Splunk Enterprise Platform Reviews

We use the monitoring solution. People might ask me to create a new request, maybe for a specific Windows event log, which is how we create a ticket for an incident. Most of the time, this creates a new alert for people. It can be a little complex. We can also create dashboards with some information for other teams. Dashboard alerting is a big part of the work.

Though we use Splunk for monitoring, for me, it is more software that collects lots of data and can then be used for alerting.

We use a custom environment.

The best thing about Splunk is you can collect all the data you want, and you can play with the data and do what you want. You can modify the data and collect all the information into one dashboard. It's very cool. In other monitoring software like Zabbix, you can't easily do something like this. With Splunk, it's very easy. You need to understand Splunk's language, but you can do what you want after that. You can correlate your data with CSV files. Splunk can monitor, extract, transform, and load software.

Splunk is not an out-of-the-box solution like Micro Focus or Zabbix. You have to create your request to collect the data and add crucial components to the software. You have add-ons created by Splunk or the community but don't have out-of-the-box monitoring items in the software. For example, FETCH CUP with Micro Focus is agentless monitoring, has a lot of out-of-box items, and is easy to use. You will find it difficult to use Splunk initially, which could use improvement. However, I know there is another module from Splunk that focuses on fast and secure monitoring with more out-of-box add-ons, but I haven't used it since when I started using it, it lacked out-of-box items. All the same, Splunk could be more user-friendly for new users.

I've worked with the solution for about two years.

I rate Splunk's stability a nine out of ten because it's very stable. I don't face issues with projects.

You can scale Splunk. It works with an indexer which indexes search data. If you want more power, you can add more indexers, so I rank Splunk's scalability an eight out of ten.

With all the documentation available, the initial setup is not difficult. If all you want is a stand-alone app in Splunk to handle all the processes, you just need to create a project in the data server, which is easy.

You must buy a license with the on-prem version, usually through an intermediary. In France, it's Accenture. There are cloud solutions where Splunk handles the servers and patching directly, and you just use the solution.

The solution is expensive, so I rate its pricing a four out of ten. Though the solution is expensive, it depends on which company purchases the product.

Though I haven't used it, Grafana is also a CM that can collect data.

I didn't create the custom environment we use at my organization. Still, it doesn't seem too difficult to build things because there is a lot of online documentation and videos. You can also get training with Splunk. You have a lot of data to help you when you want to create a new environment.

I rate Splunk Enterprise Platform an eight out of ten. The solution is very powerful, and I like to play with data to do what I want.

Hybrid Cloud

I normally use Splunk Enterprise Platform for review purposes. It is very easy and convenient. Its GUI is easy for me to review and approve all those things.

Splunk Enterprise Platform is very easy and convenient to use. The graphical user interface is easy for me to review and approve tasks. It saves time by allowing me to perform actions on a single platform instead of managing them separately. Additionally, its real-time processing capability is very good.

The only problem I have with Splunk Enterprise Platform is that sometimes when I update a review, it takes time to receive confirmation emails. This happens very rarely, maybe once or twice a month. I feel this can be improved in terms of performance.

I have been using Splunk Enterprise Platform for three years.

Splunk Enterprise Platform is very stable.

Splunk Enterprise Platform is scalable to some extent, which is acceptable. However, when I connect via VPN, it may take time to launch.

I haven't got any support yet, so I can't comment on this as of now.

Splunk Enterprise Platform saves approximately 20 to 30 percent of my time without having to perform different actions separately.

My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.

On-premises

We used the product for cloud-based monitoring or systems monitoring. 

The key difference I noticed for my use case, which involved understanding user behaviors and responses to digital elements, was that I could obtain more detailed reporting than what was possible with Amplitude. I could download a file with very specific information, which was helpful.

I did not use it for real-time monitoring. My focus was on investigating incident reports to understand the extent of user impact. Primarily, I utilized the Splunk Enterprise Platform to analyze user behavior.

I found the incident notification to be very helpful. While Splunk Enterprise Platform provided detailed data, it didn't seem to check as many boxes for user behavior as Amplitude did. At the same time, I'm not sure if Amplitude offers features for monitoring or incident coverage.

Its ability to access granular details in Excel was beneficial. It's always helpful to transition from visualizations to detailed user reports. 

The tool lacked in providing a shareable format. I had to use pivot tables and manually parse and edit the data to create a visualization-friendly format. It was helpful when we had an issue. What would make it stronger is if it were more proactive. For example, if it highlighted major incidents and their impact on users without digging through notifications, that would be better. Typically, the first question we get is, "Oh, we had an incident. How bad was it? How many customers were impacted?" So having that information pop up from the notification would be helpful.

Splunk Enterprise Platform is stable. 

I saw no issues or reasons to think that the product wouldn't scale over time. Our data is growing. 

I haven't contacted the tool's support. 

I rate the overall product a seven out of ten.

I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.

