Splunk Enterprise Platform Reviews

We use Splunk to create dashboards and do analysis.

Splunk can be used primarily to port log files, allowing for easy and quick management of large amounts of logs. However, this can also be a drawback due to the configuration, parsing, and dashboard creation limitations. Communication is stream-based, which means you need to do a lot of pre-emptive setup to get a nice export. Another issue with Splunk is its streamlined nature; it reruns the query whenever you refresh a dashboard. This becomes problematic if you have a large volume of log files, as it can be slow, resource-intensive, and require significant storage space.

It is designed to process and analyze log files. You feed log files into the platform, automatically extracting different fields. This allows you to filter and manipulate the data in a stream-based manner. Essentially, you pass a log file through various filters sequentially, enhancing or reducing its size by adding or removing information. However, this stream-based approach can make it challenging to create detailed dashboards easily. The platform primarily focuses on log files and is unsuitable for real-time data analysis.

I have been using Splunk Enterprise Platform for one or two years.

The product is stable.

I rate the solution’s stability a six out of ten.

It can be very slow if you have a lot of data, and scaling it up for better performance can be quite expensive.

A thousand users use this solution. We have many systems and a lot of data.
It is centrally deployed and used extensively across various systems. I use it daily, but sometimes I only use it once a month. It depends on the data I need or the issue I'm investigating.

I rate the solution’s scalability a four out of ten.

The initial setup is straightforward.

I wouldn't recommend Splunk Enterprise Platform because it's slow and has significant limitations.

Overall, I rate the solution a six out of ten.

I use the Enterprise platform mainly to monitor infrastructure, applications, and some security logs.

The most valuable feature of Splunk for data analysis is its ability to search using SPL and SQL. With SPL commands, you can analyze both structured and unstructured data and build visualizations, dashboards, and reports. Additionally, Splunk offers alerting mechanisms for proactive monitoring.

There is room for improvement in introducing more AI capabilities onto Splunk Enterprise Platform. While they might exist in other platforms like ITSI, enhancing the Enterprise Platform with AI features would benefit many users who predominantly use it.

I have been using Splunk Enterprise Platform for almost three years.

I would rate the stability of Splunk at around a seven out of ten. While it is generally good, in complex environments, issues may arise due to the increased number of components and dependencies. However, overall, the stability is good.

I would rate Splunk's scalability as a nine out of ten. It is the best log analysis application currently available. Scalability has allowed us to handle increasing volumes of data, enabling us to onboard additional customers and share infrastructure monitoring on the same setup. We have approximately 20 people using Splunk Enterprise Platform in our company.

The technical support team could improve by providing more direct assistance rather than primarily relying on community resources for issue resolution. While they do understand the issues, they often refer to existing communities for solutions instead of directly addressing system-specific concerns. Overall, I would rate the support as a six out of ten.

Neutral

The initial setup of Splunk Enterprise is relatively complex compared to other monitoring applications in the market. There is a need to focus on simplifying key components and reducing dependencies for a smoother setup process. For a large environment, the deployment of Splunk Enterprise typically takes around three months to set up completely.

Splunk Enterprise Platform is a bit expensive.

I use the Platform to monitor my IT infrastructure. There are apps for Linux and Windows servers that capture performance metrics like CPU and memory usage. These metrics are collected and sent to the blank index through forwarders.

Splunk helps with security information and event management by detecting and monitoring network equipment and firewalls. It saves searches for specific terms, like threats, in firewall logs. When a match is found, it alerts about potential security breaches, helping to detect and address them.

The real-time processing capability in Splunk enhances data monitoring by centrally collecting all data. This allows for easy searching and scheduling of searches, reducing the need for manual intervention.

The dashboard and visualization features in Splunk impact data analysis by providing a clear status of data analysis. Users can create customized views for management, helping them understand what is happening within the infrastructure more effectively.

I would recommend Splunk to others, especially from the CIM perspective. Its data analysis and visualization capabilities are unmatched, making it an excellent choice for SIM.

