Splunk Enterprise Platform Reviews

I use the platform to collect data and report to the clients that need reporting from Splunk. I work on gathering big data from all over my company and exporting it into proper reports.

What I find the most valuable about the platform is its DB Connect and its versatility in general. I also like its adaptability to any use case when it comes to collecting and analyzing data.

It is hard to say in what areas the platform could be improved since it's very versatile and applies to many use cases. It already has the functioning vetted into the core architecture of the product. In my opinion, there is no need for additional features because it already has many, and I haven't used them all.

I've been using Splunk Enterprise Platform for two and a half years. I am a Splunk software architect and Splunk is the only platform I use.

It's a very stable platform. A ten out of ten.

The scalability of Splunk is ten out of ten. It's one of the best platforms on the market. Approximately 1,000-2,000 people use the platform at our company, but only two people are needed to maintain it and I'm one of them. Everything is automated and it is very easy to manage 2,000 users on my own.

I would compare Splunk Phantom with RSA NetWitness and Elasticsearch. All three solutions give the same output but in a different way. They analyze data in different ways. Each product has its scalability, versatility, and appliances in the current business needs of the company that uses it.

The initial setup is very easy. At our company, we deployed Splunk ourselves because we are a team of Splunk architects and we have done it before.

The platform is too expensive for small businesses. If you choose the free plan, it only has 15 GB of data per day, and it may not be enough to run a small business. You need to pay a subscription based on data ingestion, and that's very expensive. Splunk should focus more on delivering something for small businesses and entrepreneurs. I give the pricing a three or four out of ten. Although the product is pricey, it's truly magnificent.

Overall, I give Splunk a nine out of ten and not a solid ten just because there are new updates every day and we don't know exactly what we need to search for since it's not that viewable. 

We use Splunk Enterprise for data visualization.

We use Splunk administration rather than Splunk development.

We provide support to users so they can access our Splunk application and use it however they want. For example, if they are not able to view some of the logs that are coming from their servers in our Splunk, then we usually check all the logs here that have been missed and forward the ones that were not forwarded. 

Also, sometimes they use their access to install some apps. We have Splunk apps and they want us to create an app for their usage. We also need to create these apps in the Splunk application. Sometimes they aren't able to download or upload files into Splunk or other websites. They aren't able to download these reports as PDF files. We usually work on this and try to resolve it as quickly as possible.

We use Splunk for cyber security. We have a lot of teams who use Splunk for different purposes. The security team uses it to authorize log-ins, so in case something happens, Splunk monitors it. Also, the development team uses it to monitor data while they're creating a new application.

In the enterprise platform, all of the clusters and indexes are under our maintenance. If required, we can make changes and see the logs manually by getting into the servers.

Things have to be managed manually in Splunk Enterprise, which is not the case in Splunk Cloud, where the client could manage it on their own.

It would be useful if Splunk Enterprise Platform could monitor the application URL, to check whether it's responsive or not.

I've been using it for a year and a half.

It is completely stable and the infrastructure is good. We have no issues with our Splunk Enterprise Platform.

We contact technical support whenever there's an issue with logs and they work through it with us.

Positive

We use both Splunk Cloud and Splunk Enterprise. We might opt for Splunk Cloud in the future since it's less expensive, but we are currently using both.

The deployment takes about a day. I would say that the initial setup is quite a complex thing to do because there are a lot of things that have to be done for clustering all the features and indexing and then forwarding data to the indexes. When it comes to applications, we have to replicate the data. The process takes time. Once everything is done, we still need to monitor the infrastructure constantly.

It is easy to maintain if you are familiar with the deployment model.

I have hands-on experience with AWS, Linux, Ansible, and Terraform and with programs like Python, Java, and SQL as well. I also use tools like Catchpoint, Nagios, and Grafana.

I would suggest using Splunk Cloud first, and then Splunk Enterprise because the maintenance and the infrastructure management are easy. I would rate it an eight out of ten.

Splunk Enterprise Platform is a basic monitoring tool used for application performance monitoring, database monitoring, and infrastructure monitoring. Currently, I use the solution for application monitoring and security monitoring. I use the tool to monitor security breaches or suspicious activities.

The solution is very good for monitoring compared to other tools. It provides an accurate solution. We used to get a free trial of around 60 days to test and get a good experience on Splunk.

The solution's license cost is high and can be improved. There are some limitations on data onboarding if you have huge data.

I have been using Splunk Enterprise Platform for three to four years.

Compared to other monitoring tools, Splunk Enterprise Platform provides good stability.

I haven’t faced any issues with the solution’s scalability.

Splunk ITSI is very good for support, which includes getting an incident number and working on it.

We need to integrate Splunk Enterprise Platform with other tools, which provide some security events. After integrating, you get the logs from that application's API. Once you get those logs, we will create a code per the business requirements and create an alert, report, or dashboard, whichever is needed.

