Splunk Enterprise Platform Reviews

I have a variety of use cases. My company uses it for cloud-related operations, anomaly identification, and threat detection.

It's been very useful in regard to security information and threat management (SIEM). Splunk is a valuable tool for my organization.

The timestamp indexing and the easy-to-use visualization features are the most valuable features for data analysis.

Moreover, the dashboard and visualization features have made a big difference. We can quickly identify issues within the dashboards and easily generate insightful reports. If something goes down, we can easily detect the issue.

Splunk's real-time processing capability has been pretty good for my use cases.

There is room for improvement in terms of scalability. They can enhance the ability to handle increasing volumes of data. 

I have been using it for four years now. 

There have been occasional issues, but nothing major.

I would rate the stability an eight out of ten.

I never had issues with scalability. My organization has 8,000 end users. 

I would rate the scalability an eight out of ten.

The customer service and support are good. 

In general, the initial setup is fairly easy.

Not everyone can do it. Some knowledge and experience would likely be helpful to get the most out of the setup.

Typically, the deployment would take around 16 to 20 hours.

The pricing is about average.

Overall, I would rate the solution an eight out of ten.

I would recommend using this solution. Overall, Splunk is a good tool for analysis and for representing data in a short span of time. It helps minimize unnecessary noise in the data.  

We use the Splunk Enterprise Platform for logging and monitoring purposes. If users log into different databases and do something, we onboard database logs and other AWS logs to Splunk. Then, we create a dashboard alert report, and based on those dashboard alerts, we monitor users' actions. If they perform suspicious activities, we also send alerts. We use the solution to create dashboard alerts, reports, and some query language.

The most valuable features of the solution are the load balancing technique, the forwarding technique, and SSL certification.

Sometimes, queries don't give proper results, and the indexes go down.

I have been using Splunk Enterprise Platform for seven years.

I rate the solution an eight out of ten for stability.

I rate the solution’s scalability a nine out of ten.

The solution’s technical support is good.

The solution’s initial setup is easy.

I have heard from my managers that Splunk Enterprise Platform is an expensive solution.

The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard.

Overall, I rate the solution an eight out of ten.

We use the tool to monitor logs from various sources. Multiple users send their logs to the Splunk Enterprise Platform using different methods, including Universal Forwarder and AWS services like S3. Additionally, we utilize tools like AWS Genesys for log transmission.

The product helps monitor and visualize data. It allows you to handle various tasks. You can store, visualize, and analyze data with the Splunk Enterprise Platform. It offers features like virtual folders and heavy folders for filtering data. Additionally, you can create dashboards to showcase data to different teams and stakeholders. The tool also enables the creation of analytics and alerts and sends reports, making it a valuable tool for our system.

The dashboard and visualization features are good for data analysis. With features like the Studio dashboard introduced in versions 8 to 9, users find it much easier to create dashboards without knowledge of languages like XML.

Based on my experience, I've noticed areas for improvement, particularly in support. Developers typically interact with support personnel who may lack technical expertise when raising support tickets. This can result in delays as initial interactions involve sharing documents before escalation to higher support levels.

I have been using the product for four years. 

I rate the tool's stability an eight out of ten. 

The tool's scalability is good, and it is based on licensing. My company has more than 10,000 users. 

I used Dynatrace before the Splunk Enterprise Platform. 

The tool's deployment can be complex for the first time. It can become more manageable after that. 

If you exceed your licensed limit, the product will issue a warning, typically a five-license warning. Additionally, they send daily email notifications informing you about the breach. This prompts you to consider options such as minimizing logs or acquiring additional licensing to address the issue.

It can be perceived as expensive, especially for organizations dealing with large volumes of data, such as in the banking sector, where numerous logs are generated every second. While other tools are available at lower costs, some teams may consider open-source or lower-cost alternatives, especially if they have funding constraints.

Regarding security and event management, the tool is handled by a different team. They utilize security enterprise tools, including SIEM, to manage security. Splunk Enterprise Platform's real-time processing capability significantly enhances our data monitoring. I would rate it an eight out of ten.

We have around 38 virtual machines, including the desktop. We have filled our gap network. Splunk Enterprise monitors all network layer traffic, starting with Cisco traffic port violations. We are monitoring Windows logs, CPU, RAM, and disk utilization in Windows.

Splunk Enterprise is a wireless enterprise application that can be customized based on training. We can add new machines, Spring Forwarders, and whatever else we need to complete the job.

We have an enterprise system that we can only use up to 70% capacity. We have no Internet access. To ensure our system runs optimally, we must configure specific rules, such as RAM, CPU, and space utilization alerts. Also, it is tough for us to reach out to Splunk. We have another software called Nessus, which can be used for vulnerability scans to improve and expand our vulnerability management capabilities. We can add a vulnerability management tool and back network traffic monitoring. This would allow us to add everything into a single platform since we currently use multiple applications for eight solutions.