Overall, I would rate Splunk Enterprise Platform as a nine out of ten.

Our primary use case for this solution is to monitor several organizations. Instead of maintaining a large security team, this solution aggregates all security data into a single point. It allows us to view our entire security environment by checking dashboards and alerts, simplifying our work as we no longer need to review individual logs on each machine. Additionally, it features a security rating system that provides real-time ratios, which can be directly shared with auditors to justify our security measures.

The product is primarily an aggregation and visualization tool for your security environment. It is not a complete security solution, relying on aggregating data from various other security tools. It means you don't have to work with multiple applications simultaneously, simplifying management. However, there are several areas where it could be improved.

Firstly, integration with different cloud platforms could be enhanced. While we try to sell the product with various solutions, many users seek specific security components rather than a comprehensive solution. This approach might only sometimes be ideal. For instance, legacy systems often have their issues, and upgrades can result in a fragmented security system over time.

At present, they release thousands of updates for every launch. They could work on reducing the same.

We have been using Splunk Enterprise Platform for four to five years, possibly even longer.

The product is deployed on-premises. The stability depends on maintenance.

The initial setup process is lengthy due to the need to address false positives and adapt to the organization's specific environment. It involves a significant learning component on the system side to ensure accurate data analysis and interpretation. Once integrated with predictive subsystems, it operates smoothly without placing heavy demands on the system.

Splunk Enterprise Platform offers numerous benefits, including reduced investment in security features compared to maintaining a large security team. By consolidating security operations into a single appliance, organizations can save significantly by requiring fewer personnel to manage security tasks. For example, a single appliance can support round-the-clock monitoring with just one or three shifts, unlike the larger team typically required for 24/7 coverage. This streamlined approach results in substantial cost efficiencies and optimized resource utilization.

Product pricing is typically annual, and discounts are often available for longer-term commitments. While most vendors are willing to offer discounts for extended periods, Microsoft is an exception, as it sets its terms.

Splunk offers specific features for real-time data analysis, enabling users to gain comprehensive insights into their organizational data. Moreover, it empowers users with proactive measures by offering automated solutions, such as AI repair, to address issues before they escalate into significant problems.

It can handle large datasets, swiftly consolidating outputs from every server and device across the network.

The AI-driven analytics are effective, providing intelligent analysis and visual reports. It detects any attempts at breaches or deviations from established standards. For example, if a server is missing a critical Windows update, it will be highlighted immediately and can be addressed either automatically or through our service desk.

A single person can effectively manage it for small companies. However, running a Security Operations Center (SOC) is crucial for large organizations. The integration of AI is vital for handling complex security environments.

I rate it a nine out of ten.

We use the Splunk Enterprise Platform for logging and monitoring purposes. If users log into different databases and do something, we onboard database logs and other AWS logs to Splunk. Then, we create a dashboard alert report, and based on those dashboard alerts, we monitor users' actions. If they perform suspicious activities, we also send alerts. We use the solution to create dashboard alerts, reports, and some query language.

The most valuable features of the solution are the load balancing technique, the forwarding technique, and SSL certification.

Sometimes, queries don't give proper results, and the indexes go down.

I have been using Splunk Enterprise Platform for seven years.

I rate the solution an eight out of ten for stability.

I rate the solution’s scalability a nine out of ten.

The solution’s technical support is good.

The solution’s initial setup is easy.

I have heard from my managers that Splunk Enterprise Platform is an expensive solution.

The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard.

Overall, I rate the solution an eight out of ten.

We use the solution mainly for security operations. We receive logs from different log sources.

The product is very easy to use. We just have to run the agent and collect the log. We don't have many delays or problems. We faced an issue once or twice when there was a network issue and when the system was rebooted. The percentage of issues is very low compared to the overall deployment. It is 0.001%.

