Splunk Enterprise Security Reviews

Name: Splunk Enterprise Security
Brand: Splunk
Rating: 4.2 (365 reviews)

4.2 out of 5

365 reviews
94% willing to recommend

What is Splunk Enterprise Security?

Splunk Enterprise Security delivers powerful log management, rapid searches, and intuitive dashboards, enhancing real-time analytics and security measures. Its advanced machine learning and wide system compatibility streamline threat detection and incident response across diverse IT environments.

Get the Splunk Enterprise Security Buyer's Guide and find out what your peers are saying about Splunk Enterprise Security, CrowdStrike Falcon, Wazuh and more!

Splunk Enterprise Security is the #1 ranked solution in top Security Information and Event Management (SIEM) solutions, #1 ranked solution in top IT Operations Analytics solutions, and #2 ranked solution in Log Management Software. PeerSpot users give Splunk Enterprise Security an average rating of 8.4 out of 10. Splunk Enterprise Security is most commonly compared to CrowdStrike Falcon: Splunk Enterprise Security vs CrowdStrike Falcon. Splunk Enterprise Security is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.

Buyer's Guide

Splunk Enterprise Security

August 2025

Get the report

Helped 867,341 peers since 2012

Featured Splunk Enterprise Security reviews

Kyle Vernham

Threat Analyst at a manufacturing company with 10,001+ employees

The two features I appreciate the most in Splunk Enterprise Security are the built-in searches, which have been very easy for us to get started with right out of the box, and the fact that it accesses all of our other systems. You can access it as a pane of glass rather than having to search individually. We also have the option to compare our analysts from our service to service. Splunk Enterprise Security helps our SOC team prioritize and investigate high-fidelity alerts more effectively by providing a more in-depth look and the ability to access a lot more of our data. Instead of jumping from several segmented systems, it allows us to have everything brought together in one place. For example, you have to move from our purview to our build system and to Splunk Enterprise Security, and it enables us to streamline that process. The built-in features of Splunk Enterprise Security, which we recently procured, have given us a good starting point and demonstrated the value of the product, providing an easy way to sell it to our company. The ease of getting everything into our purview helps us, and it serves as a good start for the investigation part in one location rather than what we usually have, which is jumping from system to system to system. Splunk Enterprise Security plays a role in our company's strategy to combat insider threats and advanced persistent threats by currently being in its technical test phase. We are still rolling it out, and it should help us find any insider threats based on information that our policy states should not be present in our system. Splunk Enterprise Security's risk-based alerting (RBA) has impacted our alert volume and analyst productivity because we've got many different systems feeding into it. However, it has helped to make it easier for our analysts to go through a set of events rather than 100 alerts. RBA allows us to streamline the process and customize it for our analysts. When it comes to leveraging Splunk Enterprise Security's dashboards and visualizations to communicate security posture to executives, it's pretty straightforward for any type of information. The visualization is easy to understand, but I haven't had any direct conversations with our executives.

Read full review

ROBERT-CHRISTIAN

CTO at kyndryl

In our organization, we use our own tools such as Kyndryl Bridge and Elastic. We use Kyndryl Bridge which essentially has a similar function. It is based on Elastic. It indexes log files and flags log files. It helps you to very quickly search log files similar to the Splunk algorithm. Our clients use Splunk Enterprise Security. If somebody already has Splunk as a business intelligence tool, then very often, it makes sense to expand the Splunk subscription they have to include Enterprise Security as well. We base our decisions on customer requirements, not on anything else. If a customer comes to us looking for a SIEM solution, we advise them based on their infrastructure and objectives. If we deliver the service for them and they want us to do that, we mostly go with Microsoft Sentinel when they already do not have Splunk. Otherwise, we go with Splunk Enterprise Security. We have about 30 customers in Germany who have Splunk, and we run it for them. Monitoring multiple clouds with Splunk Enterprise Security is no more difficult than it is with Sentinel. I find Sentinel a bit easier. Splunk, of course, is very useful if you have AWS. Generically, because Splunk is not a cloud provider itself, it fits with anything. However, integration can be challenging at times, especially in virtualized environments. Splunk struggles a bit with speed in virtualized environments. Most importantly, Splunk can be outrageously expensive. That is the problem with both Splunk and Sentinel. Their pricing literally explodes based on the amount of data you feed in. I like Elastic SIEM. It is a tool that allows you to determine the price. It is based on the computing power you require and not on the amount of data you put in, so it is a lot more flexible than Splunk or Sentinel. If there is a cost concern, Elastic SIEM is a good idea. Elastic is also pretty good at creating on-premises data lakes to control the amount of information you put into the same tool. That is something that neither Splunk nor Sentinel offers. In our operations, we use a separate threat intelligence vendor. To the SIEM tool, we added a SOAR tool for security orchestration, automation, and response, which is very critical these days. We get threat intelligence from a third-party provider because neither Splunk nor Microsoft gives the coverage that our customers need. Splunk does not have a SOAR capability, so we add that on top. We could add that on top of any tool, so it is not specific to Splunk, but Splunk helps because going through the log files is very fast. It does help when you do the incident analysis. Elastic also provides that, and Sentinel has that to some degree, but Splunk is still the Google for log files. MITRE ATT&CK framework is integrated pretty much into any SIEM tool. It is not unique to Splunk. It is there in QRadar and other solutions. MITRE ATT&CK framework is helpful when designing incident response plans or playbooks. It is nice that they have it, but that is nothing unique to Splunk.