I have been using Splunk Enterprise Platform since 2020. We are using the latest version of the solution.

The product is stable.

We have 43 users using this platform.

The initial setup is easy. We manage the installation of Splunk Enterprise Platform. On the first installation day, there are extensive procedures from Splunk and Honeywell. They are explaining how to install the software using Honeywell automation. They have provided a lot of documentation, but it is incomplete. It takes them two days to complete the installation, and then they train us for another week.

We are using 11GB per day. Since I did all the analysis to determine how much we are consuming, we are currently utilizing around 5GB out of 11 GB. Therefore, we can reduce our usage from 11GB/day to 5GB/day. We reached out to Splunk, and they confirmed that this is possible. They also mentioned that there are commercial benefits to signing a longer-term contract. We are currently working on reducing our usage from 11GB/day to 5GB/day.

We have annual automation for our automated building and availability building. The maintenance is easy. We will do a vulnerability scan. Then, we need to ask someone from the Splunk team to confirm that upgrading to this version of Windows or applying monthly or weekly patches will not impact the Splunk application. It's not easy or feasible to reach out to Splunk directly. Splunk is an enterprise software platform that monitors storage, CPU, RAM, Windows logs, and Cisco network logs on large machine setups. I suggest Splunk to anyone with these needs. Overall, I rate the solution an eight out of ten.

We use the monitoring solution. People might ask me to create a new request, maybe for a specific Windows event log, which is how we create a ticket for an incident. Most of the time, this creates a new alert for people. It can be a little complex. We can also create dashboards with some information for other teams. Dashboard alerting is a big part of the work.

Though we use Splunk for monitoring, for me, it is more software that collects lots of data and can then be used for alerting.

We use a custom environment.

The best thing about Splunk is you can collect all the data you want, and you can play with the data and do what you want. You can modify the data and collect all the information into one dashboard. It's very cool. In other monitoring software like Zabbix, you can't easily do something like this. With Splunk, it's very easy. You need to understand Splunk's language, but you can do what you want after that. You can correlate your data with CSV files. Splunk can monitor, extract, transform, and load software.

Splunk is not an out-of-the-box solution like Micro Focus or Zabbix. You have to create your request to collect the data and add crucial components to the software. You have add-ons created by Splunk or the community but don't have out-of-the-box monitoring items in the software. For example, FETCH CUP with Micro Focus is agentless monitoring, has a lot of out-of-box items, and is easy to use. You will find it difficult to use Splunk initially, which could use improvement. However, I know there is another module from Splunk that focuses on fast and secure monitoring with more out-of-box add-ons, but I haven't used it since when I started using it, it lacked out-of-box items. All the same, Splunk could be more user-friendly for new users.

I've worked with the solution for about two years.

I rate Splunk's stability a nine out of ten because it's very stable. I don't face issues with projects.

You can scale Splunk. It works with an indexer which indexes search data. If you want more power, you can add more indexers, so I rank Splunk's scalability an eight out of ten.

With all the documentation available, the initial setup is not difficult. If all you want is a stand-alone app in Splunk to handle all the processes, you just need to create a project in the data server, which is easy.

You must buy a license with the on-prem version, usually through an intermediary. In France, it's Accenture. There are cloud solutions where Splunk handles the servers and patching directly, and you just use the solution.

The solution is expensive, so I rate its pricing a four out of ten. Though the solution is expensive, it depends on which company purchases the product.

Though I haven't used it, Grafana is also a CM that can collect data.

I didn't create the custom environment we use at my organization. Still, it doesn't seem too difficult to build things because there is a lot of online documentation and videos. You can also get training with Splunk. You have a lot of data to help you when you want to create a new environment.

I rate Splunk Enterprise Platform an eight out of ten. The solution is very powerful, and I like to play with data to do what I want.

We use the solution mainly for security operations. We receive logs from different log sources.

The product is very easy to use. We just have to run the agent and collect the log. We don't have many delays or problems. We faced an issue once or twice when there was a network issue and when the system was rebooted. The percentage of issues is very low compared to the overall deployment. It is 0.001%.

The solution supports our organization's security and compliance monitoring very much. We rely on the platform to detect abnormalities and to perform searches. If someone brings a compliance issue, we request logs from the platform to determine whether it happened. We use the tool’s search feature and Intel's machine learning platform to conduct our analysis.

We don't face any issues in real-time monitoring. There is no latency. We have options to create our own dashboards. The GUI is very simple. It's a simple platform. It is very easy to use.

The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches.

It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management.

We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.

I have been using the solution for two years. I am using the latest version of the solution.

The tool is stable enough. In my demo environment, I used my own physical machines to run it. I was able to ingest as many log sources as I wanted within the data limit, and it did not have any issues. The search is very responsive when compared to the other platforms. There was no lag.

