Splunk Enterprise Security Reviews

Name: Splunk Enterprise Security
Brand: Splunk
Rating: 4.2 (308 reviews)

Vendor: Splunk

4.2 out of 5

308 reviews
93% willing to recommend

8,962 followers

Start review

What is Splunk Enterprise Security?

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Get the Splunk Enterprise Security Buyer's Guide and find out what your peers are saying about Splunk Enterprise Security, CrowdStrike Falcon, Wazuh and more!

Splunk Enterprise Security is the #1 ranked solution in top Security Information and Event Management (SIEM) solutions, #1 ranked solution in top IT Operations Analytics solutions, and #2 ranked solution in Log Management Software. PeerSpot users give Splunk Enterprise Security an average rating of 8.4 out of 10. Splunk Enterprise Security is most commonly compared to CrowdStrike Falcon: Splunk Enterprise Security vs CrowdStrike Falcon. Splunk Enterprise Security is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 15% of all views.

Buyer's Guide

Splunk Enterprise Security

April 2025

Get the report

Helped 851,371 peers since 2012

Featured Splunk Enterprise Security reviews

ROBERT-CHRISTIAN

CTO at kyndryl

In our organization, we use our own tools such as Kyndryl Bridge and Elastic. We use Kyndryl Bridge which essentially has a similar function. It is based on Elastic. It indexes log files and flags log files. It helps you to very quickly search log files similar to the Splunk algorithm. Our clients use Splunk Enterprise Security. If somebody already has Splunk as a business intelligence tool, then very often, it makes sense to expand the Splunk subscription they have to include Enterprise Security as well. We base our decisions on customer requirements, not on anything else. If a customer comes to us looking for a SIEM solution, we advise them based on their infrastructure and objectives. If we deliver the service for them and they want us to do that, we mostly go with Microsoft Sentinel when they already do not have Splunk. Otherwise, we go with Splunk Enterprise Security. We have about 30 customers in Germany who have Splunk, and we run it for them. Monitoring multiple clouds with Splunk Enterprise Security is no more difficult than it is with Sentinel. I find Sentinel a bit easier. Splunk, of course, is very useful if you have AWS. Generically, because Splunk is not a cloud provider itself, it fits with anything. However, integration can be challenging at times, especially in virtualized environments. Splunk struggles a bit with speed in virtualized environments. Most importantly, Splunk can be outrageously expensive. That is the problem with both Splunk and Sentinel. Their pricing literally explodes based on the amount of data you feed in. I like Elastic SIEM. It is a tool that allows you to determine the price. It is based on the computing power you require and not on the amount of data you put in, so it is a lot more flexible than Splunk or Sentinel. If there is a cost concern, Elastic SIEM is a good idea. Elastic is also pretty good at creating on-premises data lakes to control the amount of information you put into the same tool. That is something that neither Splunk nor Sentinel offers. In our operations, we use a separate threat intelligence vendor. To the SIEM tool, we added a SOAR tool for security orchestration, automation, and response, which is very critical these days. We get threat intelligence from a third-party provider because neither Splunk nor Microsoft gives the coverage that our customers need. Splunk does not have a SOAR capability, so we add that on top. We could add that on top of any tool, so it is not specific to Splunk, but Splunk helps because going through the log files is very fast. It does help when you do the incident analysis. Elastic also provides that, and Sentinel has that to some degree, but Splunk is still the Google for log files. MITRE ATT&CK framework is integrated pretty much into any SIEM tool. It is not unique to Splunk. It is there in QRadar and other solutions. MITRE ATT&CK framework is helpful when designing incident response plans or playbooks. It is nice that they have it, but that is nothing unique to Splunk.