We are working with AppDynamics, Splunk Enterprise Platform, and other Splunk products. However, the main use case here is with Splunk Enterprise Platform.

Splunk Enterprise Platform is a good tool to have, but it is expensive. The features that have proven most effective for real-time data analysis include parts of the platform and its automation capabilities. However, I want them to enhance their automation to cover every aspect, particularly the automation of roles creation.

While Splunk Enterprise Platform is a good product, it is expensive. Additionally, it is complex for inexperienced cybersecurity engineers and requires experienced personnel to handle it effectively.

We have been providing Splunk Enterprise Platform for ten months.

Splunk's technical support is at the same level for all products, although we have not opened many tickets.

Neutral

Splunk Enterprise Platform is expensive.

The main competitor of Splunk in our region is Exabeam, which is less expensive. For small and medium companies, Fortinet is a competitor. Stellar Cyber has also recently entered the market.

For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.

We use the solution mainly for security operations. We receive logs from different log sources.

The product is very easy to use. We just have to run the agent and collect the log. We don't have many delays or problems. We faced an issue once or twice when there was a network issue and when the system was rebooted. The percentage of issues is very low compared to the overall deployment. It is 0.001%.

The solution supports our organization's security and compliance monitoring very much. We rely on the platform to detect abnormalities and to perform searches. If someone brings a compliance issue, we request logs from the platform to determine whether it happened. We use the tool’s search feature and Intel's machine learning platform to conduct our analysis.

We don't face any issues in real-time monitoring. There is no latency. We have options to create our own dashboards. The GUI is very simple. It's a simple platform. It is very easy to use.

The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches.

It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management.

We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.

I have been using the solution for two years. I am using the latest version of the solution.

The tool is stable enough. In my demo environment, I used my own physical machines to run it. I was able to ingest as many log sources as I wanted within the data limit, and it did not have any issues. The search is very responsive when compared to the other platforms. There was no lag.

Splunk has been supporting free text searches for two years. We can query anything out of the box without specifying any indexes. We can perform free-text queries. Usually, it takes very little time to produce the results if the data set is too small. If the data set is too large, the product suggests we finetune our search, and it provides us with hints on which indexes to specify. It has three different options: Fast mode, Push mode, and Smart mode. We can switch the modes to get results quicker. Later, we can change the mode back to do a deeper analysis.

Scalability is not an issue for SMBs and moderately big companies. When we went beyond certain limits, like 700 Gbps or 800 Gbps, we faced some issues with the engine. So, we split up the platform and diverted some of the logs into different indexes. It solved the problem. Up to 500 Gbps per day is okay. When we go beyond that, a single instance cannot handle it. We need to split it up.

This issue was only with the on-premise version. We do not face such issues in the cloud. When customers wanted to renew their subscriptions, we suggested they move to the cloud. On-premise, we have to manage our indexes and searches, but in the cloud, it's done by the vendor. It's a plug-and-play process. Splunk automatically takes care of parsing. We have more than 30 customers.

The technical support is very good. The team supported us even during the Christmas holidays. The support engineer walked us through every step. The team is always reachable. We never had issues while contacting them.

I built some demo environments for my practice since Splunk was new to me two years ago. I used the free license. It was a pretty straightforward setup. I did not find any difficulties in setting up my lab environment. The deployment can be done within 15 minutes.

The return on investment is very good. It's very easy to use. Many of our customers decided to continue using Splunk because they have invested much in the training modules, the analysts are familiar with the tool, and it's very easy to search. Open-text queries are the best in Splunk. It is easy for our customers to perform the search. It's very lightweight compared to other solutions.

Our customers pay for the licenses. It’s bundled together in a yearly subscription.

There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.

We use Splunk for onboarding updates, dashboards, application monitoring, and insights.

We are using it for event management. We don't have that much exposure on the security side.

It is very easy to use logs and create dashboards. You can define extractions for specific exceptions. Splunk can extract historical data and process upcoming data in real-time. You can easily modify, update, or edit extraction rules as needed. Additionally, you can create custom knowledge objects at any time. The platform allows you to restrict user access based on permissions. Even regular users can create reports and dashboards for their workflows.

Splunk Enterprise Platform needs some improvement. For instance, the dashboard sizing and customization options could be enhanced. There seems to be a limitation in adjusting the size of individual panels within a dashboard. This can be frustrating when comparing data across different panels, as users are forced to scroll continuously. Additionally, while Splunk offers some new features like student dashboards, modifying these dashboards requires a level of JavaScript expertise that not all users possess. Providing more user-friendly options for customization, such as adjusting colors and fonts directly from the user interface, could greatly improve the user experience.

Moreover, for users transitioning from other monitoring tools like Dynatrace, the interface may feel less intuitive and more cumbersome. Offering more intuitive visualization options and simplifying the customization process could bridge this gap and make Splunk more accessible to a wider range of users.

I have been using Splunk Enterprise Platform for seven years. We are using V9.0.4.1 of the solution.

