Splunk Enterprise Platform Reviews

Splunk Enterprise Platform is used mainly for monitoring and troubleshooting activities, and we work with SPL to query and filter logs. We identify patterns, and then we investigate issues around different systems.

Splunk Enterprise Platform is used mainly for creating dashboards, monitoring alerts, and understanding system behavior. We have a few use cases about the alerting mechanism. We ingest logs from multiple sources and multiple hosts like AWS, Kafka, and different systems, and we use Splunk Enterprise Platform as a SIEM tool. That is our main use case.

We use Federated Search, which allows us to search data across multiple Splunk Enterprise Platform deployments without moving all the data in a single instance, so it helps us very much to access and analyze distributed data sources from one central search interface.

Splunk Enterprise Platform is highly scalable for us as we are increasing our team horizontally as well as vertically, so it is scalable for us right now.

One thing I dislike is definitely the licensing cost, especially when our ingestion volume increases, so it is a bit costly. The second thing is that SPL query performance can slow down if searches are not optimized properly, so if searches are not optimized, then query performance is slower.

I have been using Splunk Enterprise Platform for approximately 14 to 15 months.

During one upgrade of our server, there was one crash, but it was solved by the Splunk Enterprise Platform team itself. During upgrades, we have found it one or two times; otherwise it is quite stable for us.

Splunk Enterprise Platform is super easy and does not take any maintenance so far; it is quite easy to use.

We have contacted their technical support mainly during an upgrade when we raised a ticket about our system crashing during the upgrade. Our KV store was not coming up, so we contacted them and they briefly told us what the issue was, and after that, we solved that problem.

I would definitely give them an 8 out of 10 because they were always helpful for us whenever we needed them.

We have been directly using Splunk Enterprise Platform.

It was quite easy because we have a dedicated Splunk Enterprise Platform team with us, so it was easy for us. It took less than a week; approximately one week it took us.

One person did the implementation for our entire team.

I would give this solution an overall rating of 9 out of 10.

Splunk Enterprise Platform serves as our SIEM solution from Splunk, which is a market leader. It is a SIEM solution for log management and correlations. We have multiple logs from most of our infrastructure tools and security products. We obtain these rules and logs through many protocols including syslog and API. We then normalize and correlate this data and create incidents based on the activity running on our infrastructure.

I appreciate the API, the protocols, and the workflows as it functions as a SIEM solution. The main function is correlation.

The best features I value about Splunk Enterprise Platform include a great correlation rule that allows me to edit and generate alerts based on any event in an easy and fast way. I can accomplish this in a short period of time, and afterward, I can see incidents based on the correlation rule in a very professional and effective way.

I value the incident management and the correlations.

Splunk Enterprise Platform helps in detecting anomalies and preventing outages. The main core function for any SIEM is to have correlation. For example, if you receive user activity on a VPN logging in from Egypt, then after a while you receive logs from the firewall showing the same user logging in with a VPN from Ukraine, it is not logical that the user would move from Egypt to Ukraine in just five minutes. Splunk Enterprise Platform will create an incident and detect this as a credential compromise because we have a successful login from another location. This is the magic of correlation. We receive many events, we correlate these events, and then we can create an incident. After that, we have Splunk SOAR to take actions in an automation process to stop this incident without any management or any actions from the team.

The end-user experience is enhanced by the security product, as we have a return on investment on lower security incidents. After we implemented it with the SOC and Splunk SOAR, we can stop phishing and spam. The end-user experience will not see many phishing domains; they will be reduced. Security incidents will be reduced. Network performance will be very good after we implement it because we can detect who is scanning our network and creating a bottleneck on the network. We can stop and detect this with Splunk, whether it is SIEM from Splunk or SIEM with SOAR.

I use the machine learning toolkit with Splunk Enterprise Platform. The machine learning is very good on Splunk, but it sometimes makes searching for events become slow, so we have stopped using it. I think this needs improvement on Splunk.

The machine learning has room for improvement.

I think threat management needs improvement when compared to other vendors.

I compare Splunk Enterprise Platform with other solutions and vendors and see a very good point on pricing. We have Splunk at a very high cost, but I can say that other vendors working with mid-size customers can compete against Splunk. However, compared to Splunk, it is very expensive compared to other vendors. I think after the acquisition from Cisco, we can get discounts for licensing, and I believe Cisco will reconsider the pricing for Splunk Enterprise Platform.

