Splunk Enterprise Platform Reviews

I normally use Splunk Enterprise Platform for review purposes. It is very easy and convenient. Its GUI is easy for me to review and approve all those things.

Splunk Enterprise Platform is very easy and convenient to use. The graphical user interface is easy for me to review and approve tasks. It saves time by allowing me to perform actions on a single platform instead of managing them separately. Additionally, its real-time processing capability is very good.

The only problem I have with Splunk Enterprise Platform is that sometimes when I update a review, it takes time to receive confirmation emails. This happens very rarely, maybe once or twice a month. I feel this can be improved in terms of performance.

I have been using Splunk Enterprise Platform for three years.

Splunk Enterprise Platform is very stable.

Splunk Enterprise Platform is scalable to some extent, which is acceptable. However, when I connect via VPN, it may take time to launch.

I haven't got any support yet, so I can't comment on this as of now.

Splunk Enterprise Platform saves approximately 20 to 30 percent of my time without having to perform different actions separately.

My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.

On-premises

We are working with AppDynamics, Splunk Enterprise Platform, and other Splunk products. However, the main use case here is with Splunk Enterprise Platform.

Splunk Enterprise Platform is a good tool to have, but it is expensive. The features that have proven most effective for real-time data analysis include parts of the platform and its automation capabilities. However, I want them to enhance their automation to cover every aspect, particularly the automation of roles creation.

While Splunk Enterprise Platform is a good product, it is expensive. Additionally, it is complex for inexperienced cybersecurity engineers and requires experienced personnel to handle it effectively.

We have been providing Splunk Enterprise Platform for ten months.

Splunk's technical support is at the same level for all products, although we have not opened many tickets.

Neutral

Splunk Enterprise Platform is expensive.

The main competitor of Splunk in our region is Exabeam, which is less expensive. For small and medium companies, Fortinet is a competitor. Stellar Cyber has also recently entered the market.

For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.

The use cases for Splunk Enterprise Platform vary depending on the specific scenario.

Splunk Enterprise Platform has different purposes, including data visualization and other applications.

In Splunk Enterprise Platform, the most impactful features for data analytics allow you to get into the repository.

There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.

Splunk Enterprise enhances data analytics with its AI capabilities.

For future updates of Splunk Enterprise Platform, I would like to see integration by GUI.

The integration should be improved with the UI.

I have been using Splunk Enterprise Platform for about two years.

There are no significant challenges in deploying Splunk Enterprise Platform.

The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.

The time it takes to deploy Splunk Enterprise Platform depends on the use cases.

It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.

The same three people take part in the deployment of Splunk Enterprise Platform.

I do not take part in the deployment; my team does.

My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding.

Regarding maintenance, it does not require much as it is on-premises.

Overall, I would rate Splunk Enterprise Platform an eight.

On-premises

Other

We use Splunk to create dashboards and do analysis.

Splunk can be used primarily to port log files, allowing for easy and quick management of large amounts of logs. However, this can also be a drawback due to the configuration, parsing, and dashboard creation limitations. Communication is stream-based, which means you need to do a lot of pre-emptive setup to get a nice export. Another issue with Splunk is its streamlined nature; it reruns the query whenever you refresh a dashboard. This becomes problematic if you have a large volume of log files, as it can be slow, resource-intensive, and require significant storage space.

It is designed to process and analyze log files. You feed log files into the platform, automatically extracting different fields. This allows you to filter and manipulate the data in a stream-based manner. Essentially, you pass a log file through various filters sequentially, enhancing or reducing its size by adding or removing information. However, this stream-based approach can make it challenging to create detailed dashboards easily. The platform primarily focuses on log files and is unsuitable for real-time data analysis.

I have been using Splunk Enterprise Platform for one or two years.

The product is stable.

I rate the solution’s stability a six out of ten.

It can be very slow if you have a lot of data, and scaling it up for better performance can be quite expensive.

A thousand users use this solution. We have many systems and a lot of data.
It is centrally deployed and used extensively across various systems. I use it daily, but sometimes I only use it once a month. It depends on the data I need or the issue I'm investigating.