Read full review

Hamada Elewa

System Engineer - Security Presales at Raya Integration

Splunk has a vast integration with multiple vendors, which makes it easy for our customers to integrate various cloud environments. Splunk provides complete visibility when integrated with all installed appliances and applications. The threat intelligence management feature is a good add-on for startups, especially given its affordability. Splunk allows organizations to ingest and normalize data effectively. Splunk simplifies real-time problem identification and resolution by seamlessly integrating existing customer and vendor systems. Its customizable dashboards can be tailored to map and reflect specific environmental needs precisely. The threat topology and MITRE ATT&CK framework features can help discover the full scope of a security incident, provided they are fully integrated into the customer's environment. Splunk's comprehensive log visibility enables efficient investigation of malicious activities and breaches. By generating a dashboard that collects logs from firewalls, emails, proxy endpoints, and threat intelligence, Splunk can provide access to critical information within seconds, significantly reducing investigation time compared to other vendors or solutions. This streamlined process, facilitated by Splunk's ability to gather and analyze diverse log data, ensures swift identification and resolution of security incidents. It helps our customers improve their organization's business resilience. The unified platform helps consolidate networking infrastructure and security. This single-platform approach offers the advantage of combining multiple technologies and features, streamlining operations and enhancing efficiency. Implementing Splunk with SOAR capabilities, along with machine learning and AI for alert filtering, can significantly reduce alert volume without constantly interrupting administrators. This streamlined approach ensures that only alerts requiring approval are sent to administrators, optimizing their workflow and efficiency. The analysts using Splunk, even the free edition, are very satisfied with the information it provides for their investigations. Splunk has helped customers accelerate their security investigations by integrating AI and machine learning into its platform. This integration automates many basic tasks and saves valuable time. Splunk helps reduce our customer's mean time to resolve.

Read full review

GautamKar

Staff Performance Engineer at ServiceNow

It is our go-to tool for monitoring multiple cloud environments. The difficult part initially is to understand how the logging is happening for particular applications or instances. Once you have an understanding of what you want to see and how they are getting generated, you can just write queries, and you can create exhaustive dashboards for anybody to look at and understand how things are. Splunk Enterprise Security is good for analyzing malicious activities and detecting breaches. Its threat detection capabilities are good. We can look at the exact activity and task. We can look at a trace and understand what is happening. It gives a very granular understanding. I see emails from the security team mentioning what they have identified, so it seems to be helpful for threat detection. Based on the org mail that we received, they were able to block almost 95% of threats in real time. That is a pretty good number. Splunk Enterprise Security helps to reduce alert volume because you can understand patterns, such as where your requests are going and how everything is happening. There has been a 40% to 50% reduction. Splunk Enterprise Security has helped speed up our security investigations by 40% to 50%. It has helped the security team to get a head start and understand where the issue is originating and where the problem is. We are operating in a very dynamic environment, so any time lost costs the company money.

Read full review

Splunk Enterprise Security mindshare

Product category:

As of May 2025, the mindshare of Splunk Enterprise Security in the Security Information and Event Management (SIEM) category stands at 9.5%, down from 12.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

PeerResearch reports based on Splunk Enterprise Security reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	May 16, 2025	Download
Product	Reviews, tips, and advice from real users	May 16, 2025	Download
Comparison	Splunk Enterprise Security vs Wazuh	May 16, 2025	Download
Comparison	Splunk Enterprise Security vs Microsoft Sentinel	May 16, 2025	Download
Comparison	Splunk Enterprise Security vs IBM Security QRadar	May 16, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.7%	96%	127 interviews Add to research
Wazuh	3.7	13.9%	79%	46 interviews Add to research

Valuable Features

Splunk Enterprise Security offers robust data collection, flexible search language, and seamless integration. Its rapid search capabilities, customizable dashboards, and strong threat detection enhance security operations. Users highlight its easy data ingestion, powerful log management, and risk-based alerting. It excels in providing visibility across ecosystems, supports diverse data sources, and helps reduce false positives and alert volumes. The search language and dashboards simplify data analysis and visualization. Its cloud compatibility and integration with third-party apps are valued features.

"The stability of Splunk Enterprise Security is very impressive; it is a very stable product."
"Splunk Enterprise Security is amazing."
"The community marketplace is useful; often, you do not need to rely on Splunk Enterprise Security support due to the wealth of online documentation available—Splunk docs are truly beneficial."

Room for Improvement

Splunk Enterprise Security faces challenges with high pricing, steep learning curve, and complex initial setup. Key issues include limited default threat intelligence, complicated clustering and search functionalities, and performance lags with large data. The platform’s integration with third-party tools needs improvement alongside enhanced AI and machine learning capabilities. User experience with the interface and dashboards could be more intuitive, and the documentation needs to be clearer. Additionally, the system’s high resource demands require better optimization.

