Splunk Enterprise Platform Reviews

We use the solution to manage a large volume of data from our servers for the project I'm currently working on. Since we don't need all the data, we filter out and extract the specific information required for our applications. Depending on our needs, we use it to filter, investigate, and analyze log data for any errors or requirements.

The most valuable feature I've found in the Splunk Enterprise Platform is its log readability and filtering capabilities. The filters on the left side are particularly useful, allowing me to quickly narrow down the data to what's relevant for any application or server service. The interesting fields feature helps me get the values I need most of the time.

Additionally, the dashboard and report creation aspects are excellent, especially for automation. Integrating Splunk Enterprise Platform with Power Automate and other automation tools allows me to create precise reports that keep my team updated. The tool is not difficult for a beginner to learn. 

Splunk Enterprise Platform could improve in the area of basic log readability. When performing basic searches without advanced filters, the logs often contain timestamps and various unknown codes or other elements that can be confusing. Removing or simplifying these parts would make it easier for users who are not developers or do not have a development background to understand and find relevant information easily. 

If I could add a feature to the Splunk Enterprise Platform to make my life easier, I'd like to add an internal automation tool. We can use third-party automation tools like Power Automate, but it would be better if Splunk Enterprise Platform had its built-in tool.

This tool could automate reports and make sending emails with Excel attachments or other formats to specific people easier. We're currently using third-party tools for this, but having it as a first-party feature would be better.

I have been using the product for more than two years. 

I haven't found any bugs while working with the application. 

My company has more than 100 product users. 

I haven't contacted the support team yet. I get information from my seniors and leads. 

Before using the Splunk Enterprise Platform, basic knowledge of log analytics tools like Logstash is beneficial. While it does not require specific prerequisites, having some background knowledge will help. Remember that Splunk is a paid service, unlike other log analytics tools like ELK Stack, which may offer free versions.

I rate the overall solution a nine out of ten. 

We have around 38 virtual machines, including the desktop. We have filled our gap network. Splunk Enterprise monitors all network layer traffic, starting with Cisco traffic port violations. We are monitoring Windows logs, CPU, RAM, and disk utilization in Windows.

Splunk Enterprise is a wireless enterprise application that can be customized based on training. We can add new machines, Spring Forwarders, and whatever else we need to complete the job.

We have an enterprise system that we can only use up to 70% capacity. We have no Internet access. To ensure our system runs optimally, we must configure specific rules, such as RAM, CPU, and space utilization alerts. Also, it is tough for us to reach out to Splunk. We have another software called Nessus, which can be used for vulnerability scans to improve and expand our vulnerability management capabilities. We can add a vulnerability management tool and back network traffic monitoring. This would allow us to add everything into a single platform since we currently use multiple applications for eight solutions.

I have been using Splunk Enterprise Platform since 2020. We are using the latest version of the solution.

The product is stable.

We have 43 users using this platform.

The initial setup is easy. We manage the installation of Splunk Enterprise Platform. On the first installation day, there are extensive procedures from Splunk and Honeywell. They are explaining how to install the software using Honeywell automation. They have provided a lot of documentation, but it is incomplete. It takes them two days to complete the installation, and then they train us for another week.

We are using 11GB per day. Since I did all the analysis to determine how much we are consuming, we are currently utilizing around 5GB out of 11 GB. Therefore, we can reduce our usage from 11GB/day to 5GB/day. We reached out to Splunk, and they confirmed that this is possible. They also mentioned that there are commercial benefits to signing a longer-term contract. We are currently working on reducing our usage from 11GB/day to 5GB/day.

We have annual automation for our automated building and availability building. The maintenance is easy. We will do a vulnerability scan. Then, we need to ask someone from the Splunk team to confirm that upgrading to this version of Windows or applying monthly or weekly patches will not impact the Splunk application. It's not easy or feasible to reach out to Splunk directly. Splunk is an enterprise software platform that monitors storage, CPU, RAM, Windows logs, and Cisco network logs on large machine setups. I suggest Splunk to anyone with these needs. Overall, I rate the solution an eight out of ten.

