We are using it for information assurance, system alerting, and compliance. We are using its latest version.
Read reviews of Quest InTrust alternatives and competitors
Integrates with our VMware environment for infrastructure alerting and monitoring, and ingests logs from many different products in our environment
Pros and Cons
- "The ability to ingest different log types from many different products in our environment is most valuable."
- "The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
What is our primary use case?
How has it helped my organization?
It integrates into our VMware environment and provides infrastructure alerting and monitoring.
What is most valuable?
The ability to ingest different log types from many different products in our environment is most valuable.
It seems to have everything in terms of features. Every time I think of something, I go out to their site, and I can pretty much find it.
What needs improvement?
The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it.
For how long have I used the solution?
I have been using this solution for about five years.
What do I think about the stability of the solution?
It is excellent in terms of performance and reliability.
What do I think about the scalability of the solution?
Its scalability is excellent. Its users are mostly on the backside. I know there are a lot of opportunities to allow developers and engineers to access Splunk for doing different things, but we use it purely for information assurance and system monitoring. So, our engineers and IA professionals are the only ones who access Splunk. We have a couple of them, but it supports thousands of users.
We started with Splunk Light, and now, we're using Splunk Enterprise across most of our projects. It is being used extensively. It is our primary SIEM product. I'm sure its usage will increase, but that's managed at a much higher level. The company has an agreement with Splunk on how our licensing model is established.
How are customer service and support?
Their support is great. I've talked to them many times.
Which solution did I use previously and why did I switch?
We used InTrust. We switched to Splunk because of its flexibility and capability.
How was the initial setup?
Its initial configuration is pretty straightforward. Their repository for information and help is really good, which makes it pretty straightforward. You can just go out to their site and do a search for any question. Usually, someone else would have experienced the same issue.
It took us hours. We obviously expanded it as we were building the environment because we did it from scratch, but it only took hours to get it up and running and configured to do ingestion. We then deployed more forwarders and tweaked it as we went along.
What about the implementation team?
It was implemented in-house. Its maintenance is pretty lightweight, and I take care of it. I have a couple of other team members to help make changes. We have engineers who are available for adding capacity. We have a team of six or seven people to support our Splunk Enterprise.
What's my experience with pricing, setup cost, and licensing?
It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it.
There is just the licensing fee. That's all.
What other advice do I have?
I would advise making sure that you incorporate enough storage and processing in order to properly support the environment.
I would rate it an eight out of 10. It is definitely the best tool I've ever used, but nothing is perfect. They could do a little bit better on data compression and system resource management, but outside of that, it is an excellent product.
Which deployment model are you using for this solution?
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jan 9, 2022Flag as inappropriate