Splunk Enterprise Platform Reviews

We use Splunk for onboarding updates, dashboards, application monitoring, and insights.

We are using it for event management. We don't have that much exposure on the security side.

It is very easy to use logs and create dashboards. You can define extractions for specific exceptions. Splunk can extract historical data and process upcoming data in real-time. You can easily modify, update, or edit extraction rules as needed. Additionally, you can create custom knowledge objects at any time. The platform allows you to restrict user access based on permissions. Even regular users can create reports and dashboards for their workflows.

Splunk Enterprise Platform needs some improvement. For instance, the dashboard sizing and customization options could be enhanced. There seems to be a limitation in adjusting the size of individual panels within a dashboard. This can be frustrating when comparing data across different panels, as users are forced to scroll continuously. Additionally, while Splunk offers some new features like student dashboards, modifying these dashboards requires a level of JavaScript expertise that not all users possess. Providing more user-friendly options for customization, such as adjusting colors and fonts directly from the user interface, could greatly improve the user experience.

Moreover, for users transitioning from other monitoring tools like Dynatrace, the interface may feel less intuitive and more cumbersome. Offering more intuitive visualization options and simplifying the customization process could bridge this gap and make Splunk more accessible to a wider range of users.

I have been using Splunk Enterprise Platform for seven years. We are using V9.0.4.1 of the solution.

The product is stable. I rate the solution’s stability a nine out of ten.

I've encountered numerous issues and challenges, but I've managed to overcome them. I rely on the Splunk community to find solutions whenever I face difficulties. I want to fully engage with the platform and be active in its development, but sometimes, I struggle to find the right resources or support.

The initial setup is easy.

Splunk Enterprise Platform can seem a bit costly compared to their five-year plans. There's a need to provide options, such as offering a free license for up to ten GB of data or a limited-time test and development license at no cost. For instance, if a company purchases a one-year product license, it could receive additional test and development licenses for free, up to a certain data limit. While there would naturally be some restrictions, such as limitations on certain features or functionalities, offering these options could encourage more people to adopt Splunk for their needs. Many individuals and stakeholders hesitate due to Splunk's perceived high costs when considering the additional expenses for enterprise support, operational support, and device licenses. Introducing more flexible licensing options could alleviate these concerns and attract more users to the platform, benefiting both Splunk and its customers.

Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end.

Overall, I rate the solution a nine out of ten.

The solution is used for basically, to monitor various logs, so it is the application logs, some kind we are monitoring databases.

Splunk is providing, like, proactive monitoring using desserts and all. So these things have improved a lot. Like, in our done day to day activities and all. So whenever we are seeing any kind of alerts and also on that basis, we are going to create alert.

For monitoring security data is the most valuable feature. 

Currently, I think things are good only. There are certain things which is not which is there in the other platform like UAE, UBA is there. Like, Splunk is having another product itself. But the thing is, like, if that can be incorporated with the Splunk Enterprise three version. So it will be helpful for the users to explore more on that one.

I have been using Splunk Enterprise Platform for five years. 

The stability is a nine out of ten meaning the solution is highly stable. 

It is a scalable solution. Around thousand plus users are using the solution.

I have been using this Splunk only from my, like, a shorting of the career. During this period, I have been using AppDynamics and NetSync as well.

Normally so for trial version, it is easy. So it depends on how much data you are ingesting. So if you are going for the Flushing environment, so that setup Could be somewhat difficult, but, normally, it will be easy only.

I have seen a Return on Investment. 

Costing depends on, like, how much data you are investing. So that will increase your cost.

I will rate the overall solution a nine out of ten. 

My company uses Splunk Enterprise Platform for monitoring and user base filtering.

The most valuable feature of the solution is the analytics part. Integration with other applications is another valuable feature of Splunk Enterprise Platform.

Splunk Enterprise Platform is already a refined product, so I don't have any recommendations related to areas that need improvement.

The cost of Splunk Enterprise Platform is an area of concern where improvements can be made by bringing down the costs. Product-related, I don't have any feedback.

The support offered by Splunk Enterprise Platform has certain shortcomings that need improvement.

I have been using Splunk Enterprise Platform for a few weeks since it was recently deployed in my company. I use the solution's latest version. My company operates as a service provider of the solution.

The product's stability is good. Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

Around 5,000 people use the solution. Around 10 to 15 analysts use Splunk Enterprise Platform in my company.

The solution is used on a regular and daily basis in my company.

I am moderately satisfied with the solution's technical support. I rate the technical support an eight out of ten.

Positive

Splunk Enterprise Platform was easy to implement. I rate the product's implementation phase an eight out of ten, where one is difficult, and ten is easy.