The product is stable. I rate the solution’s stability a nine out of ten.

I've encountered numerous issues and challenges, but I've managed to overcome them. I rely on the Splunk community to find solutions whenever I face difficulties. I want to fully engage with the platform and be active in its development, but sometimes, I struggle to find the right resources or support.

The initial setup is easy.

Splunk Enterprise Platform can seem a bit costly compared to their five-year plans. There's a need to provide options, such as offering a free license for up to ten GB of data or a limited-time test and development license at no cost. For instance, if a company purchases a one-year product license, it could receive additional test and development licenses for free, up to a certain data limit. While there would naturally be some restrictions, such as limitations on certain features or functionalities, offering these options could encourage more people to adopt Splunk for their needs. Many individuals and stakeholders hesitate due to Splunk's perceived high costs when considering the additional expenses for enterprise support, operational support, and device licenses. Introducing more flexible licensing options could alleviate these concerns and attract more users to the platform, benefiting both Splunk and its customers.

Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end.

Overall, I rate the solution a nine out of ten.

The main use case is to analyze the data log coming from other systems. We use Splunk to identify anomalies in transaction patterns, which may indicate irregular activity from certain customers. Our goal is to create alerts for stakeholders when such anomalies are detected.

Splunk has made our job easier by streamlining data searching and decision-making processes. By using it for fraud detection, we have potentially saved billions of Indonesian rupiah.

Splunk is very flexible in handling various formats of data as long as basic rules are adhered to. Its integration with other systems is seamless and can be done overnight. This ease of integration is its best advantage. Additionally, Splunk is adequate for real-time data processing.

The Splunk Processing Language (SPL) poses a steep learning curve for new users. The software could benefit from additional processing power, such as GPU support, for handling large volumes of data faster. The language could also be more user-friendly, similar to platforms where actions are easier through button clicks.

I have used the solution for approximately three years.

I rarely encounter bugs or glitches during daily use. However, there was one instance where an issue required solutions from the headquarter's next upgrade session.

Splunk is scalable, provided the supporting infrastructure, such as CPU and GPU processing, is also scalable.

I rarely communicate with the Splunk headquarters, usually interacting with the local implementer.

Positive

We are not using anything else that functions like Splunk. However, for fraud detection, we also use GVD Instinct and FICO, along with Elasticsearch.

I have not been involved in implementing it, except in integration, where I've found it easy.

We have been saving significant amounts through fraud detection. I cannot say precisely how much. Overall, Splunk has simplified our data management and decision-making processes.

The official license operates like a subscription with an annual fee. Our local implementer offers pricing based on reserved quota, such as 80 gigabytes per day, costing under one billion Indonesian rupiah, or around $70,000 USD. It is affordable and flexible.

Elasticsearch, Kibana, Check Point, and other solutions like Microsoft Teams, OneDrive, and SharePoint are used.

Keep my identity anonymous; publishing my title is sufficient. It's important to master the SPL for efficient use. Seek solutions that better support GPU for real-time processing.

I'd rate the solution eight out of ten.

Other

We use the solution to manage a large volume of data from our servers for the project I'm currently working on. Since we don't need all the data, we filter out and extract the specific information required for our applications. Depending on our needs, we use it to filter, investigate, and analyze log data for any errors or requirements.

The most valuable feature I've found in the Splunk Enterprise Platform is its log readability and filtering capabilities. The filters on the left side are particularly useful, allowing me to quickly narrow down the data to what's relevant for any application or server service. The interesting fields feature helps me get the values I need most of the time.

Additionally, the dashboard and report creation aspects are excellent, especially for automation. Integrating Splunk Enterprise Platform with Power Automate and other automation tools allows me to create precise reports that keep my team updated. The tool is not difficult for a beginner to learn. 

Splunk Enterprise Platform could improve in the area of basic log readability. When performing basic searches without advanced filters, the logs often contain timestamps and various unknown codes or other elements that can be confusing. Removing or simplifying these parts would make it easier for users who are not developers or do not have a development background to understand and find relevant information easily. 

If I could add a feature to the Splunk Enterprise Platform to make my life easier, I'd like to add an internal automation tool. We can use third-party automation tools like Power Automate, but it would be better if Splunk Enterprise Platform had its built-in tool.

This tool could automate reports and make sending emails with Excel attachments or other formats to specific people easier. We're currently using third-party tools for this, but having it as a first-party feature would be better.

I have been using the product for more than two years. 

I haven't found any bugs while working with the application. 

My company has more than 100 product users. 

I haven't contacted the support team yet. I get information from my seniors and leads. 

Before using the Splunk Enterprise Platform, basic knowledge of log analytics tools like Logstash is beneficial. While it does not require specific prerequisites, having some background knowledge will help. Remember that Splunk is a paid service, unlike other log analytics tools like ELK Stack, which may offer free versions.

I rate the overall solution a nine out of ten. 

Hybrid Cloud