We use the monitoring solution. People might ask me to create a new request, maybe for a specific Windows event log, which is how we create a ticket for an incident. Most of the time, this creates a new alert for people. It can be a little complex. We can also create dashboards with some information for other teams. Dashboard alerting is a big part of the work.

Though we use Splunk for monitoring, for me, it is more software that collects lots of data and can then be used for alerting.

We use a custom environment.

The best thing about Splunk is you can collect all the data you want, and you can play with the data and do what you want. You can modify the data and collect all the information into one dashboard. It's very cool. In other monitoring software like Zabbix, you can't easily do something like this. With Splunk, it's very easy. You need to understand Splunk's language, but you can do what you want after that. You can correlate your data with CSV files. Splunk can monitor, extract, transform, and load software.

Splunk is not an out-of-the-box solution like Micro Focus or Zabbix. You have to create your request to collect the data and add crucial components to the software. You have add-ons created by Splunk or the community but don't have out-of-the-box monitoring items in the software. For example, FETCH CUP with Micro Focus is agentless monitoring, has a lot of out-of-box items, and is easy to use. You will find it difficult to use Splunk initially, which could use improvement. However, I know there is another module from Splunk that focuses on fast and secure monitoring with more out-of-box add-ons, but I haven't used it since when I started using it, it lacked out-of-box items. All the same, Splunk could be more user-friendly for new users.

I've worked with the solution for about two years.

I rate Splunk's stability a nine out of ten because it's very stable. I don't face issues with projects.

You can scale Splunk. It works with an indexer which indexes search data. If you want more power, you can add more indexers, so I rank Splunk's scalability an eight out of ten.

With all the documentation available, the initial setup is not difficult. If all you want is a stand-alone app in Splunk to handle all the processes, you just need to create a project in the data server, which is easy.

You must buy a license with the on-prem version, usually through an intermediary. In France, it's Accenture. There are cloud solutions where Splunk handles the servers and patching directly, and you just use the solution.

The solution is expensive, so I rate its pricing a four out of ten. Though the solution is expensive, it depends on which company purchases the product.

Though I haven't used it, Grafana is also a CM that can collect data.

I didn't create the custom environment we use at my organization. Still, it doesn't seem too difficult to build things because there is a lot of online documentation and videos. You can also get training with Splunk. You have a lot of data to help you when you want to create a new environment.

I rate Splunk Enterprise Platform an eight out of ten. The solution is very powerful, and I like to play with data to do what I want.

We use Splunk to create dashboards and do analysis.

Splunk can be used primarily to port log files, allowing for easy and quick management of large amounts of logs. However, this can also be a drawback due to the configuration, parsing, and dashboard creation limitations. Communication is stream-based, which means you need to do a lot of pre-emptive setup to get a nice export. Another issue with Splunk is its streamlined nature; it reruns the query whenever you refresh a dashboard. This becomes problematic if you have a large volume of log files, as it can be slow, resource-intensive, and require significant storage space.

It is designed to process and analyze log files. You feed log files into the platform, automatically extracting different fields. This allows you to filter and manipulate the data in a stream-based manner. Essentially, you pass a log file through various filters sequentially, enhancing or reducing its size by adding or removing information. However, this stream-based approach can make it challenging to create detailed dashboards easily. The platform primarily focuses on log files and is unsuitable for real-time data analysis.

I have been using Splunk Enterprise Platform for one or two years.

The product is stable.

I rate the solution’s stability a six out of ten.

It can be very slow if you have a lot of data, and scaling it up for better performance can be quite expensive.

A thousand users use this solution. We have many systems and a lot of data.
It is centrally deployed and used extensively across various systems. I use it daily, but sometimes I only use it once a month. It depends on the data I need or the issue I'm investigating.