The solution supports our organization's security and compliance monitoring very much. We rely on the platform to detect abnormalities and to perform searches. If someone brings a compliance issue, we request logs from the platform to determine whether it happened. We use the tool’s search feature and Intel's machine learning platform to conduct our analysis.

We don't face any issues in real-time monitoring. There is no latency. We have options to create our own dashboards. The GUI is very simple. It's a simple platform. It is very easy to use.

The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches.

It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management.

We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.

I have been using the solution for two years. I am using the latest version of the solution.

The tool is stable enough. In my demo environment, I used my own physical machines to run it. I was able to ingest as many log sources as I wanted within the data limit, and it did not have any issues. The search is very responsive when compared to the other platforms. There was no lag.

Splunk has been supporting free text searches for two years. We can query anything out of the box without specifying any indexes. We can perform free-text queries. Usually, it takes very little time to produce the results if the data set is too small. If the data set is too large, the product suggests we finetune our search, and it provides us with hints on which indexes to specify. It has three different options: Fast mode, Push mode, and Smart mode. We can switch the modes to get results quicker. Later, we can change the mode back to do a deeper analysis.

Scalability is not an issue for SMBs and moderately big companies. When we went beyond certain limits, like 700 Gbps or 800 Gbps, we faced some issues with the engine. So, we split up the platform and diverted some of the logs into different indexes. It solved the problem. Up to 500 Gbps per day is okay. When we go beyond that, a single instance cannot handle it. We need to split it up.

This issue was only with the on-premise version. We do not face such issues in the cloud. When customers wanted to renew their subscriptions, we suggested they move to the cloud. On-premise, we have to manage our indexes and searches, but in the cloud, it's done by the vendor. It's a plug-and-play process. Splunk automatically takes care of parsing. We have more than 30 customers.

The technical support is very good. The team supported us even during the Christmas holidays. The support engineer walked us through every step. The team is always reachable. We never had issues while contacting them.

I built some demo environments for my practice since Splunk was new to me two years ago. I used the free license. It was a pretty straightforward setup. I did not find any difficulties in setting up my lab environment. The deployment can be done within 15 minutes.

The return on investment is very good. It's very easy to use. Many of our customers decided to continue using Splunk because they have invested much in the training modules, the analysts are familiar with the tool, and it's very easy to search. Open-text queries are the best in Splunk. It is easy for our customers to perform the search. It's very lightweight compared to other solutions.

Our customers pay for the licenses. It’s bundled together in a yearly subscription.

There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.

We monitor our airtight network traffic using the Splunk Enterprise Platform. We also use the solution for port monitoring, to monitor which ports are closed, which are open, and flapping if in any port. We use it to check our server performance to see if it gets choked because of high CPU or RAM utilization.

Splunk Enterprise Platform is an easy-to-use and easy-to-configure solution.

There should be continuous customer engagement and training programs on the new features and capabilities introduced by the solution.

I have been using Splunk Enterprise Platform for four years.

I rate Splunk Enterprise Platform a nine out of ten for stability.

Splunk Enterprise Platform is a scalable solution. Two people are using the solution in our organization to monitor data.

I rate Splunk Enterprise Platform ten out of ten for scalability.

The solution’s initial setup is easy.

One or two hours is enough to deploy the solution, but its configuration will take time, based on the users. Just one person is enough to deploy the solution.

We have seen a return on investment with Splunk Enterprise Platform for security and performance use cases.

The solution’s pricing is moderate. We have to pay a yearly licensing fee for the solution, and there is an additional cost for support.

Splunk Enterprise Platform is a good and easy-to-use solution. It has to be regularly upgraded to the changing network or customer needs.

Overall, I rate Splunk Enterprise Platform an eight out of ten.

We use the solution for patching. 

It's not just one feature I like the most. Every person wants to collect and rate logs, and I value how the Splunk Enterprise Platform handles this.The most valuable part for us is setting up the alerts and reports to manage the logs and log metrics. We use it to support every tool across the entire bank.We are the ones who manage all the data, and if there's any issue, everything depends on the Splunk Enterprise Platform. 