I would prefer to see improved pricing for Splunk Enterprise Platform.

My thoughts on the pricing are that it is not cheap.

I have thoughts on the advanced threat detection, and I see that it is integrating with threat intelligence, and I believe this needs improvement.

I have been using this solution for about two years. We have deployed many services from Splunk here in Egypt. Most of it is a SIEM solution from Splunk. We also have SOAR from Splunk, and we are running it on the largest bank here in Egypt. Most of the portfolio from Splunk that I have worked with was over approximately two years.

Regarding scalability, Splunk Enterprise Platform, like any SIEM solution, provides scalability. Whenever we receive more logs, we can easily scale. I rate this aspect as a ten.

I rate the technical support as very good.

Positive

The deployment was not easy, nor was it complex. It requires a professional and certified engineer to deploy the product, as many SIEM solutions do. One cannot easily deploy a SIEM solution. You have to work on correlations and personalize the dashboard. There is a lot of configuration for any SIEM solution, not only Splunk Enterprise Platform.

I would advise others looking to implement this product to totally recommend it. I recommend this both before and after the acquisition. I totally recommend acquiring Splunk Enterprise Platform portfolio, whether it is Splunk SOAR, Splunk Cloud, or Splunk Enterprise Platform. I rate this solution a ten overall.

On-premises

Other

I use Splunk Enterprise Platform and Splunk Cloud for our Splunk solutions. I work with Splunk Enterprise Platform for the Enterprise, not with Enterprise Security.

I use Splunk Enterprise Platform for monitoring systems, analyzing logs, and building dashboards that support our operations, visibility, and business insights. I perform log analysis, create dashboards, and set up alerts using SPL. We query large volumes of logs, identify patterns, and troubleshoot issues.

I definitely use Splunk Enterprise Platform's machine learning toolkit. It helps us with predictive analytics in our organization. I have set alerts for daily ingestion using the Machine Learning toolkit in Splunk Enterprise Platform directly. I use SPL commands such as fit, apply, and score for regression and classification analysis, including yes or no category alerts. I mainly use it for anomaly detection in our company.

It is very efficient for us in assessing the effectiveness of Splunk Enterprise Platform in detecting anomalies and preventing system outages. I also set alerts for daily ingestion. Overall, it is a great tool for security analysis and log monitoring, and it is one of the best tools we have been using.

I have a custom add-on for forwarder management. Instead of having different instances, I made a different app for forwarder management. Anything that happens to that forwarder, I can see using that particular app and add-on SPL. That is how it helps us. I have many different custom add-ons for Splunk Enterprise Platform, and I have directly published them in Splunkbase. Even if our new employees need to see and debug what is the problem in our forwarder, that is how Splunk Enterprise Platform custom add-ons work for us.

I definitely leverage Splunk Enterprise Platform for advanced threat detection. It integrates with our existing security tools by aggregating logs from multiple sources such as servers, applications, and network devices. It makes it easier to correlate events and identify suspicious patterns that would not be visible in isolated systems. I use real-time alerts for suspicious activities. I have also set alerts in our organization for users; if multiple failed login attempts occur, then we get an alert. I monitor security events in real-time through dashboards.

The number one valuable feature is its powerful search capabilities in Splunk Enterprise Platform. Using SPL, we can fire a query and get so much results from that. The number two is its dashboard; we have built dashboards and alerts for different use cases. We use dashboards for visualization, which is also one of the best features. It is integrated with other tools; we have our custom add-ons there. It integrates with other tools as well. Additionally, it handles large volumes of machine data well, as we ingest daily TBs of data in Splunk Enterprise Platform.

In terms of improving data interpretation, it shows only the most relevant information for a specific user or role. Instead of going through large volumes of raw logs, we can directly see key metrics and alerts that matter to us. In our use case, we have set a system health and error rate, which we can directly see on our personalized dashboard. It makes our data more actionable, improves our efficiency, and allows both our technical and non-technical users to interpret insights without deep querying knowledge.

The number one area for improvement is cost; it is not cost-efficient for small organizations. Better cost management should be the first priority. Performance optimization is also important. Large queries or poorly optimized searches can sometimes slow down our results. Better recommendations or automation for query tuning would help us. It would be better if this is added in the near future versions.