I rate the solution’s scalability a four out of ten.

The initial setup is straightforward.

I wouldn't recommend Splunk Enterprise Platform because it's slow and has significant limitations.

Overall, I rate the solution a six out of ten.

On-premises

The main use case is to analyze the data log coming from other systems. We use Splunk to identify anomalies in transaction patterns, which may indicate irregular activity from certain customers. Our goal is to create alerts for stakeholders when such anomalies are detected.

Splunk has made our job easier by streamlining data searching and decision-making processes. By using it for fraud detection, we have potentially saved billions of Indonesian rupiah.

Splunk is very flexible in handling various formats of data as long as basic rules are adhered to. Its integration with other systems is seamless and can be done overnight. This ease of integration is its best advantage. Additionally, Splunk is adequate for real-time data processing.

The Splunk Processing Language (SPL) poses a steep learning curve for new users. The software could benefit from additional processing power, such as GPU support, for handling large volumes of data faster. The language could also be more user-friendly, similar to platforms where actions are easier through button clicks.

I have used the solution for approximately three years.

I rarely encounter bugs or glitches during daily use. However, there was one instance where an issue required solutions from the headquarter's next upgrade session.

Splunk is scalable, provided the supporting infrastructure, such as CPU and GPU processing, is also scalable.

I rarely communicate with the Splunk headquarters, usually interacting with the local implementer.

Positive

We are not using anything else that functions like Splunk. However, for fraud detection, we also use GVD Instinct and FICO, along with Elasticsearch.

I have not been involved in implementing it, except in integration, where I've found it easy.

We have been saving significant amounts through fraud detection. I cannot say precisely how much. Overall, Splunk has simplified our data management and decision-making processes.

The official license operates like a subscription with an annual fee. Our local implementer offers pricing based on reserved quota, such as 80 gigabytes per day, costing under one billion Indonesian rupiah, or around $70,000 USD. It is affordable and flexible.

Elasticsearch, Kibana, Check Point, and other solutions like Microsoft Teams, OneDrive, and SharePoint are used.

Keep my identity anonymous; publishing my title is sufficient. It's important to master the SPL for efficient use. Seek solutions that better support GPU for real-time processing.

I'd rate the solution eight out of ten.

Other

I use the solution in my company to capture the events to deal with threat detection, incident response, and compliance reporting. For IT operation management, it gets complex to track the health and performance of IT infrastructure, including our network devices and applications, so Splunk Enterprise Platform can be used for centralized log management.

The most valuable feature of the tool for DevOps and from a continuous delivery perspective is that the tool is useful in areas like deployment, monitoring, and incident management.

If I compare Splunk Enterprise Platform with the other tools, the dashboard and the user interface need to be built at a console level and in a user-friendly mode. Sometimes, the tool looks a bit complex, and we can't find out the exact area where we need to make the changes in the configuration and changes for the log events monitoring. The dashboard and the console-level areas need to be made friendly.

The product's initial setup phase needs to be made easy since it looks like it is very complex compared to the other tools in the market.

I have been using Splunk Enterprise Platform for three years.

From a stability perspective, the tool is good. If any breakdowns exist, remediation and support are provided, so it is not a problem.

The tool is used by around 5,000 employees and servers in my company.

I have interacted with the solution's technical support. I rate the technical support a seven and a half out of ten.

Neutral

The solution is deployed in an on-premises version.

The tool is expensive.

To first-time users, I can say that proper analysis and bandwidth utilization, cloud resource monitoring, and cost optimization are the things I would ask one to check in the tool.

It is not easy for beginners to use, and for freshers, it will take time to understand the tool.

From a security perspective, I rate the tool a nine out of ten. From a user and the console perspective, I rate the tool a seven out of ten.

In general, I rate the tool an eight out of ten.

On-premises

Splunk Enterprise Platform is a powerful application that offers extensive visibility into events, notable occurrences, and correlations, providing robust capabilities.