Splunk has been supporting free text searches for two years. We can query anything out of the box without specifying any indexes. We can perform free-text queries. Usually, it takes very little time to produce the results if the data set is too small. If the data set is too large, the product suggests we finetune our search, and it provides us with hints on which indexes to specify. It has three different options: Fast mode, Push mode, and Smart mode. We can switch the modes to get results quicker. Later, we can change the mode back to do a deeper analysis.

Scalability is not an issue for SMBs and moderately big companies. When we went beyond certain limits, like 700 Gbps or 800 Gbps, we faced some issues with the engine. So, we split up the platform and diverted some of the logs into different indexes. It solved the problem. Up to 500 Gbps per day is okay. When we go beyond that, a single instance cannot handle it. We need to split it up.

This issue was only with the on-premise version. We do not face such issues in the cloud. When customers wanted to renew their subscriptions, we suggested they move to the cloud. On-premise, we have to manage our indexes and searches, but in the cloud, it's done by the vendor. It's a plug-and-play process. Splunk automatically takes care of parsing. We have more than 30 customers.

The technical support is very good. The team supported us even during the Christmas holidays. The support engineer walked us through every step. The team is always reachable. We never had issues while contacting them.

I built some demo environments for my practice since Splunk was new to me two years ago. I used the free license. It was a pretty straightforward setup. I did not find any difficulties in setting up my lab environment. The deployment can be done within 15 minutes.

The return on investment is very good. It's very easy to use. Many of our customers decided to continue using Splunk because they have invested much in the training modules, the analysts are familiar with the tool, and it's very easy to search. Open-text queries are the best in Splunk. It is easy for our customers to perform the search. It's very lightweight compared to other solutions.

Our customers pay for the licenses. It’s bundled together in a yearly subscription.

There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.

We monitor our airtight network traffic using the Splunk Enterprise Platform. We also use the solution for port monitoring, to monitor which ports are closed, which are open, and flapping if in any port. We use it to check our server performance to see if it gets choked because of high CPU or RAM utilization.

Splunk Enterprise Platform is an easy-to-use and easy-to-configure solution.

There should be continuous customer engagement and training programs on the new features and capabilities introduced by the solution.

I have been using Splunk Enterprise Platform for four years.

I rate Splunk Enterprise Platform a nine out of ten for stability.

Splunk Enterprise Platform is a scalable solution. Two people are using the solution in our organization to monitor data.

I rate Splunk Enterprise Platform ten out of ten for scalability.

The solution’s initial setup is easy.

One or two hours is enough to deploy the solution, but its configuration will take time, based on the users. Just one person is enough to deploy the solution.

We have seen a return on investment with Splunk Enterprise Platform for security and performance use cases.

The solution’s pricing is moderate. We have to pay a yearly licensing fee for the solution, and there is an additional cost for support.

Splunk Enterprise Platform is a good and easy-to-use solution. It has to be regularly upgraded to the changing network or customer needs.

Overall, I rate Splunk Enterprise Platform an eight out of ten.

We use the solution for patching. 

It's not just one feature I like the most. Every person wants to collect and rate logs, and I value how the Splunk Enterprise Platform handles this.The most valuable part for us is setting up the alerts and reports to manage the logs and log metrics. We use it to support every tool across the entire bank.We are the ones who manage all the data, and if there's any issue, everything depends on the Splunk Enterprise Platform. 

The tool uses upgraded rules restricting access to specific people, ensuring that only certain individuals can edit. Everyone else has read-only access. Splunk Enterprise Platform's dashboard and visualization features are good. These features are some of the best parts of the software because you can customize the dashboard however you need. The user interface is perfect and keeps getting better with new updates. It's very user-friendly, allowing everyone to create their dashboards easily.

The Splunk Enterprise Platform has room for improvement, particularly in automating the permissions process during app promotions. Currently, permissions are manually set when different teams request an application move to production, which is time-consuming. Automating this process would streamline operations by automatically assigning the appropriate permissions and roles to specific services or teams, reducing the need to review each request ticket manually.

I have been using the tool for one year and five months. 

I would rate the tool's stability as ten out of ten. It provides outstanding security and is also very user-friendly.

We have encountered issues with scaling up and handling increasing data volumes, but we address them according to customer requirements. As for scalability, I would rate it a nine out of ten.

The solution's support uses a ticketing system to address dashboards, alerts, reports, etc. If server issues or alerts are triggered, they respond by raising a ticket. They investigate the problem by checking logs and assessing any impact on disk storage.

I handle smaller support tasks myself but escalate them to my head for high-priority issues.

My company's senior SMEs help with the deployment process. 

The solution's pricing increases with the amount of data used. This pricing model is acceptable because it aligns with the security features provided. It ensures that the price reflects the level of security and the amount of data we're managing.

Currently, we are on-prem. However, we have started cloud migration in the last few months. I rate the overall solution a ten out of ten. In daily life, every IT company should use it to monitor its logs. It is an emerging tool.