I have been using Splunk Enterprise Platform for a year.

It is super stable, which is why we use it. It is one of the best tools.

It is super scalable for us; I would rate it eight out of ten regarding scalability.

It is superb because whenever we raise a support case, they answer us instantly. Customer service is also good.

It was straightforward for the initial setup.

We have Splunk dedicated employees here who have trained in Splunk Enterprise Platform. It was installed directly by our own employees.

We definitely have approximately thirty to forty percent ROI from Splunk Enterprise Platform.

We have directly integrated to Splunk Enterprise Platform because we have become Splunk partners.

This is my first time, so I do not know much about this platform. We have our custom application, and we can directly use that to enhance end-user experience. My piece of advice will be if you are looking for a SIEM tool to monitor and have personalized dashboards, then Splunk Enterprise Platform is definitely for you. If your team has the budget and your company has budget, then you should definitely move to Splunk Enterprise Platform. I would rate this product a nine out of ten overall.

Public Cloud

Amazon Web Services (AWS)

I work in the data and analytics space where I deal with large data sets and system-generated logs. I use Splunk Enterprise Platform for monitoring systems. I analyze logs and create dashboards that help our technical teams.

Splunk Enterprise Platform is very efficient for us. We monitor logs and troubleshoot our issues, then create dashboards for tracking system performance. We bring in logs from different systems like Windows Event logs and AWS logs, so it is highly efficient for us. It is one of the best SIEM tools.

We use the Machine Learning Toolkit.

I love its search capabilities. It has a very strong search functionality using SPL. The dashboards are very flexible and easy to customize. One of the best features is how it can handle large-scale machine data efficiently.

The cost is definitely an area for improvement. The cost increases significantly as data volume grows. We ingest terabytes of data, so I can say Splunk Enterprise Platform is somewhat costly. Poorly written queries can impact our performance, so there should be suggestions provided to write queries in SPL.

As Splunk partners, as our data volume grows, our cost also increases significantly. From a pricing perspective, Splunk Enterprise Platform is somewhat costly for us.

I have been working with this solution for the past one year.

We have experienced no stability issues. It is highly stable and scalable for us. We are increasing our team vertically and horizontally dedicated to Splunk Enterprise Platform.

We have experienced no scalability issues. It is highly stable and scalable for us. We are increasing our team vertically and horizontally dedicated to Splunk Enterprise Platform.

During an upgrade we were having some issues, but after some time, they resolved our issue and we were satisfied with that.

I would rate their customer service nine out of ten because our issues were solved quickly after two to three hours.

We directly became Splunk partners. When I joined this firm, I directly used Splunk Enterprise Platform.

We had training sessions for the onboarding process. Since I come from an observability and SIEM background, it was quite easy for me to integrate Splunk Enterprise Platform.

We had training sessions for the onboarding process. Since I come from an observability and SIEM background, it was quite easy for me to integrate Splunk Enterprise Platform.

The cost is a concern. The cost increases significantly as data volume grows. We ingest terabytes of data, so I can say Splunk Enterprise Platform is somewhat costly.

We have an add-on of the Universal Forwarder that helps us check whether our forwarder server is down or not. We have our custom add-ons that are definitely helping us and easing our work.

We use alerts about licensing every day. We have set an alert that triggers if our daily license exceeds 500 GB. We came to know that our licensing limit has been reached, so we had to remove unnecessary data. That's how we use that feature.

We have just integrated Splunk Enterprise Platform with Amazon Web Services. It integrates well without any issue.

It helps with suggestions about regression and has pre-built functions and algorithms to build with. I would rate my overall experience with this solution nine out of ten.

I focus on threat detection against stock trading systems. I am in charge of five to seven stock trading companies' B2C systems for detecting threat attacks. Our customers include several stock trading companies, banks and and large mobile careers in Japan.

We built a threat detection system for our client company, one of the biggest security company in Japan, using Splunk Enterprise Platform. We started a new business on this platform to provide threat detection systems to stock trading system companies and banks, expanding our customer base.

One valuable feature of Splunk Enterprise Platform is citizen programming, which allows users to manage and compute huge stream-based datasets easily using SPL language. The second feature is its ability to perform matrix-like stream calculations concurrently, improving upon traditional SIEM tools. Finally, Splunk's Machine Learning Toolkit is offered without charge, allowing users to incorporate machine learning in their business logic, aiding in procedures like threat hunting.