I rate the solution’s scalability a four out of ten.

The initial setup is straightforward.

I wouldn't recommend Splunk Enterprise Platform because it's slow and has significant limitations.

Overall, I rate the solution a six out of ten.

I use the Enterprise platform mainly to monitor infrastructure, applications, and some security logs.

The most valuable feature of Splunk for data analysis is its ability to search using SPL and SQL. With SPL commands, you can analyze both structured and unstructured data and build visualizations, dashboards, and reports. Additionally, Splunk offers alerting mechanisms for proactive monitoring.

There is room for improvement in introducing more AI capabilities onto Splunk Enterprise Platform. While they might exist in other platforms like ITSI, enhancing the Enterprise Platform with AI features would benefit many users who predominantly use it.

I have been using Splunk Enterprise Platform for almost three years.

I would rate the stability of Splunk at around a seven out of ten. While it is generally good, in complex environments, issues may arise due to the increased number of components and dependencies. However, overall, the stability is good.

I would rate Splunk's scalability as a nine out of ten. It is the best log analysis application currently available. Scalability has allowed us to handle increasing volumes of data, enabling us to onboard additional customers and share infrastructure monitoring on the same setup. We have approximately 20 people using Splunk Enterprise Platform in our company.

The technical support team could improve by providing more direct assistance rather than primarily relying on community resources for issue resolution. While they do understand the issues, they often refer to existing communities for solutions instead of directly addressing system-specific concerns. Overall, I would rate the support as a six out of ten.

Neutral

The initial setup of Splunk Enterprise is relatively complex compared to other monitoring applications in the market. There is a need to focus on simplifying key components and reducing dependencies for a smoother setup process. For a large environment, the deployment of Splunk Enterprise typically takes around three months to set up completely.

Splunk Enterprise Platform is a bit expensive.

I use the Platform to monitor my IT infrastructure. There are apps for Linux and Windows servers that capture performance metrics like CPU and memory usage. These metrics are collected and sent to the blank index through forwarders.

Splunk helps with security information and event management by detecting and monitoring network equipment and firewalls. It saves searches for specific terms, like threats, in firewall logs. When a match is found, it alerts about potential security breaches, helping to detect and address them.

The real-time processing capability in Splunk enhances data monitoring by centrally collecting all data. This allows for easy searching and scheduling of searches, reducing the need for manual intervention.

The dashboard and visualization features in Splunk impact data analysis by providing a clear status of data analysis. Users can create customized views for management, helping them understand what is happening within the infrastructure more effectively.

I would recommend Splunk to others, especially from the CIM perspective. Its data analysis and visualization capabilities are unmatched, making it an excellent choice for SIM.

Overall, I would rate Splunk Enterprise Platform as a nine out of ten.

We use the Splunk Enterprise Platform for logging and monitoring purposes. If users log into different databases and do something, we onboard database logs and other AWS logs to Splunk. Then, we create a dashboard alert report, and based on those dashboard alerts, we monitor users' actions. If they perform suspicious activities, we also send alerts. We use the solution to create dashboard alerts, reports, and some query language.

The most valuable features of the solution are the load balancing technique, the forwarding technique, and SSL certification.

Sometimes, queries don't give proper results, and the indexes go down.

I have been using Splunk Enterprise Platform for seven years.

I rate the solution an eight out of ten for stability.

I rate the solution’s scalability a nine out of ten.

The solution’s technical support is good.

The solution’s initial setup is easy.

I have heard from my managers that Splunk Enterprise Platform is an expensive solution.

The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard.

Overall, I rate the solution an eight out of ten.

We use the solution mainly for security operations. We receive logs from different log sources.

The product is very easy to use. We just have to run the agent and collect the log. We don't have many delays or problems. We faced an issue once or twice when there was a network issue and when the system was rebooted. The percentage of issues is very low compared to the overall deployment. It is 0.001%.