Splunk Enterprise Platform works based on apps installed in Splunk. For example, if you want SQL data to get into Splunk, you need to install an SQL database plugin on the Splunk server. That plugin will capture the logs related to an SQL database with Splunk. After that, we write a query, pull out the data we need, and provide knowledge objects.

Visualization is very good in Splunk Enterprise Platform. The solution has good visualization elements like bar graphs, pie charts, line graphs, single visualizations, and maps. I would recommend the solution to other users.

Splunk Enterprise Platform is a very good tool for monitoring your day-to-day activity logs. This will eventually help you create reports or dashboards to monitor the business's progress.

Overall, I rate the solution seven and a half or eight out of ten.

Our use case for Splunk Enterprise Platform involved deploying the solution for a client requirement, focusing on their data monitoring and management needs.

Splunk Enterprise Platform has significantly improved operational efficiency by making it easier to monitor infrastructure, detect errors, and read logs. It has reduced troubleshooting efforts from one hundred percent to about twenty percent, thereby increasing productivity significantly. The platform's ability to monitor Docker containers directly has also been beneficial for us.

The most valuable features of Splunk Enterprise Platform include its performance, ease of implementation, and user interface, which are superior compared to other on-premises products.

Pricing is an area that needs improvement, as it is considered high. Additionally, the addition of AI capabilities would be beneficial for analyzing IP activity patterns and providing alerts. During the integration with Docker, we noticed that Splunk only shows container IDs and not their names, which is a drawback.

I have used Splunk Enterprise Platform for one to two years for the projects I have mentioned.

Splunk Enterprise Platform is a stable solution, and I would rate its stability as nine out of ten.

Splunk Enterprise Platform is scalable, though the implementation can be challenging. I would rate scalability as eight out of ten.

We have not opted for paid support but have utilized community support, which is good but could benefit from more contributions. I rate the support a seven out of ten.

Neutral

We have tried multiple products before, but they were difficult to implement. Splunk Enterprise Platform is much easier to implement and execute quickly, which is why we chose it.

The initial setup was not considered easy and required learning and implementation by ourselves. It was an average difficulty process, not too difficult but not very easy either.

The deployment and implementation were done by myself and one of my teammates, totaling two people involved in the process.

Monetary ROI was not directly measured, but using Splunk Enterprise Platform has reduced time spent on troubleshooting, therefore enhancing productivity.

I would rate the pricing around three out of ten, considering the tool's cost. We haven't used any extra features, so I'm not sure about additional offerings.

We evaluated several other products, but they were found difficult to implement. Splunk was the easier solution.

I highly recommend Splunk Enterprise Platform for organizations with large volumes of logs and multiple servers, as it provides good ROI for big companies. However, due to its cost, it may not be suitable for small organizations.

We use the solution to monitor, alert, report, and analyze.

In identity and asset management, Splunk will detect any vulnerabilities , or if any upgrade patching is improperly done, it will send an alert to the specific admin team, indicating the need to patch their servers.

The feature of Splunk Enterprise Platform is its comprehensive capabilities, consolidating various functionalities into a single tool. It excels in searching, reporting, and learning. Additionally, it offers automation and integration features for generating reports at specified business times. One prominent feature widely utilized by companies is enterprise security, crucial for cybersecurity purposes.

The solution could enhance automation capabilities. Currently, the process involves daily manual checks for potential issues, maintenance tasks, and planning for automation. Rather than relying solely on daily activities, there's a need to implement automation solutions for streamlined operations.

The main issue with the Splunk Enterprise Platform is its licensing cost, which can be high for small companies. Many businesses are migrating from Splunk to alternative tools. If Splunk were to lower its licensing fees or offer discounts, it would likely retain more customers.

I have been using Splunk Enterprise Platform for seven years. We are using 9.0.1.2 of the solution.

The solution is stable. There is no impact. I can rate it a nine out of ten.

When increasing your volume of data, high availability is crucial. With Splunk's robust clustering and enrollment features, data availability remains constant. If one site experiences downtime, the other will seamlessly take over, ensuring continuous data availability without any loss or impact. 

10,000 users are using this solution.

As part of our operations focus, we often encounter numerous ticketed issues. Our team is dedicated to addressing these concerns and ensuring the best possible service for our customers.

Positive

Deployment typically takes just a fraction of an hour or two hours. Implementation can be completed within a single day, often within 24 hours.

Splunk Enterprise Platform allows customized data processing, making it highly versatile and easy to maintain. It seamlessly handles tasks like data masking and filtering, ensuring efficient data management.

When it comes to the visualization on the dashboard within the Splunk Enterprise Platform, we do have the chart available, and all its features are included. Additionally, if you require customization for a new customer's preferences, we can implement it using HTML or XML code. The primary approach for developing dashboards is based on XML. Therefore, if you need specific features like radio buttons or checkboxes, they are readily available for inclusion in the dashboards.

I recommend the solution.

Overall, I rate the solution a nine out of ten.