Splunk could improve by enhancing its graphical view functionality. Compared to other BI tools, Splunk's graphic features are limited; part of customers desire detailed, rich visual effects, like world maps showing threat attacks as animations. Additionally, the deep learning capabilities need enhancing, especially on Splunk Cloud, where customers find it challenging to use deep learning tools without setting up backend computing resources.

I have over 14 years of experience with Splunk Enterprise Platform, beginning my first evaluation in 2011.

I would rate the stability of Splunk Enterprise Platform as a seven. While it requires managing configuration files and processing scale-out operations manually, limiting its auto-scaling capabilities, it still performs adequately.

I rate the scalability of Splunk Enterprise Platform as an eight. Some products can automatically scale, but Splunk Enterprise requires manual configuration changes to achieve scale, which is slightly outdated compared to modern technologies.

I rate Splunk Japan's customer service as an eight. Although I generally provide support myself and do not often rely on Splunk support, this rating reflects general consultant feedback.

Positive

I previously used Elastic Search and Kibana, but switched to Splunk for ease of use and to define business entities such as branches, channels, and stock accounts.

Standalone Installation was very easy. Designing and capacity planning for a distributed cluster environment was not easy.

I am a Splunk consultant and implement customer solutions myself.

I rate the pricing of Splunk as nine out of ten. The pricing model is based on ingesting data sizes, not user count, and includes a free tier for up to 500 MB of daily data, differentiating it from user-based pricing BI-tools.

I evaluated ArcSight and Manage Engine and made our selection.

# After using Splunk for several years, I conducted further evaluations, but our selection remained unchanged.

# Datadog was ideal for bug traceback during APM operations.

# Exabeam was ideal for use case-centric threat detection.

Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability.

 Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.

Hybrid Cloud

Amazon Web Services (AWS)

I normally use Splunk Enterprise Platform for review purposes. It is very easy and convenient. Its GUI is easy for me to review and approve all those things.

Splunk Enterprise Platform is very easy and convenient to use. The graphical user interface is easy for me to review and approve tasks. It saves time by allowing me to perform actions on a single platform instead of managing them separately. Additionally, its real-time processing capability is very good.

The only problem I have with Splunk Enterprise Platform is that sometimes when I update a review, it takes time to receive confirmation emails. This happens very rarely, maybe once or twice a month. I feel this can be improved in terms of performance.

I have been using Splunk Enterprise Platform for three years.

Splunk Enterprise Platform is very stable.

Splunk Enterprise Platform is scalable to some extent, which is acceptable. However, when I connect via VPN, it may take time to launch.

I haven't got any support yet, so I can't comment on this as of now.

Splunk Enterprise Platform saves approximately 20 to 30 percent of my time without having to perform different actions separately.

My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.

On-premises

We are working with AppDynamics, Splunk Enterprise Platform, and other Splunk products. However, the main use case here is with Splunk Enterprise Platform.

Splunk Enterprise Platform is a good tool to have, but it is expensive. The features that have proven most effective for real-time data analysis include parts of the platform and its automation capabilities. However, I want them to enhance their automation to cover every aspect, particularly the automation of roles creation.

While Splunk Enterprise Platform is a good product, it is expensive. Additionally, it is complex for inexperienced cybersecurity engineers and requires experienced personnel to handle it effectively.

We have been providing Splunk Enterprise Platform for ten months.

Splunk's technical support is at the same level for all products, although we have not opened many tickets.

Neutral

Splunk Enterprise Platform is expensive.

The main competitor of Splunk in our region is Exabeam, which is less expensive. For small and medium companies, Fortinet is a competitor. Stellar Cyber has also recently entered the market.

For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.

The main use case is to analyze the data log coming from other systems. We use Splunk to identify anomalies in transaction patterns, which may indicate irregular activity from certain customers. Our goal is to create alerts for stakeholders when such anomalies are detected.

Splunk has made our job easier by streamlining data searching and decision-making processes. By using it for fraud detection, we have potentially saved billions of Indonesian rupiah.

Splunk is very flexible in handling various formats of data as long as basic rules are adhered to. Its integration with other systems is seamless and can be done overnight. This ease of integration is its best advantage. Additionally, Splunk is adequate for real-time data processing.