The solution supports our organization's security and compliance monitoring very much. We rely on the platform to detect abnormalities and to perform searches. If someone brings a compliance issue, we request logs from the platform to determine whether it happened. We use the tool’s search feature and Intel's machine learning platform to conduct our analysis.

We don't face any issues in real-time monitoring. There is no latency. We have options to create our own dashboards. The GUI is very simple. It's a simple platform. It is very easy to use.

The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches.

It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management.

We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.

I have been using the solution for two years. I am using the latest version of the solution.

The tool is stable enough. In my demo environment, I used my own physical machines to run it. I was able to ingest as many log sources as I wanted within the data limit, and it did not have any issues. The search is very responsive when compared to the other platforms. There was no lag.

Splunk has been supporting free text searches for two years. We can query anything out of the box without specifying any indexes. We can perform free-text queries. Usually, it takes very little time to produce the results if the data set is too small. If the data set is too large, the product suggests we finetune our search, and it provides us with hints on which indexes to specify. It has three different options: Fast mode, Push mode, and Smart mode. We can switch the modes to get results quicker. Later, we can change the mode back to do a deeper analysis.

Scalability is not an issue for SMBs and moderately big companies. When we went beyond certain limits, like 700 Gbps or 800 Gbps, we faced some issues with the engine. So, we split up the platform and diverted some of the logs into different indexes. It solved the problem. Up to 500 Gbps per day is okay. When we go beyond that, a single instance cannot handle it. We need to split it up.

This issue was only with the on-premise version. We do not face such issues in the cloud. When customers wanted to renew their subscriptions, we suggested they move to the cloud. On-premise, we have to manage our indexes and searches, but in the cloud, it's done by the vendor. It's a plug-and-play process. Splunk automatically takes care of parsing. We have more than 30 customers.

The technical support is very good. The team supported us even during the Christmas holidays. The support engineer walked us through every step. The team is always reachable. We never had issues while contacting them.

I built some demo environments for my practice since Splunk was new to me two years ago. I used the free license. It was a pretty straightforward setup. I did not find any difficulties in setting up my lab environment. The deployment can be done within 15 minutes.

The return on investment is very good. It's very easy to use. Many of our customers decided to continue using Splunk because they have invested much in the training modules, the analysts are familiar with the tool, and it's very easy to search. Open-text queries are the best in Splunk. It is easy for our customers to perform the search. It's very lightweight compared to other solutions.

Our customers pay for the licenses. It’s bundled together in a yearly subscription.

There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.

We used the product for cloud-based monitoring or systems monitoring. 

The key difference I noticed for my use case, which involved understanding user behaviors and responses to digital elements, was that I could obtain more detailed reporting than what was possible with Amplitude. I could download a file with very specific information, which was helpful.

I did not use it for real-time monitoring. My focus was on investigating incident reports to understand the extent of user impact. Primarily, I utilized the Splunk Enterprise Platform to analyze user behavior.

I found the incident notification to be very helpful. While Splunk Enterprise Platform provided detailed data, it didn't seem to check as many boxes for user behavior as Amplitude did. At the same time, I'm not sure if Amplitude offers features for monitoring or incident coverage.

Its ability to access granular details in Excel was beneficial. It's always helpful to transition from visualizations to detailed user reports. 

The tool lacked in providing a shareable format. I had to use pivot tables and manually parse and edit the data to create a visualization-friendly format. It was helpful when we had an issue. What would make it stronger is if it were more proactive. For example, if it highlighted major incidents and their impact on users without digging through notifications, that would be better. Typically, the first question we get is, "Oh, we had an incident. How bad was it? How many customers were impacted?" So having that information pop up from the notification would be helpful.

Splunk Enterprise Platform is stable. 

I saw no issues or reasons to think that the product wouldn't scale over time. Our data is growing. 

I haven't contacted the tool's support. 

I rate the overall product a seven out of ten.

I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.