The tool uses upgraded rules restricting access to specific people, ensuring that only certain individuals can edit. Everyone else has read-only access. Splunk Enterprise Platform's dashboard and visualization features are good. These features are some of the best parts of the software because you can customize the dashboard however you need. The user interface is perfect and keeps getting better with new updates. It's very user-friendly, allowing everyone to create their dashboards easily.

The Splunk Enterprise Platform has room for improvement, particularly in automating the permissions process during app promotions. Currently, permissions are manually set when different teams request an application move to production, which is time-consuming. Automating this process would streamline operations by automatically assigning the appropriate permissions and roles to specific services or teams, reducing the need to review each request ticket manually.

I have been using the tool for one year and five months. 

I would rate the tool's stability as ten out of ten. It provides outstanding security and is also very user-friendly.

We have encountered issues with scaling up and handling increasing data volumes, but we address them according to customer requirements. As for scalability, I would rate it a nine out of ten.

The solution's support uses a ticketing system to address dashboards, alerts, reports, etc. If server issues or alerts are triggered, they respond by raising a ticket. They investigate the problem by checking logs and assessing any impact on disk storage.

I handle smaller support tasks myself but escalate them to my head for high-priority issues.

My company's senior SMEs help with the deployment process. 

The solution's pricing increases with the amount of data used. This pricing model is acceptable because it aligns with the security features provided. It ensures that the price reflects the level of security and the amount of data we're managing.

Currently, we are on-prem. However, we have started cloud migration in the last few months. I rate the overall solution a ten out of ten. In daily life, every IT company should use it to monitor its logs. It is an emerging tool. 

We use Splunk for onboarding updates, dashboards, application monitoring, and insights.

We are using it for event management. We don't have that much exposure on the security side.

It is very easy to use logs and create dashboards. You can define extractions for specific exceptions. Splunk can extract historical data and process upcoming data in real-time. You can easily modify, update, or edit extraction rules as needed. Additionally, you can create custom knowledge objects at any time. The platform allows you to restrict user access based on permissions. Even regular users can create reports and dashboards for their workflows.

Splunk Enterprise Platform needs some improvement. For instance, the dashboard sizing and customization options could be enhanced. There seems to be a limitation in adjusting the size of individual panels within a dashboard. This can be frustrating when comparing data across different panels, as users are forced to scroll continuously. Additionally, while Splunk offers some new features like student dashboards, modifying these dashboards requires a level of JavaScript expertise that not all users possess. Providing more user-friendly options for customization, such as adjusting colors and fonts directly from the user interface, could greatly improve the user experience.

Moreover, for users transitioning from other monitoring tools like Dynatrace, the interface may feel less intuitive and more cumbersome. Offering more intuitive visualization options and simplifying the customization process could bridge this gap and make Splunk more accessible to a wider range of users.

I have been using Splunk Enterprise Platform for seven years. We are using V9.0.4.1 of the solution.

The product is stable. I rate the solution’s stability a nine out of ten.

I've encountered numerous issues and challenges, but I've managed to overcome them. I rely on the Splunk community to find solutions whenever I face difficulties. I want to fully engage with the platform and be active in its development, but sometimes, I struggle to find the right resources or support.

The initial setup is easy.

Splunk Enterprise Platform can seem a bit costly compared to their five-year plans. There's a need to provide options, such as offering a free license for up to ten GB of data or a limited-time test and development license at no cost. For instance, if a company purchases a one-year product license, it could receive additional test and development licenses for free, up to a certain data limit. While there would naturally be some restrictions, such as limitations on certain features or functionalities, offering these options could encourage more people to adopt Splunk for their needs. Many individuals and stakeholders hesitate due to Splunk's perceived high costs when considering the additional expenses for enterprise support, operational support, and device licenses. Introducing more flexible licensing options could alleviate these concerns and attract more users to the platform, benefiting both Splunk and its customers.

Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end.

Overall, I rate the solution a nine out of ten.