The Splunk Processing Language (SPL) poses a steep learning curve for new users. The software could benefit from additional processing power, such as GPU support, for handling large volumes of data faster. The language could also be more user-friendly, similar to platforms where actions are easier through button clicks.

I have used the solution for approximately three years.

I rarely encounter bugs or glitches during daily use. However, there was one instance where an issue required solutions from the headquarter's next upgrade session.

Splunk is scalable, provided the supporting infrastructure, such as CPU and GPU processing, is also scalable.

I rarely communicate with the Splunk headquarters, usually interacting with the local implementer.

Positive

We are not using anything else that functions like Splunk. However, for fraud detection, we also use GVD Instinct and FICO, along with Elasticsearch.

I have not been involved in implementing it, except in integration, where I've found it easy.

We have been saving significant amounts through fraud detection. I cannot say precisely how much. Overall, Splunk has simplified our data management and decision-making processes.

The official license operates like a subscription with an annual fee. Our local implementer offers pricing based on reserved quota, such as 80 gigabytes per day, costing under one billion Indonesian rupiah, or around $70,000 USD. It is affordable and flexible.

Elasticsearch, Kibana, Check Point, and other solutions like Microsoft Teams, OneDrive, and SharePoint are used.

Keep my identity anonymous; publishing my title is sufficient. It's important to master the SPL for efficient use. Seek solutions that better support GPU for real-time processing.

I'd rate the solution eight out of ten.

Other

The use cases for Splunk Enterprise Platform vary depending on the specific scenario.

Splunk Enterprise Platform has different purposes, including data visualization and other applications.

In Splunk Enterprise Platform, the most impactful features for data analytics allow you to get into the repository.

There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.

Splunk Enterprise enhances data analytics with its AI capabilities.

For future updates of Splunk Enterprise Platform, I would like to see integration by GUI.

The integration should be improved with the UI.

I have been using Splunk Enterprise Platform for about two years.

There are no significant challenges in deploying Splunk Enterprise Platform.

The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.

The time it takes to deploy Splunk Enterprise Platform depends on the use cases.

It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.

The same three people take part in the deployment of Splunk Enterprise Platform.

I do not take part in the deployment; my team does.

My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding.

Regarding maintenance, it does not require much as it is on-premises.

Overall, I would rate Splunk Enterprise Platform an eight.

On-premises

Other

We use the tool to monitor logs from various sources. Multiple users send their logs to the Splunk Enterprise Platform using different methods, including Universal Forwarder and AWS services like S3. Additionally, we utilize tools like AWS Genesys for log transmission.

The product helps monitor and visualize data. It allows you to handle various tasks. You can store, visualize, and analyze data with the Splunk Enterprise Platform. It offers features like virtual folders and heavy folders for filtering data. Additionally, you can create dashboards to showcase data to different teams and stakeholders. The tool also enables the creation of analytics and alerts and sends reports, making it a valuable tool for our system.

The dashboard and visualization features are good for data analysis. With features like the Studio dashboard introduced in versions 8 to 9, users find it much easier to create dashboards without knowledge of languages like XML.

Based on my experience, I've noticed areas for improvement, particularly in support. Developers typically interact with support personnel who may lack technical expertise when raising support tickets. This can result in delays as initial interactions involve sharing documents before escalation to higher support levels.

I have been using the product for four years. 

I rate the tool's stability an eight out of ten. 

The tool's scalability is good, and it is based on licensing. My company has more than 10,000 users. 

I used Dynatrace before the Splunk Enterprise Platform. 

The tool's deployment can be complex for the first time. It can become more manageable after that. 

If you exceed your licensed limit, the product will issue a warning, typically a five-license warning. Additionally, they send daily email notifications informing you about the breach. This prompts you to consider options such as minimizing logs or acquiring additional licensing to address the issue.

It can be perceived as expensive, especially for organizations dealing with large volumes of data, such as in the banking sector, where numerous logs are generated every second. While other tools are available at lower costs, some teams may consider open-source or lower-cost alternatives, especially if they have funding constraints.

Regarding security and event management, the tool is handled by a different team. They utilize security enterprise tools, including SIEM, to manage security. Splunk Enterprise Platform's real-time processing capability significantly enhances our data monitoring. I would rate it an eight out of ten.

Hybrid Cloud