it comes to Splunk. It's way too expensive compared to other solutions. The integration of their cloud solution, which came out a couple of years ago, and the ability to now integrate Phantom, needs to be improved. It would be ideal if there was a more automated process for finding and identifying data sources that a user wants to bring into the solution. Right now, it's all manual.
The price of this solution is very high and can be improved. This solution is difficult to configure and the instructions are complex.
I would like to see an improvement and some innovation in the customer interface, which puts something in your design. If we able to customize more parts of the user interface, it would be great. I also think the scalability should be improved.
The solution should have more sensors regarding fiber intelligence for security measures.
In the next release, I would like to see more integration with other solutions. For example, Juniper, ManageEngine, PAM (Privileged Access Monitoring), and Wallix.
What I don't like is that you are not sure all the data is recorded. Our product is better in these areas of functionality. Splunk is quite a bit different. When you transfer some logs at the end of the day you are never sure that you grab everything or not. The transport layer is not so well done and could be better. What should be better in the solution to make Splunk a ten out of ten is a question I would rather not answer. That is an area where the products delivered by our companies compete in some ways.