The solution is deployed on an on-premises model.

The solution's deployment phase was carried out over a period of one or two months.

I rate the product's pricing a ten on a scale of one to ten, where one is cheap, and ten is expensive. It is a very pricey tool.

I would recommend the product to those who plan to use it, provided the pricing of the solution is brought down.

I rate the overall product an eight out of ten.

I use the platform to collect data and report to the clients that need reporting from Splunk. I work on gathering big data from all over my company and exporting it into proper reports.

What I find the most valuable about the platform is its DB Connect and its versatility in general. I also like its adaptability to any use case when it comes to collecting and analyzing data.

It is hard to say in what areas the platform could be improved since it's very versatile and applies to many use cases. It already has the functioning vetted into the core architecture of the product. In my opinion, there is no need for additional features because it already has many, and I haven't used them all.

I've been using Splunk Enterprise Platform for two and a half years. I am a Splunk software architect and Splunk is the only platform I use.

It's a very stable platform. A ten out of ten.

The scalability of Splunk is ten out of ten. It's one of the best platforms on the market. Approximately 1,000-2,000 people use the platform at our company, but only two people are needed to maintain it and I'm one of them. Everything is automated and it is very easy to manage 2,000 users on my own.

I would compare Splunk Phantom with RSA NetWitness and Elasticsearch. All three solutions give the same output but in a different way. They analyze data in different ways. Each product has its scalability, versatility, and appliances in the current business needs of the company that uses it.

The initial setup is very easy. At our company, we deployed Splunk ourselves because we are a team of Splunk architects and we have done it before.

The platform is too expensive for small businesses. If you choose the free plan, it only has 15 GB of data per day, and it may not be enough to run a small business. You need to pay a subscription based on data ingestion, and that's very expensive. Splunk should focus more on delivering something for small businesses and entrepreneurs. I give the pricing a three or four out of ten. Although the product is pricey, it's truly magnificent.

Overall, I give Splunk a nine out of ten and not a solid ten just because there are new updates every day and we don't know exactly what we need to search for since it's not that viewable. 

We used the product for cloud-based monitoring or systems monitoring. 

The key difference I noticed for my use case, which involved understanding user behaviors and responses to digital elements, was that I could obtain more detailed reporting than what was possible with Amplitude. I could download a file with very specific information, which was helpful.

I did not use it for real-time monitoring. My focus was on investigating incident reports to understand the extent of user impact. Primarily, I utilized the Splunk Enterprise Platform to analyze user behavior.

I found the incident notification to be very helpful. While Splunk Enterprise Platform provided detailed data, it didn't seem to check as many boxes for user behavior as Amplitude did. At the same time, I'm not sure if Amplitude offers features for monitoring or incident coverage.

Its ability to access granular details in Excel was beneficial. It's always helpful to transition from visualizations to detailed user reports. 

The tool lacked in providing a shareable format. I had to use pivot tables and manually parse and edit the data to create a visualization-friendly format. It was helpful when we had an issue. What would make it stronger is if it were more proactive. For example, if it highlighted major incidents and their impact on users without digging through notifications, that would be better. Typically, the first question we get is, "Oh, we had an incident. How bad was it? How many customers were impacted?" So having that information pop up from the notification would be helpful.

Splunk Enterprise Platform is stable. 

I saw no issues or reasons to think that the product wouldn't scale over time. Our data is growing. 

I haven't contacted the tool's support. 

I rate the overall product a seven out of ten.

I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.

We use Splunk Enterprise for data visualization.

We use Splunk administration rather than Splunk development.

We provide support to users so they can access our Splunk application and use it however they want. For example, if they are not able to view some of the logs that are coming from their servers in our Splunk, then we usually check all the logs here that have been missed and forward the ones that were not forwarded. 

Also, sometimes they use their access to install some apps. We have Splunk apps and they want us to create an app for their usage. We also need to create these apps in the Splunk application. Sometimes they aren't able to download or upload files into Splunk or other websites. They aren't able to download these reports as PDF files. We usually work on this and try to resolve it as quickly as possible.

We use Splunk for cyber security. We have a lot of teams who use Splunk for different purposes. The security team uses it to authorize log-ins, so in case something happens, Splunk monitors it. Also, the development team uses it to monitor data while they're creating a new application.

In the enterprise platform, all of the clusters and indexes are under our maintenance. If required, we can make changes and see the logs manually by getting into the servers.

Things have to be managed manually in Splunk Enterprise, which is not the case in Splunk Cloud, where the client could manage it on their own.

It would be useful if Splunk Enterprise Platform could monitor the application URL, to check whether it's responsive or not.

I've been using it for a year and a half.