We use the product for real-time monitoring purposes.

The product's most valuable feature is the ability to explain the values and provide insights into transactions. It allows us to understand successful and failed transactions with a graphical representation easily.

Areas for improvement include enhancing dashboards, reports, alerts, and the monitoring console. With the monitoring console, users can track server performance metrics such as data ingestion, server uptime, CPU, and memory utilization. Integrations with third-party apps can provide comprehensive server monitoring capabilities. However, setting up such integrations may require significant time and effort, as experienced in the mentioned case took nearly 20 days to complete.

We have been using Splunk Enterprise Platform for four years now.

I rate the platform's stability an eight out of ten.

The product is highly scalable.

The complexity of the initial setup largely depends on the level of experience. I find it straightforward due to my proficiency in establishing connectivity, creating DNS, and performing installation configuration. I rate the process a nine and a half out of ten.

The time required for deployment varies depending on the process in place. If changes need to be made within a specific window, such as raising an instance, the window period opens only for a set duration. Deployment in such cases involves raising a change request and obtaining approval, which can take up to seven days. However, from a technical perspective, initial deployment typically takes up to one or two hours. Yet, procedural requirements, like awaiting change request approval, may prolong the process, necessitating additional days of waiting before deployment can proceed.

The product is expensive, and the cost depends on the amount of data ingestion.

When clients request specific data for a particular period, we retrieve the relevant information from our servers and generate statistics. Later, we create reports, alerts, and dashboards based on the requested data. This process involves fetching the necessary data attributes, such as service names, and displaying their corresponding values in the generated reports, alerts, and dashboards.

The platform's alerting capabilities enable the automation of alerts based on predefined conditions. When specific results exceed predefined thresholds, alerts are triggered automatically. For example, if a value exceeds a specified threshold, an email alert is generated and sent to the relevant stakeholders, prompting them to take appropriate action. This automated alerting mechanism enhances operational efficiency by promptly notifying stakeholders of critical events, allowing them to respond swiftly and effectively to potential issues or deviations from expected outcomes.

I recommend Splunk to other people. It's a very good tool, offering many features that surpass other tools like Kaspersky. Its comprehensive monitoring capabilities and insightful analytics make it a valuable user asset.

I rate it a ten out of ten.

Splunk Enterprise Platform is useful as a tool for its SIEM and SOAR functionalities.

The most valuable features of the solution stem from the fact that it provides local support to users in Indonesia. The features that Splunk Enterprise Platform provides to users are the same as the ones provided by ArcSight, so I cannot compare both products.

The solution has certain shortcomings when it comes to APIs, making it in an area where improvements are required.

Integration is an area that can be considered as one of the challenges we face with the solution in our company. From an improvement perspective, the solution should make the integration of the product with other tools in the market possible.

I have been using Splunk Enterprise Platform for almost three years.

It is a stable solution. The product stays stable from the development stage to the production environment. Stability-wise, I rate the solution an eight out of ten.

It is a scalable solution.

Around 1,400 employees in our company use the solution.

My company does plan to increase the use of the solution.

I have experience with ArcSight.

The product's initial setup phase was very complex.

During the product's first time deployment, the product is dispatched to the user for assessment, after which a user can deploy it and take care of the areas from implementation to production.

The solution is deployed on a hybrid cloud.

The solution can be deployed in three to five months.

Around seven people are required to manage the deployment and maintenance of the product.

The deployment can be carried out with the help of our company's in-house team.

There are yearly payments to be made towards the licensing costs attached to the solution.

I can recommend the product after considering the needs and budget of the customers, as well as the company's size.

I rate the overall tool an eight out of ten.

We use Splunk Enterprise Platform as a Security Incident and Event Management (SIEM) tool.

The most valuable feature of Splunk Enterprise Platform is that it's a customizable solution.

Splunk Enterprise Platform needs a bit of tuning, and it would be beneficial if it came with some prebuilt use cases.

Splunk Enterprise Platform should include more integrations with other security tools.

I have been using Splunk Enterprise Platform for six years.

I rate Splunk Enterprise Platform a nine out of ten for stability.

I rate Splunk Enterprise Platform an eight to nine out of ten for scalability.

The technical support team's initial response is too late.

I rate the solution's technical support a five or six out of ten.

Neutral

The solution's initial setup is average and a little bit tricky. On a scale from one to ten, where one is difficult, and ten is easy, I rate Splunk Enterprise Platform a three out of ten for the ease of its initial setup.

Splunk Enterprise Platform was deployed in a month in our organization.

Splunk Enterprise Platform is an expensive solution.

On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a nine out of ten.

I am working with the latest version of Splunk Enterprise Platform. Splunk Enterprise Platform is deployed on-cloud in our organization.

I recommend that users not expect value from Splunk Enterprise Platform immediately. It might take time to set it up and get any value out of it.

Overall, I rate Splunk Enterprise Platform a nine out of ten.