The valuable feature is the onboarding of various logs using different methods. Additionally, it excels in content development and use case creation. I want to learn about upcoming technologies like Splunk Cloud and Azure integration. These platforms offer extensive capabilities for visualizing and manipulating data according to our requirements. Splunk's proficiency in field extractions and onboarding logs from diverse sources makes it highly capable. Its logging addition and parsing capabilities are particularly noteworthy.

In Splunk Enterprise Platform, while the dashboard feature is powerful, it does have limitations in terms of the number of parameters that can be included in one dashboard. However, it's important to note that these limitations can be addressed through effective dashboard design and optimization techniques. Despite these constraints, Splunk offers extensive capabilities for creating insightful dashboards that can visualize relevant data effectively.

Splunk excels in providing accurate and valuable alerts and reports. These features are crucial in reducing manual efforts, minimizing human errors, and expediting incident resolution processes. With Splunk's alerting and reporting functionalities, users can fine-tune alerts, apply filters, and include necessary information for thorough investigation and analysis. These capabilities contribute significantly to enhancing operational efficiency and decision-making within organizations.

I have been using Splunk Enterprise Platform for five years.

I rate the solution’s stability an eight out of ten.

Scalability is very flexible. Without the Splunk support, we can deploy and scale up.

The responsiveness of the support is very good. They will ask you if you are raising any P2, P1, or major incidents so they'll help us with immediate and accurate results.

The initial setup is straightforward , with detailed deployment steps outlined in their documentation. Additionally, the Splunk community is a valuable resource where users can ask questions and receive expert solutions. 

Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness.

The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool.

There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless.

Overall, I rate the solution an eight out of ten.

On-premises

I use the Enterprise platform mainly to monitor infrastructure, applications, and some security logs.

The most valuable feature of Splunk for data analysis is its ability to search using SPL and SQL. With SPL commands, you can analyze both structured and unstructured data and build visualizations, dashboards, and reports. Additionally, Splunk offers alerting mechanisms for proactive monitoring.

There is room for improvement in introducing more AI capabilities onto Splunk Enterprise Platform. While they might exist in other platforms like ITSI, enhancing the Enterprise Platform with AI features would benefit many users who predominantly use it.

I have been using Splunk Enterprise Platform for almost three years.

I would rate the stability of Splunk at around a seven out of ten. While it is generally good, in complex environments, issues may arise due to the increased number of components and dependencies. However, overall, the stability is good.

I would rate Splunk's scalability as a nine out of ten. It is the best log analysis application currently available. Scalability has allowed us to handle increasing volumes of data, enabling us to onboard additional customers and share infrastructure monitoring on the same setup. We have approximately 20 people using Splunk Enterprise Platform in our company.

The technical support team could improve by providing more direct assistance rather than primarily relying on community resources for issue resolution. While they do understand the issues, they often refer to existing communities for solutions instead of directly addressing system-specific concerns. Overall, I would rate the support as a six out of ten.

Neutral

The initial setup of Splunk Enterprise is relatively complex compared to other monitoring applications in the market. There is a need to focus on simplifying key components and reducing dependencies for a smoother setup process. For a large environment, the deployment of Splunk Enterprise typically takes around three months to set up completely.

Splunk Enterprise Platform is a bit expensive.

I use the Platform to monitor my IT infrastructure. There are apps for Linux and Windows servers that capture performance metrics like CPU and memory usage. These metrics are collected and sent to the blank index through forwarders.

Splunk helps with security information and event management by detecting and monitoring network equipment and firewalls. It saves searches for specific terms, like threats, in firewall logs. When a match is found, it alerts about potential security breaches, helping to detect and address them.

The real-time processing capability in Splunk enhances data monitoring by centrally collecting all data. This allows for easy searching and scheduling of searches, reducing the need for manual intervention.

The dashboard and visualization features in Splunk impact data analysis by providing a clear status of data analysis. Users can create customized views for management, helping them understand what is happening within the infrastructure more effectively.

I would recommend Splunk to others, especially from the CIM perspective. Its data analysis and visualization capabilities are unmatched, making it an excellent choice for SIM.

Overall, I would rate Splunk Enterprise Platform as a nine out of ten.

On-premises