Read full review

MatthewSnyder

Principal Engineer and Lead Detection and Response at Aviatrix

Splunk Enterprise Security has helped reduce my team's average meantime to detect insider threats, which I discussed at a conference a few years ago. Previously, it would take us days to properly analyze, triage, and respond to insider threats. Now with risk-based alerting, we are able to reduce that to 10 minutes. This is a powerful metric on the amount of time saved. Not only are we saving time, we're able to apply investigations in a more uniform and consistent manner where we're able to control the output, ensuring we're delivering consistent and valuable products each time we perform investigations or responses.

Read full review

Splunk Enterprise Security mindshare

Product category:

As of September 2025, the mindshare of Splunk Enterprise Security in the Security Information and Event Management (SIEM) category stands at 9.3%, down from 11.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
Splunk Enterprise Security	9.3%
Wazuh	10.9%
IBM Security QRadar	7.2%
Other	72.6%

Security Information and Event Management (SIEM)

PeerResearch reports based on Splunk Enterprise Security reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Sep 14, 2025	Download
Product	Reviews, tips, and advice from real users	Sep 14, 2025	Download
Comparison	Splunk Enterprise Security vs Wazuh	Sep 14, 2025	Download
Comparison	Splunk Enterprise Security vs Microsoft Sentinel	Sep 14, 2025	Download
Comparison	Splunk Enterprise Security vs IBM Security QRadar	Sep 14, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.3%	97%	135 interviews Add to research
Wazuh	3.7	10.9%	80%	48 interviews Add to research

Valuable Features

Splunk Enterprise Security's most valuable features include robust log management, fast data search, flexible query language, comprehensive dashboards, and seamless integration with multiple data sources. It excels in threat detection, correlation search, and providing real-time alerts. Its schema-on-read technology enables efficient data storage and reuse, enhancing operational intelligence. Users appreciate its user-friendly interface, advanced analytics, and machine learning capabilities for customized, actionable insights across multi-cloud and on-premises environments.

"The features of Splunk Enterprise Security that I prefer the most are risk-based alerting, the new Mission Control, and the integrations that are coming into place between Mission Control and Splunk SOAR."
"Splunk Enterprise Security scales well with the growing needs of our company."
"It has supported our SOC by improving it."

Room for Improvement

Splunk Enterprise Security requires enhancements in areas such as its user interface, integration capabilities, and threat detection efficacy. Users find the platform complex, with a steep learning curve, necessitating more intuitive tools and clearer documentation. The high cost is often prohibitive, with pricing models needing adjustment to be more competitive in the market. Improved machine learning, artificial intelligence features, and automation would boost usability. Technical support and training resources also need significant improvement.

"Splunk Enterprise Security could be improved by having better role-based access controls."
"For instance, if a DLP operations analyst accesses the platform, it should guide them to navigate predefined content for their role. That's something I've already mentioned to them, and I'm eager to see what happens next."
"I would definitely improve the risk-based alerts in Splunk Enterprise Security, helping SOC analysts to get to the drill-down searches."

ROI

Users experienced a high return on investment from Splunk Enterprise Security, mainly through time savings, improved visibility, and better threat detection. Many users automated certain tasks, leading to significant manpower reduction. Some users mentioned financial savings through quicker issue resolutions. Other benefits included faster dashboard creation and real-time decision making, greatly enhancing security and operational efficiency. A few users expressed challenges regarding licensing costs and assessing ROI in a nonprofit setup.

Pricing

Splunk Enterprise Security's pricing is perceived as high, mainly structured around data volume ingested per day. While some organizations find it fair for the comprehensive features offered, others consider it expensive and suggest optimization to reduce costs. Licensing can be complex, with additional costs for specific capabilities, making careful evaluation of data needs crucial. Despite its price, many users appreciate its robust functionalities, rendering it a competitive option amid other SIEM solutions.