"Splunk Enterprise Security can be improved mainly from the user interface regarding the visualizations."
"The default threat intel feeds create many false positives and noise, which is counterproductive."
"One area Splunk Enterprise Security fails to improve is the pricing aspect; while the initial pricing seems fine, the licensing cost can skyrocket over time, creating trauma for organizations."

ROI

Users report significant returns from Splunk Enterprise Security, highlighting time savings and improved visibility across operations. Reliability boosts integration and error resolution efficiency, reducing resource needs and enhancing security measures. Large datasets handled efficiently lead to operational growth and cost savings. Faster troubleshooting results in proactive issue management. Automations have notably reduced personnel requirements, leading to financial efficiencies. Organizations gain valuable insights, supporting profitable decision-making. Overall, feedback consistently emphasizes substantial returns from its use.

Pricing

Splunk Enterprise Security is generally perceived as an expensive solution, with pricing based on data volume usage. Customers report that while it offers ample features and capabilities, the licensing cost can be prohibitive, particularly for smaller enterprises. Some users find value in its advanced functionalities, though they express the need for a more flexible, predictable pricing model. Despite its higher cost compared to competitors, many users appreciate its comprehensive security and data analytics features, recommending it for larger organizations with substantial data needs.

"The pricing could be made more competitive."
"Splunk is priced higher than other solutions."
"The pricing is based on the volume of data fed into it, which can lead to substantial costs. This pricing model is complex and unpredictable, making cost management difficult."

Popular Use Cases

Primarily used for security monitoring, Splunk Enterprise Security enables handling large datasets across organizations. Users utilize it for log analytics, creating dashboards, and threat detection. Common applications include SIEM, monitoring infrastructure, incident response, and compliance. Many employ it for data aggregation, securing networks, insider threat detection, and maintaining cyber hygiene. It facilitates proactive security measures, real-time alerting, user behavior analysis, and vulnerability management, aiding organizations in enhancing their cybersecurity posture.

Service and Support

Splunk Enterprise Security support is praised for having knowledgeable staff and a highly active community like Splunk Answers, which solves most issues. However, response times can vary, sometimes requiring multiple contacts to resolve issues. Expertise levels differ among support representatives. Some users find technical support quick and helpful, while others experience delays and less effective assistance without premium packages. The online resources and documentation generally receive positive feedback from users.

Deployment

Many found Splunk Enterprise Security's initial setup straightforward, though complexity varied with environment size and configuration requirements. Some perceived it as complex due to customization needs or lack of experience. Experienced users reported the process was smooth, yet highlighted the importance of skilled personnel for effective implementation. Maintenance and ongoing adjustments were commonly noted, with some teams requiring multiple personnel for support. Splunk Enterprise Security's cloud deployments were often perceived as easier compared to on-prem setups.

Scalability

Splunk Enterprise Security offers scalability suitable for both cloud and on-prem environments, allowing horizontal and vertical expansion. Users consistently find it reliable and efficient, with the cloud version enabling straightforward scalability. While some face challenges in on-prem deployments due to resource allocation, the system handles vast data volumes effectively. Organizations appreciate its ability to scale with their increasing demands, though they remain aware of the potential cost implications associated with increased usage.

Stability

Splunk Enterprise Security is considered highly stable by users. Instances of occasional bugs or issues are reported, primarily linked to resource constraints or specific user configurations. Releases are generally stable, though memory leaks and slow queries have been mentioned. Performance is robust, with slight slowdowns when dealing with extensive data. Regular updates and strong community support contribute to its reliability, though some suggest room for improvement in stability amidst large data volumes.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk Enterprise Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

15%

Computer Software Company

14%

Manufacturing Company

Government

University

Healthcare Company

Educational Organization

Insurance Company

Retailer

Comms Service Provider

Energy/Utilities Company

Real Estate/Law Firm

Non Profit

Media Company

Construction Company

Legal Firm

Outsourcing Company

Transportation Company

Wholesaler/Distributor

Hospitality Company

Performing Arts

Aerospace/Defense Firm

Pharma/Biotech Company

Consumer Goods Company

Recreational Facilities/Services Company

Logistics Company

Marketing Services Firm

Compare Splunk Enterprise Security with alternative products

Learn more about Splunk Enterprise Security

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Splunk Enterprise Security customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.