It is completely stable and the infrastructure is good. We have no issues with our Splunk Enterprise Platform.

We contact technical support whenever there's an issue with logs and they work through it with us.

Positive

We use both Splunk Cloud and Splunk Enterprise. We might opt for Splunk Cloud in the future since it's less expensive, but we are currently using both.

The deployment takes about a day. I would say that the initial setup is quite a complex thing to do because there are a lot of things that have to be done for clustering all the features and indexing and then forwarding data to the indexes. When it comes to applications, we have to replicate the data. The process takes time. Once everything is done, we still need to monitor the infrastructure constantly.

It is easy to maintain if you are familiar with the deployment model.

I have hands-on experience with AWS, Linux, Ansible, and Terraform and with programs like Python, Java, and SQL as well. I also use tools like Catchpoint, Nagios, and Grafana.

I would suggest using Splunk Cloud first, and then Splunk Enterprise because the maintenance and the infrastructure management are easy. I would rate it an eight out of ten.

Splunk Enterprise Platform is a basic monitoring tool used for application performance monitoring, database monitoring, and infrastructure monitoring. Currently, I use the solution for application monitoring and security monitoring. I use the tool to monitor security breaches or suspicious activities.

The solution is very good for monitoring compared to other tools. It provides an accurate solution. We used to get a free trial of around 60 days to test and get a good experience on Splunk.

The solution's license cost is high and can be improved. There are some limitations on data onboarding if you have huge data.

I have been using Splunk Enterprise Platform for three to four years.

Compared to other monitoring tools, Splunk Enterprise Platform provides good stability.

I haven’t faced any issues with the solution’s scalability.

Splunk ITSI is very good for support, which includes getting an incident number and working on it.

We need to integrate Splunk Enterprise Platform with other tools, which provide some security events. After integrating, you get the logs from that application's API. Once you get those logs, we will create a code per the business requirements and create an alert, report, or dashboard, whichever is needed.

Splunk Enterprise Platform works based on apps installed in Splunk. For example, if you want SQL data to get into Splunk, you need to install an SQL database plugin on the Splunk server. That plugin will capture the logs related to an SQL database with Splunk. After that, we write a query, pull out the data we need, and provide knowledge objects.

Visualization is very good in Splunk Enterprise Platform. The solution has good visualization elements like bar graphs, pie charts, line graphs, single visualizations, and maps. I would recommend the solution to other users.

Splunk Enterprise Platform is a very good tool for monitoring your day-to-day activity logs. This will eventually help you create reports or dashboards to monitor the business's progress.

Overall, I rate the solution seven and a half or eight out of ten.

Our use case for Splunk Enterprise Platform involved deploying the solution for a client requirement, focusing on their data monitoring and management needs.

Splunk Enterprise Platform has significantly improved operational efficiency by making it easier to monitor infrastructure, detect errors, and read logs. It has reduced troubleshooting efforts from one hundred percent to about twenty percent, thereby increasing productivity significantly. The platform's ability to monitor Docker containers directly has also been beneficial for us.

The most valuable features of Splunk Enterprise Platform include its performance, ease of implementation, and user interface, which are superior compared to other on-premises products.

Pricing is an area that needs improvement, as it is considered high. Additionally, the addition of AI capabilities would be beneficial for analyzing IP activity patterns and providing alerts. During the integration with Docker, we noticed that Splunk only shows container IDs and not their names, which is a drawback.

I have used Splunk Enterprise Platform for one to two years for the projects I have mentioned.

Splunk Enterprise Platform is a stable solution, and I would rate its stability as nine out of ten.

Splunk Enterprise Platform is scalable, though the implementation can be challenging. I would rate scalability as eight out of ten.

We have not opted for paid support but have utilized community support, which is good but could benefit from more contributions. I rate the support a seven out of ten.

Neutral

We have tried multiple products before, but they were difficult to implement. Splunk Enterprise Platform is much easier to implement and execute quickly, which is why we chose it.

The initial setup was not considered easy and required learning and implementation by ourselves. It was an average difficulty process, not too difficult but not very easy either.

The deployment and implementation were done by myself and one of my teammates, totaling two people involved in the process.

Monetary ROI was not directly measured, but using Splunk Enterprise Platform has reduced time spent on troubleshooting, therefore enhancing productivity.

I would rate the pricing around three out of ten, considering the tool's cost. We haven't used any extra features, so I'm not sure about additional offerings.

We evaluated several other products, but they were found difficult to implement. Splunk was the easier solution.

I highly recommend Splunk Enterprise Platform for organizations with large volumes of logs and multiple servers, as it provides good ROI for big companies. However, due to its cost, it may not be suitable for small organizations.