"The pricing of Splunk Enterprise Security is somewhat high, but comparing it with its benefits, it's acceptable. It depends on the type of business."
"Pricing and licensing are quite high compared to other tools or SIEM tools, but the features justify it."
"Splunk Enterprise Security is a bit expensive overall, but it provides good value."

Popular Use Cases

Organizations utilize Splunk Enterprise Security primarily for security operations, including log aggregation, monitoring, and threat detection. They implement it to build security operation centers (SOC), track security incidents, and correlate logs for proactive threat prevention. Users employ it for analyzing user behaviors, application monitoring, creating dashboards, and real-time alerts. The platform supports compliance, incident investigation, infrastructure management, and provides enhanced visibility into potential threats with various integration capabilities.

Service and Support

Splunk Enterprise Security's customer service and support are generally well-regarded, with many users praising responsiveness and effectiveness. Some find premium support more beneficial, citing faster response times. However, a few note occasional delays and complexity, reflecting a need for improvement. The engaged community and comprehensive documentation offer additional support avenues. While some users mention challenges, they appreciate the knowledgeable support staff. Splunk provides varied support levels, ensuring different user needs are met efficiently.

Deployment

Splunk Enterprise Security's initial setup is generally straightforward but can vary in complexity. Users mentioned that while the basic installation is easy, deploying in distributed environments or customizing can pose challenges. There is a learning curve for new users, requiring skilled personnel. Clustering and high availability configurations add difficulty. However, Splunk's documentation and support are helpful, and many find the cloud deployment faster and simpler compared to on-premises setups.

Scalability

Splunk Enterprise Security offers robust scalability, suiting both small and large organizations. It's praised for strong capacity across diverse environments, supporting extensive data and users. While costly, its horizontal and vertical scaling is efficient. Cloud deployment simplifies scalability, though on-premises requires careful planning and resources. Companies leverage its adaptability for comprehensive log and security needs, with scalability remaining a key strength, making it a preferred choice for high-volume operations.

Stability

Users frequently highlight the stability of Splunk Enterprise Security, noting its reliability and minimal issues. While some encounter occasional bugs or resource challenges, most find it robust and consistent in performance. Many praise its resilience, especially when configured optimally, although a few mention the need for capacity planning to handle large data volumes efficiently. Despite minor hiccups, users generally report positive experiences, appreciating its stability and dependability for data management tasks.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk Enterprise Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	82
Midsize Enterprise	42
Large Enterprise	214

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	1001
Midsize Enterprise	628
Large Enterprise	2481

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

14%

Manufacturing Company

Government

University

Educational Organization

Healthcare Company

Retailer

Comms Service Provider

Insurance Company

Non Profit

Real Estate/Law Firm

Performing Arts

Media Company

Energy/Utilities Company

Legal Firm

Outsourcing Company

Construction Company

Transportation Company

Hospitality Company

Wholesaler/Distributor

Pharma/Biotech Company

Aerospace/Defense Firm

Recreational Facilities/Services Company

Consumer Goods Company

Marketing Services Firm

Logistics Company

Compare Splunk Enterprise Security with alternative products

Learn more about Splunk Enterprise Security

Splunk Enterprise Security stands out in security operations with robust features like comprehensive threat intelligence and seamless data integration. Its real-time analytics and customizable queries enable proactive threat analysis and efficient incident response. Integration with multiple third-party feeds allows detailed threat correlation and streamlined data visualization. Users find the intuitive UI and broad compatibility support efficient threat detection while reducing false positives. Despite its strengths, areas such as visualization capabilities and integration processes with cloud environments need enhancement. Users face a high learning curve, and improvements in automation, AI, documentation, and training are desired to maximize its potential.

What Are the Key Features of Splunk Enterprise Security?

Log Management: Efficiently manages and organizes a vast amount of logs for better data handling.
Rapid Data Search: Quickly retrieves relevant data for fast decision-making.
Flexible Dashboards: Customizable dashboards provide clear data visualization.
Comprehensive Threat Intelligence: Offers detailed insights to preemptively defend against threats.
Real-Time Analytics: Analyzes data in real-time to enhance response times.
Integration with Third-Party Feeds: Streamlines information flow from multiple sources.

What Benefits Should Users Investigate in Reviews?

Efficient Incident Response: Enhances the ability to respond promptly to threats.
False Positive Reduction: Minimizes incorrect threat alarms, making monitoring more efficient.
Threat Detection Speed: Accelerates the identification and evaluation of security threats.
Cost-Effectiveness: Potential savings through better licensing options and operational efficiency.
User Adaptability: Enhancements in documentation and training resources aid in overcoming the learning curve.

In specific industries like finance and healthcare, Splunk Enterprise Security is instrumental for log aggregation, SIEM functionalities, and compliance monitoring. Companies leverage its capabilities for proactive threat analysis and response, ensuring comprehensive security monitoring and integration with various tools for heightened operational intelligence.

Splunk Enterprise Security customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

Julia Miller

Community Director at PeerSpot

Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries

Which would you recommend to your boss, IBM QRadar or Splunk?

What are some of the best features and use-cases of Splunk?

What SOC product do you recommend?

Splunk as an Enterprise Class monitoring solution -- thoughts?

1,900

What is the biggest difference between Dynatrace and Splunk?

IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?

What are the advantages of ELK over Splunk?

How does Splunk compare with Azure Monitor?

New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?

Splunk vs. Elastic Stack

Product Categories

Security Information and Event Management (SIEM)

Log Management

IT Operations Analytics

Popular Comparisons

CrowdStrike Falcon vs Splunk Enterprise Security

Wazuh vs Splunk Enterprise Security

Dynatrace vs Splunk Enterprise Security

Microsoft Sentinel vs Splunk Enterprise Security

Datadog vs Splunk Enterprise Security

IBM Security QRadar vs Splunk Enterprise Security

New Relic vs Splunk Enterprise Security

Elastic Security vs Splunk Enterprise Security

Splunk AppDynamics vs Splunk Enterprise Security

Grafana Loki vs Splunk Enterprise Security

Elastic Observability vs Splunk Enterprise Security

Graylog Enterprise vs Splunk Enterprise Security

Security Onion vs Splunk Enterprise Security

Cortex XSIAM vs Splunk Enterprise Security

Palantir Foundry vs Splunk Enterprise Security

See all alternatives

Splunk Enterprise Security Reviews Summary
Author info	Rating	Review Summary
Splunk System Engineer at a non-tech company with 11-50 employees	4.5	I find Splunk Enterprise Security invaluable for reducing alert volume and speeding up security investigations with a powerful correlation engine. However, its user interface needs improvement, especially in visualizations, and it's pricey for smaller companies.
Threat Analyst at a manufacturing company with 10,001+ employees	4.0	I've found Splunk Enterprise Security effective for insider threat detection, with strong built-in features and intuitive dashboards, though data indexing and incident board behavior could improve; overall, it's streamlined investigations and improved alert efficiency during our rollout phase.
Security & Risk Analyst at a computer software company with 1,001-5,000 employees	4.0	I primarily use Splunk Enterprise Security for detecting anomalous behavior by integrating various log sources, benefiting from its user-friendly interface and excellent integrations. However, it requires careful setup and has room for improvement in threat intel and search speed.
CTO at a tech vendor with 10,001+ employees	4.5	As an MSSP, we use Splunk Enterprise Security for customers, praising its 50,000 predefined rules. However, creating custom rules is complex, and integration can be costly. We recommend other SIEM tools like Elastic when cost is a concern.
Principal Engineer and Lead Detection and Response at Aviatrix	4.0	Splunk Enterprise Security has dramatically improved detection speed, offers unmatched flexibility, scales well, and has reliable support. Although data onboarding is time-consuming, the long-term value, stability, and powerful capabilities make it my top SIEM choice.
Security Engineer at a financial services firm with 5,001-10,000 employees	4.0	I've used Splunk Enterprise Security for two years to support cloud use cases, appreciating its customizable detections and integrations, though onboarding relevant data is challenging; it significantly reduced manual work and improved incident response efficiency.
Dir Of Global Cyber Security Ops at a manufacturing company with 10,001+ employees	4.0	Splunk Enterprise Security gives me strong visibility across our environment, improving our security posture, but customizing detections is complex and time-consuming. With good support and reliability, the return on investment has been worth the effort.
Assistant VP at a financial services firm with 10,001+ employees	4.0	I use Splunk Enterprise Security to support DLP operations, insider threat investigations, and visualizations, finding it effective and scalable, though improved guided navigation and AI integration would make it even more user-friendly for specific roles.

Splunk Enterprise Security Reviews

What is Splunk Enterprise Security?

Featured Splunk Enterprise Security reviews

Splunk Enterprise Security mindshare

PeerResearch reports based on Splunk Enterprise Security reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Splunk Enterprise Security with alternative products

Learn more about Splunk Enterprise Security

Splunk Enterprise Security customers

Related articles

Related questions

Product Categories

Popular Comparisons